Vous êtes sur la page 1sur 1028

Table of Contents

Tab 1. Focus Area Foundational Elements Tab A. B. Topics Federal Sentencing Guidelines Securities and Exchange Commission (SEC) Requirements Regarding Ethics and Compliance Program Structure Roles, Reporting and Relationships with the Board, its Committees and Senior Management; Potential Conflicts Faced by the CECO with other Senior Leaders Program Structure Relationships with Peers (Accountants, Auditors, Legal and Risk Officers) What is the Role of The Office What is the Day to Day Work of a CECO; How Do You Operationalize Ethics and Compliance? The ROI of Ethics and Compliance: Morgan Stanley & Other Examples Applicable Laws (Materials to be distributed during meeting) What An Effective Program Looks Like; Dont Just Do Compliance Demonstrable Impact of Ethical Culture on Business Outcomes Tone at the Top and Tone in the Middle Enlisting Managers to Create Tone in the Middle; Challenges and Case Studies Speaking Up and Encouraging Dialogue Incorporating Values-Based Concepts into Annual Reviews/Performance Management Driving Metrics Approved by Board and Senior Management to Produce Desired Major Changes in Employee Behavior Connecting the Companys Mission, Purpose and Values to a Roadmap that Drives the Business Forward The Role and Special Responsibilities of Leaders in Elevating Behaviors How to Promote a Deeper, Shared Understanding of Allstates Mission and How it is Expressed, Interpreted and Made Resonant for Each Employee (including making clear what Allstate stands for, and against) Connecting Culture Assessment with Evaluation of the Effectiveness of the E&C Program 2011-2012 Ethics & Compliance Leadership Survey Report Ethics & Compliance Alliance Risk Forecast Report 2013

C. April 11th The What

D.

E.

F. G. 2. 3. Doing Business in India Creating a Program that Achieves Compliance and Advances the Business through Mission and Values-Driven Behaviors A. B. C.

D. E. 4. April 12th The HOW Mission, Values and the Role of Culture A.

B.

C. D.

E.

5.

LRN Reports

A. B.

Ch. 8

GUIDELINES MANUAL

November 1, 2012

CHAPTER EIGHT - SENTENCING OF ORGANIZATIONS


Introductory Commentary The guidelines and policy statements in this chapter apply when the convicted defendant is an organization. Organizations can act only through agents and, under federal criminal law, generally are vicariously liable for offenses committed by their agents. At the same time, individual agents are responsible for their own criminal conduct. Federal prosecutions of organizations therefore frequently involve individual and organizational co-defendants. Convicted individual agents of organizations are sentenced in accordance with the guidelines and policy statements in the preceding chapters. This chapter is designed so that the sanctions imposed upon organizations and their agents, taken together, will provide just punishment, adequate deterrence, and incentives for organizations to maintain internal mechanisms for preventing, detecting, and reporting criminal conduct. This chapter reflects the following general principles: First, the court must, whenever practicable, order the organization to remedy any harm caused by the offense. The resources expended to remedy the harm should not be viewed as punishment, but rather as a means of making victims whole for the harm caused. Second, if the organization operated primarily for a criminal purpose or primarily by criminal means, the fine should be set sufficiently high to divest the organization of all its assets. Third, the fine range for any other organization should be based on the seriousness of the offense and the culpability of the organization. The seriousness of the offense generally will be reflected by the greatest of the pecuniary gain, the pecuniary loss, or the amount in a guideline offense level fine table. Culpability generally will be determined by six factors that the sentencing court must consider. The four factors that increase the ultimate punishment of an organization are: (i) the involvement in or tolerance of criminal activity; (ii) the prior history of the organization; (iii) the violation of an order; and (iv) the obstruction of justice. The two factors that mitigate the ultimate punishment of an organization are: (i) the existence of an effective compliance and ethics program; and (ii) self-reporting, cooperation, or acceptance of responsibility. Fourth, probation is an appropriate sentence for an organizational defendant when needed to ensure that another sanction will be fully implemented, or to ensure that steps will be taken within the organization to reduce the likelihood of future criminal conduct. These guidelines offer incentives to organizations to reduce and ultimately eliminate criminal conduct by providing a structural foundation from which an organization may self-police its own conduct through an effective compliance and ethics program. The prevention and detection of criminal conduct, as facilitated by an effective compliance and ethics program, will assist an organization in encouraging ethical conduct and in complying fully with all applicable laws.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 2004 (see Appendix C, amendment 673).

488

November 1, 2012

GUIDELINES MANUAL

8A1.2

PART A - GENERAL APPLICATION PRINCIPLES

8A1.1.

Applicability of Chapter Eight This chapter applies to the sentencing of all organizations for felony and Class A misdemeanor offenses. Commentary

Application Notes: 1. "Organization" means "a person other than an individual." 18 U.S.C. 18. The term includes corporations, partnerships, associations, joint-stock companies, unions, trusts, pension funds, unincorporated organizations, governments and political subdivisions thereof, and non-profit organizations. The fine guidelines in 8C2.2 through 8C2.9 apply only to specified types of offenses. The other provisions of this chapter apply to the sentencing of all organizations for all felony and Class A misdemeanor offenses. For example, the restitution and probation provisions in Parts B and D of this chapter apply to the sentencing of an organization, even if the fine guidelines in 8C2.2 through 8C2.9 do not apply.

2.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8A1.2.

Application Instructions - Organizations (a) Determine from Part B, Subpart 1 (Remedying Harm from Criminal Conduct) the sentencing requirements and options relating to restitution, remedial orders, community service, and notice to victims. Determine from Part C (Fines) the sentencing requirements and options relating to fines: (1) If the organization operated primarily for a criminal purpose or primarily by criminal means, apply 8C1.1 (Determining the Fine - Criminal Purpose Organizations). Otherwise, apply 8C2.1 (Applicability of Fine Guidelines) to identify the counts for which the provisions of 8C2.2 through 8C2.9 apply. For such counts: (A) Refer to 8C2.2 (Preliminary Determination of Inability to Pay Fine) to determine whether an abbreviated determination of the guideline fine range may be warranted. (B) Apply 8C2.3 (Offense Level) to determine the offense level from Chapter Two (Offense Conduct) and Chapter Three, Part D (Multiple Counts). 489

(b)

(2)

8A1.2

GUIDELINES MANUAL

November 1, 2012

(C) Apply 8C2.4 (Base Fine) to determine the base fine. (D) Apply 8C2.5 (Culpability Score) to determine the culpability score. To determine whether the organization had an effective compliance and ethics program for purposes of 8C2.5(f), apply 8B2.1 (Effective Compliance and Ethics Program). (E) Apply 8C2.6 (Minimum and Maximum Multipliers) to determine the minimum and maximum multipliers corresponding to the culpability score. Apply 8C2.7 (Guideline Fine Range - Organizations) to determine the minimum and maximum of the guideline fine range.

(F)

(G) Refer to 8C2.8 (Determining the Fine Within the Range) to determine the amount of the fine within the applicable guideline range. (H) Apply 8C2.9 (Disgorgement) to determine whether an increase to the fine is required. For any count or counts not covered under 8C2.1 (Applicability of Fine Guidelines), apply 8C2.10 (Determining the Fine for Other Counts). (3) Apply the provisions relating to the implementation of the sentence of a fine in Part C, Subpart 3 (Implementing the Sentence of a Fine). For grounds for departure from the applicable guideline fine range, refer to Part C, Subpart 4 (Departures from the Guideline Fine Range).

(4)

(c)

Determine from Part D (Organizational Probation) the sentencing requirements and options relating to probation. Determine from Part E (Special Assessments, Forfeitures, and Costs) the sentencing requirements relating to special assessments, forfeitures, and costs.

(d)

Commentary Application Notes: 1. Determinations under this chapter are to be based upon the facts and information specified in the applicable guideline. Determinations that reference other chapters are to be made under the standards applicable to determinations under those chapters. The definitions in the Commentary to 1B1.1 (Application Instructions) and the guidelines and commentary in 1B1.2 through 1B1.8 apply to determinations under this chapter unless otherwise specified. The adjustments in Chapter Three, Parts A (Victim-Related Adjustments), B (Role in the Offense), C (Obstruction and Related Adjustments), and E (Acceptance of Responsibility) do not apply. The provisions of Chapter Six (Sentencing Procedures, Plea Agreements, and Crime Victims Rights) apply to proceedings in which the defendant is an organization. Guidelines and policy statements not referenced in this chapter, directly or 490

2.

November 1, 2012

GUIDELINES MANUAL

8A1.2

indirectly, do not apply when the defendant is an organization; e.g., the policy statements in Chapter Seven (Violations of Probation and Supervised Release) do not apply to organizations. 3. The following are definitions of terms used frequently in this chapter: (A) "Offense" means the offense of conviction and all relevant conduct under 1B1.3 (Relevant Conduct) unless a different meaning is specified or is otherwise clear from the context. The term "instant" is used in connection with "offense," "federal offense," or "offense of conviction," as the case may be, to distinguish the violation for which the defendant is being sentenced from a prior or subsequent offense, or from an offense before another court (e.g., an offense before a state court involving the same underlying conduct). "High-level personnel of the organization" means individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization. The term includes: a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest. "High-level personnel of a unit of the organization" is defined in the Commentary to 8C2.5 (Culpability Score).

(B)

(C) "Substantial authority personnel" means individuals who within the scope of their authority exercise a substantial measure of discretion in acting on behalf of an organization. The term includes high-level personnel of the organization, individuals who exercise substantial supervisory authority (e.g., a plant manager, a sales manager), and any other individuals who, although not a part of an organizations management, nevertheless exercise substantial discretion when acting within the scope of their authority (e.g., an individual with authority in an organization to negotiate or set price levels or an individual authorized to negotiate or approve significant contracts). Whether an individual falls within this category must be determined on a case-by-case basis. (D) "Agent" means any individual, including a director, an officer, an employee, or an independent contractor, authorized to act on behalf of the organization. (E) An individual "condoned" an offense if the individual knew of the offense and did not take reasonable steps to prevent or terminate the offense. "Similar misconduct" means prior conduct that is similar in nature to the conduct underlying the instant offense, without regard to whether or not such conduct violated the same statutory provision. For example, prior Medicare fraud would be misconduct similar to an instant offense involving another type of fraud.

(F)

(G) "Prior criminal adjudication" means conviction by trial, plea of guilty (including an Alford plea), or plea of nolo contendere. (H) "Pecuniary gain" is derived from 18 U.S.C. 3571(d) and means the additional beforetax profit to the defendant resulting from the relevant conduct of the offense. Gain can result from either additional revenue or cost savings. For example, an offense involving 491

8A1.2

GUIDELINES MANUAL

November 1, 2012

odometer tampering can produce additional revenue. In such a case, the pecuniary gain is the additional revenue received because the automobiles appeared to have less mileage, i.e., the difference between the price received or expected for the automobiles with the apparent mileage and the fair market value of the automobiles with the actual mileage. An offense involving defense procurement fraud related to defective product testing can produce pecuniary gain resulting from cost savings. In such a case, the pecuniary gain is the amount saved because the product was not tested in the required manner. (I) "Pecuniary loss" is derived from 18 U.S.C. 3571(d) and is equivalent to the term "loss" as used in Chapter Two (Offense Conduct). See Commentary to 2B1.1 (Theft, Property Destruction, and Fraud), and definitions of "tax loss" in Chapter Two, Part T (Offenses Involving Taxation). An individual was "willfully ignorant of the offense" if the individual did not investigate the possible occurrence of unlawful conduct despite knowledge of circumstances that would lead a reasonable person to investigate whether unlawful conduct had occurred.

(J)

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422); November 1, 1997 (see Appendix C, amendment 546); November 1, 2001 (see Appendix C, amendment 617); November 1, 2004 (see Appendix C, amendment 673); November 1, 2010 (see Appendix C, amendment 747); November 1, 2011 (see Appendix C, amendment 758).

492

November 1, 2012

GUIDELINES MANUAL

8B1.1

PART B - REMEDYING HARM FROM CRIMINAL CONDUCT, AND EFFECTIVE COMPLIANCE AND ETHICS PROGRAM
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 2004 (see Appendix C, amendment 673).

1.

REMEDYING HARM FROM CRIMINAL CONDUCT

Historical Note: Effective November 1, 2004 (see Appendix C, amendment 673).

Introductory Commentary As a general principle, the court should require that the organization take all appropriate steps to provide compensation to victims and otherwise remedy the harm caused or threatened by the offense. A restitution order or an order of probation requiring restitution can be used to compensate identifiable victims of the offense. A remedial order or an order of probation requiring community service can be used to reduce or eliminate the harm threatened, or to repair the harm caused by the offense, when that harm or threatened harm would otherwise not be remedied. An order of notice to victims can be used to notify unidentified victims of the offense.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8B1.1.

Restitution - Organizations (a) In the case of an identifiable victim, the court shall -(1) enter a restitution order for the full amount of the victims loss, if such order is authorized under 18 U.S.C. 2248, 2259, 2264, 2327, 3663, or 3663A; or impose a term of probation or supervised release with a condition requiring restitution for the full amount of the victims loss, if the offense is not an offense for which restitution is authorized under 18 U.S.C. 3663(a)(1) but otherwise meets the criteria for an order of restitution under that section.

(2)

(b)

Provided, that the provisions of subsection (a) do not apply -(1) (2) when full restitution has been made; or in the case of a restitution order under 3663; a restitution order under 18 U.S.C. 3663A that pertains to an offense against property described in 18 U.S.C. 3663A(c)(1)(A)(ii); or a condition of restitution imposed pursuant to subsection (a)(2) above, to the extent the court finds, from facts on the record, that (A) the number of identifiable victims is so large as to make restitution impracticable; or (B) determining complex issues of fact related to the cause or amount of the victims losses would complicate or 493

8B1.1

GUIDELINES MANUAL

November 1, 2012

prolong the sentencing process to a degree that the need to provide restitution to any victim is outweighed by the burden on the sentencing process. (c) If a defendant is ordered to make restitution to an identifiable victim and to pay a fine, the court shall order that any money paid by the defendant shall first be applied to satisfy the order of restitution. A restitution order may direct the defendant to make a single, lump sum payment, partial payments at specified intervals, in-kind payments, or a combination of payments at specified intervals and in-kind payments. See 18 U.S.C. 3664(f)(3)(A). An in-kind payment may be in the form of (1) return of property; (2) replacement of property; or (3) if the victim agrees, services rendered to the victim or to a person or organization other than the victim. See 18 U.S.C. 3664(f)(4). A restitution order may direct the defendant to make nominal periodic payments if the court finds from facts on the record that the economic circumstances of the defendant do not allow the payment of any amount of a restitution order, and do not allow for the payment of the full amount of a restitution order in the foreseeable future under any reasonable schedule of payments. Special Instruction (1) This guideline applies only to a defendant convicted of an offense committed on or after November 1, 1997. Notwithstanding the provisions of 1B1.11 (Use of Guidelines Manual in Effect on Date of Sentencing), use the former 8B1.1 (set forth in Appendix C, amendment 571) in lieu of this guideline in any other case.

(d)

(e)

(f)

Commentary Background: Section 3553(a)(7) of Title 18, United States Code, requires the court, "in determining the particular sentence to be imposed," to consider "the need to provide restitution to any victims of the offense." Orders of restitution are authorized under 18 U.S.C. 2248, 2259, 2264, 2327, 3663, and 3663A. For offenses for which an order of restitution is not authorized, restitution may be imposed as a condition of probation.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422); November 1, 1997 (see Appendix C, amendment 571).

8B1.2.

Remedial Orders - Organizations (Policy Statement) (a) To the extent not addressed under 8B1.1 (Restitution - Organizations), a remedial order imposed as a condition of probation may require the organization to remedy the harm caused by the offense and to eliminate or reduce the risk that the instant offense will cause future harm. If the magnitude of expected future harm can be reasonably estimated, the court 494

(b)

November 1, 2012

GUIDELINES MANUAL

8B1.4

may require the organization to create a trust fund sufficient to address that expected harm. Commentary Background: The purposes of a remedial order are to remedy harm that has already occurred and to prevent future harm. A remedial order requiring corrective action by the organization may be necessary to prevent future injury from the instant offense, e.g., a product recall for a food and drug violation or a clean-up order for an environmental violation. In some cases in which a remedial order potentially may be appropriate, a governmental regulatory agency, e.g., the Environmental Protection Agency or the Food and Drug Administration, may have authority to order remedial measures. In such cases, a remedial order by the court may not be necessary. If a remedial order is entered, it should be coordinated with any administrative or civil actions taken by the appropriate governmental regulatory agency.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8B1.3.

Community Service - Organizations (Policy Statement) Community service may be ordered as a condition of probation where such community service is reasonably designed to repair the harm caused by the offense.

Commentary Background: An organization can perform community service only by employing its resources or paying its employees or others to do so. Consequently, an order that an organization perform community service is essentially an indirect monetary sanction, and therefore generally less desirable than a direct monetary sanction. However, where the convicted organization possesses knowledge, facilities, or skills that uniquely qualify it to repair damage caused by the offense, community service directed at repairing damage may provide an efficient means of remedying harm caused. In the past, some forms of community service imposed on organizations have not been related to the purposes of sentencing. Requiring a defendant to endow a chair at a university or to contribute to a local charity would not be consistent with this section unless such community service provided a means for preventive or corrective action directly related to the offense and therefore served one of the purposes of sentencing set forth in 18 U.S.C. 3553(a).
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8B1.4.

Order of Notice to Victims - Organizations Apply 5F1.4 (Order of Notice to Victims).

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

495

8B2.1
2.

GUIDELINES MANUAL

November 1, 2012

EFFECTIVE COMPLIANCE AND ETHICS PROGRAM

Historical Note: Effective November 1, 2004 (see Appendix C, amendment 673).

8B2.1.

Effective Compliance and Ethics Program (a) To have an effective compliance and ethics program, for purposes of subsection (f) of 8C2.5 (Culpability Score) and subsection (b)(1) of 8D1.4 (Recommended Conditions of Probation - Organizations), an organization shall (1) (2) exercise due diligence to prevent and detect criminal conduct; and otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

Such compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct. (b) Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law within the meaning of subsection (a) minimally require the following: (1) The organization shall establish standards and procedures to prevent and detect criminal conduct. (A) The organizations governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program. (B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program. (C) Specific individual(s) within the organization shall be delegated day-today operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.

(2)

496

November 1, 2012

GUIDELINES MANUAL

8B2.1

(3)

The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program. (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subparagraph (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals respective roles and responsibilities. (B) The individuals referred to in subparagraph (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organizations employees, and, as appropriate, the organizations agents.

(4)

(5)

The organization shall take reasonable steps (A) to ensure that the organizations compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct; (B) to evaluate periodically the effectiveness of the organizations compliance and ethics program; and (C) to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organizations employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.

(6)

The organizations compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct. After criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organizations compliance and ethics program.

(7)

(c)

In implementing subsection (b), the organization shall periodically assess the risk of criminal conduct and shall take appropriate steps to design, implement, or modify each requirement set forth in subsection (b) to reduce the risk of criminal conduct identified through this process.

497

8B2.1

GUIDELINES MANUAL

November 1, 2012

Commentary Application Notes: 1. Definitions.For purposes of this guideline: "Compliance and ethics program" means a program designed to prevent and detect criminal conduct. "Governing authority" means the (A) the Board of Directors; or (B) if the organization does not have a Board of Directors, the highest-level governing body of the organization. "High-level personnel of the organization" and "substantial authority personnel" have the meaning given those terms in the Commentary to 8A1.2 (Application Instructions Organizations). "Standards and procedures" means standards of conduct and internal controls that are reasonably capable of reducing the likelihood of criminal conduct. 2. Factors to Consider in Meeting Requirements of this Guideline. (A) In General.Each of the requirements set forth in this guideline shall be met by an organization; however, in determining what specific actions are necessary to meet those requirements, factors that shall be considered include: (i) applicable industry practice or the standards called for by any applicable governmental regulation; (ii) the size of the organization; and (iii) similar misconduct. Applicable Governmental Regulation and Industry Practice.An organizations failure to incorporate and follow applicable industry practice or the standards called for by any applicable governmental regulation weighs against a finding of an effective compliance and ethics program.

(B)

(C) The Size of the Organization. (i) In General.The formality and scope of actions that an organization shall take to meet the requirements of this guideline, including the necessary features of the organizations standards and procedures, depend on the size of the organization. Large Organizations.A large organization generally shall devote more formal operations and greater resources in meeting the requirements of this guideline than shall a small organization. As appropriate, a large organization should encourage small organizations (especially those that have, or seek to have, a business relationship with the large organization) to implement effective compliance and ethics programs.

(ii)

(iii) Small Organizations.In meeting the requirements of this guideline, small organizations shall demonstrate the same degree of commitment to ethical conduct and compliance with the law as large organizations. However, a small organization may meet the requirements of this guideline with less formality and fewer resources than would be expected of large organizations. In appropriate 498

November 1, 2012

GUIDELINES MANUAL

8B2.1

circumstances, reliance on existing resources and simple systems can demonstrate a degree of commitment that, for a large organization, would only be demonstrated through more formally planned and implemented systems. Examples of the informality and use of fewer resources with which a small organization may meet the requirements of this guideline include the following: (I) the governing authoritys discharge of its responsibility for oversight of the compliance and ethics program by directly managing the organizations compliance and ethics efforts; (II) training employees through informal staff meetings, and monitoring through regular "walk-arounds" or continuous observation while managing the organization; (III) using available personnel, rather than employing separate staff, to carry out the compliance and ethics program; and (IV) modeling its own compliance and ethics program on existing, well-regarded compliance and ethics programs and best practices of other similar organizations. (D) Recurrence of Similar Misconduct.Recurrence of similar misconduct creates doubt regarding whether the organization took reasonable steps to meet the requirements of this guideline. For purposes of this subparagraph, "similar misconduct" has the meaning given that term in the Commentary to 8A1.2 (Application Instructions Organizations). 3. Application of Subsection (b)(2).High-level personnel and substantial authority personnel of the organization shall be knowledgeable about the content and operation of the compliance and ethics program, shall perform their assigned duties consistent with the exercise of due diligence, and shall promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law. If the specific individual(s) assigned overall responsibility for the compliance and ethics program does not have day-to-day operational responsibility for the program, then the individual(s) with day-to-day operational responsibility for the program typically should, no less than annually, give the governing authority or an appropriate subgroup thereof information on the implementation and effectiveness of the compliance and ethics program. 4. Application of Subsection (b)(3). (A) Consistency with Other Law.Nothing in subsection (b)(3) is intended to require conduct inconsistent with any Federal, State, or local law, including any law governing employment or hiring practices. Implementation.In implementing subsection (b)(3), the organization shall hire and promote individuals so as to ensure that all individuals within the high-level personnel and substantial authority personnel of the organization will perform their assigned duties in a manner consistent with the exercise of due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law under subsection (a). With respect to the hiring or promotion of such individuals, an organization shall consider the relatedness of the individuals illegal activities and other misconduct (i.e., other conduct inconsistent with an effective compliance and ethics program) to the specific responsibilities the individual is anticipated to be assigned and other factors such as: (i) the recency of the individuals 499

(B)

8B2.1

GUIDELINES MANUAL

November 1, 2012

illegal activities and other misconduct; and (ii) whether the individual has engaged in other such illegal activities and other such misconduct. 5. Application of Subsection (b)(6).Adequate discipline of individuals responsible for an offense is a necessary component of enforcement; however, the form of discipline that will be appropriate will be case specific. Application of Subsection (b)(7).Subsection (b)(7) has two aspects. First, the organization should respond appropriately to the criminal conduct. The organization should take reasonable steps, as warranted under the circumstances, to remedy the harm resulting from the criminal conduct. These steps may include, where appropriate, providing restitution to identifiable victims, as well as other forms of remediation. Other reasonable steps to respond appropriately to the criminal conduct may include self-reporting and cooperation with authorities. Second, the organization should act appropriately to prevent further similar criminal conduct, including assessing the compliance and ethics program and making modifications necessary to ensure the program is effective. The steps taken should be consistent with subsections (b)(5) and (c) and may include the use of an outside professional advisor to ensure adequate assessment and implementation of any modifications. 7. Application of Subsection (c).To meet the requirements of subsection (c), an organization shall: (A) Assess periodically the risk that criminal conduct will occur, including assessing the following: (i) (ii) The nature and seriousness of such criminal conduct. The likelihood that certain criminal conduct may occur because of the nature of the organizations business. If, because of the nature of an organizations business, there is a substantial risk that certain types of criminal conduct may occur, the organization shall take reasonable steps to prevent and detect that type of criminal conduct. For example, an organization that, due to the nature of its business, employs sales personnel who have flexibility to set prices shall establish standards and procedures designed to prevent and detect price-fixing. An organization that, due to the nature of its business, employs sales personnel who have flexibility to represent the material characteristics of a product shall establish standards and procedures designed to prevent and detect fraud.

6.

(iii) The prior history of the organization. The prior history of an organization may indicate types of criminal conduct that it shall take actions to prevent and detect. (B) Prioritize periodically, as appropriate, the actions taken pursuant to any requirement set forth in subsection (b), in order to focus on preventing and detecting the criminal conduct identified under subparagraph (A) of this note as most serious, and most likely, to occur.

(C) Modify, as appropriate, the actions taken pursuant to any requirement set forth in 500

November 1, 2012

GUIDELINES MANUAL

8B2.1

subsection (b) to reduce the risk of criminal conduct identified under subparagraph (A) of this note as most serious, and most likely, to occur. Background: This section sets forth the requirements for an effective compliance and ethics program. This section responds to section 805(a)(2)(5) of the Sarbanes-Oxley Act of 2002, Public Law 107204, which directed the Commission to review and amend, as appropriate, the guidelines and related policy statements to ensure that the guidelines that apply to organizations in this chapter "are sufficient to deter and punish organizational criminal misconduct." The requirements set forth in this guideline are intended to achieve reasonable prevention and detection of criminal conduct for which the organization would be vicariously liable. The prior diligence of an organization in seeking to prevent and detect criminal conduct has a direct bearing on the appropriate penalties and probation terms for the organization if it is convicted and sentenced for a criminal offense.
Historical Note: Effective November 1, 2004 (see Appendix C, amendment 673). Amended effective November 1, 2010 (see Appendix C, amendment 744); November 1, 2011 (see Appendix C, amendment 758).

501

8C1.1

GUIDELINES MANUAL

November 1, 2012

PART C - FINES

1.

DETERMINING THE FINE - CRIMINAL PURPOSE ORGANIZATIONS

8C1.1.

Determining the Fine - Criminal Purpose Organizations If, upon consideration of the nature and circumstances of the offense and the history and characteristics of the organization, the court determines that the organization operated primarily for a criminal purpose or primarily by criminal means, the fine shall be set at an amount (subject to the statutory maximum) sufficient to divest the organization of all its net assets. When this section applies, Subpart 2 (Determining the Fine - Other Organizations) and 8C3.4 (Fines Paid by Owners of Closely Held Organizations) do not apply. Commentary

Application Note: 1. "Net assets," as used in this section, means the assets remaining after payment of all legitimate claims against assets by known innocent bona fide creditors.

Background: This guideline addresses the case in which the court, based upon an examination of the nature and circumstances of the offense and the history and characteristics of the organization, determines that the organization was operated primarily for a criminal purpose (e.g., a front for a scheme that was designed to commit fraud; an organization established to participate in the illegal manufacture, importation, or distribution of a controlled substance) or operated primarily by criminal means (e.g., a hazardous waste disposal business that had no legitimate means of disposing of hazardous waste). In such a case, the fine shall be set at an amount sufficient to remove all of the organizations net assets. If the extent of the assets of the organization is unknown, the maximum fine authorized by statute should be imposed, absent innocent bona fide creditors.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

* * * * *

2.

DETERMINING THE FINE - OTHER ORGANIZATIONS

8C2.1.

Applicability of Fine Guidelines The provisions of 8C2.2 through 8C2.9 apply to each count for which the applicable guideline offense level is determined under: (a) 2B1.1, 2B1.4, 2B2.3, 2B4.1, 2B5.3, 2B6.1; 2C1.1, 2C1.2, 2C1.6; 2D1.7, 2D3.1, 2D3.2; 2E3.1, 2E4.1, 2E5.1, 2E5.3; 502

November 1, 2012

GUIDELINES MANUAL

8C2.2

2G3.1; 2K1.1, 2K2.1; 2L1.1; 2N3.1; 2R1.1; 2S1.1, 2S1.3; 2T1.1, 2T1.4, 2T1.6, 2T1.7, 2T1.8, 2T1.9, 2T2.1, 2T2.2, 2T3.1; or (b) 2E1.1, 2X1.1, 2X2.1, 2X3.1, 2X4.1, with respect to cases in which the offense level for the underlying offense is determined under one of the guideline sections listed in subsection (a) above.

Commentary Application Notes: 1. If the Chapter Two offense guideline for a count is listed in subsection (a) or (b) above, and the applicable guideline results in the determination of the offense level by use of one of the listed guidelines, apply the provisions of 8C2.2 through 8C2.9 to that count. For example, 8C2.2 through 8C2.9 apply to an offense under 2K2.1 (an offense guideline listed in subsection (a)), unless the cross reference in that guideline requires the offense level to be determined under an offense guideline section not listed in subsection (a). If the Chapter Two offense guideline for a count is not listed in subsection (a) or (b) above, but the applicable guideline results in the determination of the offense level by use of a listed guideline, apply the provisions of 8C2.2 through 8C2.9 to that count. For example, where the conduct set forth in a count of conviction ordinarily referenced to 2N2.1 (an offense guideline not listed in subsection (a)) establishes 2B1.1 (Theft, Property Destruction, and Fraud) as the applicable offense guideline (an offense guideline listed in subsection (a)), 8C2.2 through 8C2.9 would apply because the actual offense level is determined under 2B1.1 (Theft, Property Destruction, and Fraud).

2.

Background: The fine guidelines of this subpart apply only to offenses covered by the guideline sections set forth in subsection (a) above. For example, the provisions of 8C2.2 through 8C2.9 do not apply to counts for which the applicable guideline offense level is determined under Chapter Two, Part Q (Offenses Involving the Environment). For such cases, 8C2.10 (Determining the Fine for Other Counts) is applicable.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 1992 (see Appendix C, amendment 453); November 1, 1993 (see Appendix C, amendment 496); November 1, 2001 (see Appendix C, amendments 617, 619, and 634); November 1, 2005 (see Appendix C, amendment 679).

8C2.2.

Preliminary Determination of Inability to Pay Fine (a) Where it is readily ascertainable that the organization cannot and is not likely to become able (even on an installment schedule) to pay restitution required under 8B1.1 (Restitution - Organizations), a determination of the guideline fine range is unnecessary because, pursuant to 8C3.3(a), no fine would be imposed.

503

8C2.2
(b)

GUIDELINES MANUAL

November 1, 2012

Where it is readily ascertainable through a preliminary determination of the minimum of the guideline fine range (see 8C2.3 through 8C2.7) that the organization cannot and is not likely to become able (even on an installment schedule) to pay such minimum guideline fine, a further determination of the guideline fine range is unnecessary. Instead, the court may use the preliminary determination and impose the fine that would result from the application of 8C3.3 (Reduction of Fine Based on Inability to Pay).

Commentary Application Notes: 1. In a case of a determination under subsection (a), a statement that "the guideline fine range was not determined because it is readily ascertainable that the defendant cannot and is not likely to become able to pay restitution" is recommended. In a case of a determination under subsection (b), a statement that "no precise determination of the guideline fine range is required because it is readily ascertainable that the defendant cannot and is not likely to become able to pay the minimum of the guideline fine range" is recommended.

2.

Background: Many organizational defendants lack the ability to pay restitution. In addition, many organizational defendants who may be able to pay restitution lack the ability to pay the minimum fine called for by 8C2.7(a). In such cases, a complete determination of the guideline fine range may be a needless exercise. This section provides for an abbreviated determination of the guideline fine range that can be applied where it is readily ascertainable that the fine within the guideline fine range determined under 8C2.7 (Guideline Fine Range - Organizations) would be reduced under 8C3.3 (Reduction of Fine Based on Inability to Pay).
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C2.3.

Offense Level (a) For each count covered by 8C2.1 (Applicability of Fine Guidelines), use the applicable Chapter Two guideline to determine the base offense level and apply, in the order listed, any appropriate adjustments contained in that guideline. Where there is more than one such count, apply Chapter Three, Part D (Multiple Counts) to determine the combined offense level.

(b)

Commentary Application Notes: 1. In determining the offense level under this section, "defendant," as used in Chapter Two, includes any agent of the organization for whose conduct the organization is criminally responsible.

504

November 1, 2012

GUIDELINES MANUAL

8C2.4

2.

In determining the offense level under this section, apply the provisions of 1B1.2 through 1B1.8. Do not apply the adjustments in Chapter Three, Parts A (Victim-Related Adjustments), B (Role in the Offense), C (Obstruction and Related Adjustments), and E (Acceptance of Responsibility).

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 2011 (see Appendix C, amendment 758).

8C2.4.

Base Fine (a) The base fine is the greatest of: (1) the amount from the table in subsection (d) below corresponding to the offense level determined under 8C2.3 (Offense Level); or the pecuniary gain to the organization from the offense; or the pecuniary loss from the offense caused by the organization, to the extent the loss was caused intentionally, knowingly, or recklessly.

(2) (3)

(b)

Provided, that if the applicable offense guideline in Chapter Two includes a special instruction for organizational fines, that special instruction shall be applied, as appropriate. Provided, further, that to the extent the calculation of either pecuniary gain or pecuniary loss would unduly complicate or prolong the sentencing process, that amount, i.e., gain or loss as appropriate, shall not be used for the determination of the base fine. Offense Level Fine Table Offense Level 6 or less 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Amount $5,000 $7,500 $10,000 $15,000 $20,000 $30,000 $40,000 $60,000 $85,000 $125,000 $175,000 $250,000 $350,000 $500,000 $650,000 $910,000 505

(c)

(d)

8C2.4
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 or more

GUIDELINES MANUAL

November 1, 2012

$1,200,000 $1,600,000 $2,100,000 $2,800,000 $3,700,000 $4,800,000 $6,300,000 $8,100,000 $10,500,000 $13,500,000 $17,500,000 $22,000,000 $28,500,000 $36,000,000 $45,500,000 $57,500,000 $72,500,000.

Commentary Application Notes: 1. "Pecuniary gain," "pecuniary loss," and "offense" are defined in the Commentary to 8A1.2 (Application Instructions - Organizations). Note that subsections (a)(2) and (a)(3) contain certain limitations as to the use of pecuniary gain and pecuniary loss in determining the base fine. Under subsection (a)(2), the pecuniary gain used to determine the base fine is the pecuniary gain to the organization from the offense. Under subsection (a)(3), the pecuniary loss used to determine the base fine is the pecuniary loss from the offense caused by the organization, to the extent that such loss was caused intentionally, knowingly, or recklessly. Under 18 U.S.C. 3571(d), the court is not required to calculate pecuniary loss or pecuniary gain to the extent that determination of loss or gain would unduly complicate or prolong the sentencing process. Nevertheless, the court may need to approximate loss in order to calculate offense levels under Chapter Two. See Commentary to 2B1.1 (Theft, Property Destruction, and Fraud). If loss is approximated for purposes of determining the applicable offense level, the court should use that approximation as the starting point for calculating pecuniary loss under this section. In a case of an attempted offense or a conspiracy to commit an offense, pecuniary loss and pecuniary gain are to be determined in accordance with the principles stated in 2X1.1 (Attempt, Solicitation, or Conspiracy). In a case involving multiple participants (i.e., multiple organizations, or the organization and individual(s) unassociated with the organization), the applicable offense level is to be determined without regard to apportionment of the gain from or loss caused by the offense. See 1B1.3 (Relevant Conduct). However, if the base fine is determined under subsections (a)(2) or (a)(3), the court may, as appropriate, apportion gain or loss considering the defendants relative culpability and other pertinent factors. Note also that under 2R1.1(d)(1), the volume of commerce, which is used in determining a proxy for loss under 8C2.4(a)(3), is limited to the volume of commerce attributable to the defendant. 506

2.

3.

4.

November 1, 2012

GUIDELINES MANUAL

8C2.5

5.

Special instructions regarding the determination of the base fine are contained in 2B4.1 (Bribery in Procurement of Bank Loan and Other Commercial Bribery); 2C1.1 (Offering, Giving, Soliciting, or Receiving a Bribe; Extortion Under Color of Official Right; Fraud Involving the Deprivation of the Intangible Right to Honest Services of Public Officials; Conspiracy to Defraud by Interference with Governmental Functions); 2C1.2 (Offering, Giving, Soliciting, or Receiving a Gratuity); 2E5.1 (Offering, Accepting, or Soliciting a Bribe or Gratuity Affecting the Operation of an Employee Welfare or Pension Benefit Plan; Prohibited Payments or Lending of Money by Employer or Agent to Employees, Representatives, or Labor Organizations); and 2R1.1 (Bid-Rigging, Price-Fixing or Market-Allocation Agreements Among Competitors).

Background: Under this section, the base fine is determined in one of three ways: (1) by the amount, based on the offense level, from the table in subsection (d); (2) by the pecuniary gain to the organization from the offense; and (3) by the pecuniary loss caused by the organization, to the extent that such loss was caused intentionally, knowingly, or recklessly. In certain cases, special instructions for determining the loss or offense level amount apply. As a general rule, the base fine measures the seriousness of the offense. The determinants of the base fine are selected so that, in conjunction with the multipliers derived from the culpability score in 8C2.5 (Culpability Score), they will result in guideline fine ranges appropriate to deter organizational criminal conduct and to provide incentives for organizations to maintain internal mechanisms for preventing, detecting, and reporting criminal conduct. In order to deter organizations from seeking to obtain financial reward through criminal conduct, this section provides that, when greatest, pecuniary gain to the organization is used to determine the base fine. In order to ensure that organizations will seek to prevent losses intentionally, knowingly, or recklessly caused by their agents, this section provides that, when greatest, pecuniary loss is used to determine the base fine in such circumstances. Chapter Two provides special instructions for fines that include specific rules for determining the base fine in connection with certain types of offenses in which the calculation of loss or gain is difficult, e.g., price-fixing. For these offenses, the special instructions tailor the base fine to circumstances that occur in connection with such offenses and that generally relate to the magnitude of loss or gain resulting from such offenses.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 1993 (see Appendix C, amendment 496); November 1, 1995 (see Appendix C, amendment 534); November 1, 2001 (see Appendix C, amendment 634); November 1, 2004 (see Appendix C, amendments 666 and 673).

8C2.5.

Culpability Score (a) (b) Start with 5 points and apply subsections (b) through (g) below. Involvement in or Tolerance of Criminal Activity If more than one applies, use the greatest: (1) If -(A) the organization had 5,000 or more employees and (i) an individual within high-level personnel of the organization participated in, condoned, or was willfully ignorant of the 507

8C2.5

GUIDELINES MANUAL

November 1, 2012

offense; or (ii) tolerance of the offense by substantial authority personnel was pervasive throughout the organization; or

(B) the unit of the organization within which the offense was committed had 5,000 or more employees and (i) an individual within high-level personnel of the unit participated in, condoned, or was willfully ignorant of the offense; or tolerance of the offense by substantial authority personnel was pervasive throughout such unit,

(ii)

add 5 points; or (2) If -(A) the organization had 1,000 or more employees and (i) an individual within high-level personnel of the organization participated in, condoned, or was willfully ignorant of the offense; or tolerance of the offense by substantial authority personnel was pervasive throughout the organization; or

(ii)

(B) the unit of the organization within which the offense was committed had 1,000 or more employees and (i) an individual within high-level personnel of the unit participated in, condoned, or was willfully ignorant of the offense; or tolerance of the offense by substantial authority personnel was pervasive throughout such unit,

(ii)

add 4 points; or (3) If -(A) the organization had 200 or more employees and (i) an individual within high-level personnel of the organization participated in, condoned, or was willfully ignorant of the offense; or tolerance of the offense by substantial authority personnel was pervasive throughout the organization; or

(ii)

(B) the unit of the organization within which the offense was committed 508

November 1, 2012

GUIDELINES MANUAL

8C2.5

had 200 or more employees and (i) an individual within high-level personnel of the unit participated in, condoned, or was willfully ignorant of the offense; or tolerance of the offense by substantial authority personnel was pervasive throughout such unit,

(ii)

add 3 points; or (4) If the organization had 50 or more employees and an individual within substantial authority personnel participated in, condoned, or was willfully ignorant of the offense, add 2 points; or If the organization had 10 or more employees and an individual within substantial authority personnel participated in, condoned, or was willfully ignorant of the offense, add 1 point.

(5)

(c)

Prior History If more than one applies, use the greater: (1) If the organization (or separately managed line of business) committed any part of the instant offense less than 10 years after (A) a criminal adjudication based on similar misconduct; or (B) civil or administrative adjudication(s) based on two or more separate instances of similar misconduct, add 1 point; or If the organization (or separately managed line of business) committed any part of the instant offense less than 5 years after (A) a criminal adjudication based on similar misconduct; or (B) civil or administrative adjudication(s) based on two or more separate instances of similar misconduct, add 2 points.

(2)

(d)

Violation of an Order If more than one applies, use the greater: (1) (A) If the commission of the instant offense violated a judicial order or injunction, other than a violation of a condition of probation; or (B) if the organization (or separately managed line of business) violated a condition of probation by engaging in similar misconduct, i.e., misconduct similar to that for which it was placed on probation, add 2 points; or If the commission of the instant offense violated a condition of probation, add 1 point.

(2)

(e)

Obstruction of Justice If the organization willfully obstructed or impeded, attempted to obstruct or impede, or aided, abetted, or encouraged obstruction of justice during the 509

8C2.5

GUIDELINES MANUAL

November 1, 2012

investigation, prosecution, or sentencing of the instant offense, or, with knowledge thereof, failed to take reasonable steps to prevent such obstruction or impedance or attempted obstruction or impedance, add 3 points. (f) Effective Compliance and Ethics Program (1) If the offense occurred even though the organization had in place at the time of the offense an effective compliance and ethics program, as provided in 8B2.1 (Effective Compliance and Ethics Program), subtract 3 points. Subsection (f)(1) shall not apply if, after becoming aware of an offense, the organization unreasonably delayed reporting the offense to appropriate governmental authorities. (A) Except as provided in subparagraphs (B) and (C), subsection (f)(1) shall not apply if an individual within high-level personnel of the organization, a person within high-level personnel of the unit of the organization within which the offense was committed where the unit had 200 or more employees, or an individual described in 8B2.1(b)(2)(B) or (C), participated in, condoned, or was willfully ignorant of the offense. (B) There is a rebuttable presumption, for purposes of subsection (f)(1), that the organization did not have an effective compliance and ethics program if an individual (i) (ii) within high-level personnel of a small organization; or within substantial authority personnel, but not within high-level personnel, of any organization,

(2)

(3)

participated in, condoned, or was willfully ignorant of, the offense. (C) Subparagraphs (A) and (B) shall not apply if (i) the individual or individuals with operational responsibility for the compliance and ethics program (see 8B2.1(b)(2)(C)) have direct reporting obligations to the governing authority or an appropriate subgroup thereof (e.g., an audit committee of the board of directors); the compliance and ethics program detected the offense before discovery outside the organization or before such discovery was reasonably likely;

(ii)

(iii) the organization promptly reported the offense to appropriate governmental authorities; and (iv) no individual with operational responsibility for the compliance and ethics program participated in, condoned, or was willfully 510

November 1, 2012

GUIDELINES MANUAL

8C2.5

ignorant of the offense. (g) Self-Reporting, Cooperation, and Acceptance of Responsibility If more than one applies, use the greatest: (1) If the organization (A) prior to an imminent threat of disclosure or government investigation; and (B) within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 5 points; or If the organization fully cooperated in the investigation and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 2 points; or If the organization clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 1 point.

(2)

(3)

Commentary Application Notes: 1. Definitions.For purposes of this guideline, "condoned", "prior criminal adjudication", "similar misconduct", "substantial authority personnel", and "willfully ignorant of the offense" have the meaning given those terms in Application Note 3 of the Commentary to 8A1.2 (Application Instructions - Organizations). "Small Organization", for purposes of subsection (f)(3), means an organization that, at the time of the instant offense, had fewer than 200 employees. 2. For purposes of subsection (b), "unit of the organization" means any reasonably distinct operational component of the organization. For example, a large organization may have several large units such as divisions or subsidiaries, as well as many smaller units such as specialized manufacturing, marketing, or accounting operations within these larger units. For purposes of this definition, all of these types of units are encompassed within the term "unit of the organization." "High-level personnel of the organization" is defined in the Commentary to 8A1.2 (Application Instructions - Organizations). With respect to a unit with 200 or more employees, "high-level personnel of a unit of the organization" means agents within the unit who set the policy for or control that unit. For example, if the managing agent of a unit with 200 employees participated in an offense, three points would be added under subsection (b)(3); if that organization had 1,000 employees and the managing agent of the unit with 200 employees were also within high-level personnel of the organization in its entirety, four points (rather than three) would be added under subsection (b)(2). Pervasiveness under subsection (b) will be case specific and depend on the number, and degree of responsibility, of individuals within substantial authority personnel who participated 511

3.

4.

8C2.5

GUIDELINES MANUAL

November 1, 2012

in, condoned, or were willfully ignorant of the offense. Fewer individuals need to be involved for a finding of pervasiveness if those individuals exercised a relatively high degree of authority. Pervasiveness can occur either within an organization as a whole or within a unit of an organization. For example, if an offense were committed in an organization with 1,000 employees but the tolerance of the offense was pervasive only within a unit of the organization with 200 employees (and no high-level personnel of the organization participated in, condoned, or was willfully ignorant of the offense), three points would be added under subsection (b)(3). If, in the same organization, tolerance of the offense was pervasive throughout the organization as a whole, or an individual within high-level personnel of the organization participated in the offense, four points (rather than three) would be added under subsection (b)(2). 5. A "separately managed line of business," as used in subsections (c) and (d), is a subpart of a for-profit organization that has its own management, has a high degree of autonomy from higher managerial authority, and maintains its own separate books of account. Corporate subsidiaries and divisions frequently are separately managed lines of business. Under subsection (c), in determining the prior history of an organization with separately managed lines of business, only the prior conduct or criminal record of the separately managed line of business involved in the instant offense is to be used. Under subsection (d), in the context of an organization with separately managed lines of business, in making the determination whether a violation of a condition of probation involved engaging in similar misconduct, only the prior misconduct of the separately managed line of business involved in the instant offense is to be considered. Under subsection (c), in determining the prior history of an organization or separately managed line of business, the conduct of the underlying economic entity shall be considered without regard to its legal structure or ownership. For example, if two companies merged and became separate divisions and separately managed lines of business within the merged company, each division would retain the prior history of its predecessor company. If a company reorganized and became a new legal entity, the new company would retain the prior history of the predecessor company. In contrast, if one company purchased the physical assets but not the ongoing business of another company, the prior history of the company selling the physical assets would not be transferred to the company purchasing the assets. However, if an organization is acquired by another organization in response to solicitations by appropriate federal government officials, the prior history of the acquired organization shall not be attributed to the acquiring organization. Under subsections (c)(1)(B) and (c)(2)(B), the civil or administrative adjudication(s) must have occurred within the specified period (ten or five years) of the instant offense. Adjust the culpability score for the factors listed in subsection (e) whether or not the offense guideline incorporates that factor, or that factor is inherent in the offense. Subsection (e) applies where the obstruction is committed on behalf of the organization; it does not apply where an individual or individuals have attempted to conceal their misconduct from the organization. The Commentary to 3C1.1 (Obstructing or Impeding the Administration of Justice) provides guidance regarding the types of conduct that constitute obstruction. Subsection (f)(2) contemplates that the organization will be allowed a reasonable period of time to conduct an internal investigation. In addition, no reporting is required by subsection 512

6.

7.

8.

9.

10.

November 1, 2012

GUIDELINES MANUAL

8C2.5

(f)(2) or (f)(3)(C)(iii) if the organization reasonably concluded, based on the information then available, that no offense had been committed. 11. For purposes of subsection (f)(3)(C)(i), an individual has "direct reporting obligations" to the governing authority or an appropriate subgroup thereof if the individual has express authority to communicate personally to the governing authority or appropriate subgroup thereof (A) promptly on any matter involving criminal conduct or potential criminal conduct, and (B) no less than annually on the implementation and effectiveness of the compliance and ethics program. "Appropriate governmental authorities," as used in subsections (f) and (g)(1), means the federal or state law enforcement, regulatory, or program officials having jurisdiction over such matter. To qualify for a reduction under subsection (g)(1), the report to appropriate governmental authorities must be made under the direction of the organization. To qualify for a reduction under subsection (g)(1) or (g)(2), cooperation must be both timely and thorough. To be timely, the cooperation must begin essentially at the same time as the organization is officially notified of a criminal investigation. To be thorough, the cooperation should include the disclosure of all pertinent information known by the organization. A prime test of whether the organization has disclosed all pertinent information is whether the information is sufficient for law enforcement personnel to identify the nature and extent of the offense and the individual(s) responsible for the criminal conduct. However, the cooperation to be measured is the cooperation of the organization itself, not the cooperation of individuals within the organization. If, because of the lack of cooperation of particular individual(s), neither the organization nor law enforcement personnel are able to identify the culpable individual(s) within the organization despite the organizations efforts to cooperate fully, the organization may still be given credit for full cooperation. Entry of a plea of guilty prior to the commencement of trial combined with truthful admission of involvement in the offense and related conduct ordinarily will constitute significant evidence of affirmative acceptance of responsibility under subsection (g), unless outweighed by conduct of the organization that is inconsistent with such acceptance of responsibility. This adjustment is not intended to apply to an organization that puts the government to its burden of proof at trial by denying the essential factual elements of guilt, is convicted, and only then admits guilt and expresses remorse. Conviction by trial, however, does not automatically preclude an organization from consideration for such a reduction. In rare situations, an organization may clearly demonstrate an acceptance of responsibility for its criminal conduct even though it exercises its constitutional right to a trial. This may occur, for example, where an organization goes to trial to assert and preserve issues that do not relate to factual guilt (e.g., to make a constitutional challenge to a statute or a challenge to the applicability of a statute to its conduct). In each such instance, however, a determination that an organization has accepted responsibility will be based primarily upon pretrial statements and conduct. In making a determination with respect to subsection (g), the court may determine that the chief executive officer or highest ranking employee of an organization should appear at sentencing in order to signify that the organization has clearly demonstrated recognition and affirmative acceptance of responsibility.

12.

13.

14.

15.

Background: The increased culpability scores under subsection (b) are based on three interrelated principles. First, an organization is more culpable when individuals who manage the organization 513

8C2.5

GUIDELINES MANUAL

November 1, 2012

or who have substantial discretion in acting for the organization participate in, condone, or are willfully ignorant of criminal conduct. Second, as organizations become larger and their managements become more professional, participation in, condonation of, or willful ignorance of criminal conduct by such management is increasingly a breach of trust or abuse of position. Third, as organizations increase in size, the risk of criminal conduct beyond that reflected in the instant offense also increases whenever managements tolerance of that offense is pervasive. Because of the continuum of sizes of organizations and professionalization of management, subsection (b) gradually increases the culpability score based upon the size of the organization and the level and extent of the substantial authority personnel involvement.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 2004 (see Appendix C, amendment 673); November 1, 2006 (see Appendix C, amendment 695); November 1, 2010 (see Appendix C, amendment 744).

8C2.6.

Minimum and Maximum Multipliers Using the culpability score from 8C2.5 (Culpability Score) and applying any applicable special instruction for fines in Chapter Two, determine the applicable minimum and maximum fine multipliers from the table below.

Culpability Score 10 or more 9 8 7 6 5 4 3 2 1 0 or less

Minimum Multiplier 2.00 1.80 1.60 1.40 1.20 1.00 0.80 0.60 0.40 0.20 0.05

Maximum Multiplier 4.00 3.60 3.20 2.80 2.40 2.00 1.60 1.20 0.80 0.40 0.20.

Commentary Application Note: 1. A special instruction for fines in 2R1.1 (Bid-Rigging, Price-Fixing or Market-Allocation Agreements Among Competitors) sets a floor for minimum and maximum multipliers in cases covered by that guideline.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

514

November 1, 2012

GUIDELINES MANUAL

8C2.8

8C2.7.

Guideline Fine Range - Organizations (a) The minimum of the guideline fine range is determined by multiplying the base fine determined under 8C2.4 (Base Fine) by the applicable minimum multiplier determined under 8C2.6 (Minimum and Maximum Multipliers). The maximum of the guideline fine range is determined by multiplying the base fine determined under 8C2.4 (Base Fine) by the applicable maximum multiplier determined under 8C2.6 (Minimum and Maximum Multipliers).

(b)

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C2.8.

Determining the Fine Within the Range (Policy Statement) (a) In determining the amount of the fine within the applicable guideline range, the court should consider: (1) the need for the sentence to reflect the seriousness of the offense, promote respect for the law, provide just punishment, afford adequate deterrence, and protect the public from further crimes of the organization; the organizations role in the offense; any collateral consequences of conviction, including civil obligations arising from the organizations conduct; any nonpecuniary loss caused or threatened by the offense; whether the offense involved a vulnerable victim; any prior criminal record of an individual within high-level personnel of the organization or high-level personnel of a unit of the organization who participated in, condoned, or was willfully ignorant of the criminal conduct; any prior civil or criminal misconduct by the organization other than that counted under 8C2.5(c); any culpability score under 8C2.5 (Culpability Score) higher than 10 or lower than 0; partial but incomplete satisfaction of the conditions for one or more of the mitigating or aggravating factors set forth in 8C2.5 (Culpability Score);

(2) (3)

(4) (5) (6)

(7)

(8)

(9)

(10) any factor listed in 18 U.S.C. 3572(a); and (11) whether the organization failed to have, at the time of the instant offense, an effective compliance and ethics program within the meaning of 8B2.1 (Effective Compliance and Ethics Program). 515

8C2.8
(b)

GUIDELINES MANUAL

November 1, 2012

In addition, the court may consider the relative importance of any factor used to determine the range, including the pecuniary loss caused by the offense, the pecuniary gain from the offense, any specific offense characteristic used to determine the offense level, and any aggravating or mitigating factor used to determine the culpability score.

Commentary Application Notes: 1. Subsection (a)(2) provides that the court, in setting the fine within the guideline fine range, should consider the organizations role in the offense. This consideration is particularly appropriate if the guideline fine range does not take the organizations role in the offense into account. For example, the guideline fine range in an antitrust case does not take into consideration whether the organization was an organizer or leader of the conspiracy. A higher fine within the guideline fine range ordinarily will be appropriate for an organization that takes a leading role in such an offense. Subsection (a)(3) provides that the court, in setting the fine within the guideline fine range, should consider any collateral consequences of conviction, including civil obligations arising from the organizations conduct. As a general rule, collateral consequences that merely make victims whole provide no basis for reducing the fine within the guideline range. If criminal and civil sanctions are unlikely to make victims whole, this may provide a basis for a higher fine within the guideline fine range. If punitive collateral sanctions have been or will be imposed on the organization, this may provide a basis for a lower fine within the guideline fine range. Subsection (a)(4) provides that the court, in setting the fine within the guideline fine range, should consider any nonpecuniary loss caused or threatened by the offense. To the extent that nonpecuniary loss caused or threatened (e.g., loss of or threat to human life; psychological injury; threat to national security) by the offense is not adequately considered in setting the guideline fine range, this factor provides a basis for a higher fine within the range. This factor is more likely to be applicable where the guideline fine range is determined by pecuniary loss or gain, rather than by offense level, because the Chapter Two offense levels frequently take actual or threatened nonpecuniary loss into account. Subsection (a)(6) provides that the court, in setting the fine within the guideline fine range, should consider any prior criminal record of an individual within high-level personnel of the organization or within high-level personnel of a unit of the organization. Since an individual within high-level personnel either exercises substantial control over the organization or a unit of the organization or has a substantial role in the making of policy within the organization or a unit of the organization, any prior criminal misconduct of such an individual may be relevant to the determination of the appropriate fine for the organization. Subsection (a)(7) provides that the court, in setting the fine within the guideline fine range, should consider any prior civil or criminal misconduct by the organization other than that counted under 8C2.5(c). The civil and criminal misconduct counted under 8C2.5(c) increases the guideline fine range. Civil or criminal misconduct other than that counted under 8C2.5(c) may provide a basis for a higher fine within the range. In a case involving a pattern of illegality, an upward departure may be warranted. 516

2.

3.

4.

5.

November 1, 2012

GUIDELINES MANUAL

8C2.9

6.

Subsection (a)(8) provides that the court, in setting the fine within the guideline fine range, should consider any culpability score higher than ten or lower than zero. As the culpability score increases above ten, this may provide a basis for a higher fine within the range. Similarly, as the culpability score decreases below zero, this may provide a basis for a lower fine within the range. Under subsection (b), the court, in determining the fine within the range, may consider any factor that it considered in determining the range. This allows for courts to differentiate between cases that have the same offense level but differ in seriousness (e.g., two fraud cases at offense level 12, one resulting in a loss of $21,000, the other $40,000). Similarly, this allows for courts to differentiate between two cases that have the same aggravating factors, but in which those factors vary in their intensity (e.g., two cases with upward adjustments to the culpability score under 8C2.5(c)(2) (prior criminal adjudications within 5 years of the commencement of the instant offense, one involving a single conviction, the other involving two or more convictions).

7.

Background: Subsection (a) includes factors that the court is required to consider under 18 U.S.C. 3553(a) and 3572(a) as well as additional factors that the Commission has determined may be relevant in a particular case. A number of factors required for consideration under 18 U.S.C. 3572(a) (e.g., pecuniary loss, the size of the organization) are used under the fine guidelines in this subpart to determine the fine range, and therefore are not specifically set out again in subsection (a) of this guideline. In unusual cases, factors listed in this section may provide a basis for departure.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 2004 (see Appendix C, amendment 673).

8C2.9.

Disgorgement The court shall add to the fine determined under 8C2.8 (Determining the Fine Within the Range) any gain to the organization from the offense that has not and will not be paid as restitution or by way of other remedial measures.

Commentary Application Note: 1. This section is designed to ensure that the amount of any gain that has not and will not be taken from the organization for remedial purposes will be added to the fine. This section typically will apply in cases in which the organization has received gain from an offense but restitution or remedial efforts will not be required because the offense did not result in harm to identifiable victims, e.g., money laundering, obscenity, and regulatory reporting offenses. Money spent or to be spent to remedy the adverse effects of the offense, e.g., the cost to retrofit defective products, should be considered as disgorged gain. If the cost of remedial efforts made or to be made by the organization equals or exceeds the gain from the offense, this section will not apply.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

517

8C2.10

GUIDELINES MANUAL

November 1, 2012

8C2.10. Determining the Fine for Other Counts For any count or counts not covered under 8C2.1 (Applicability of Fine Guidelines), the court should determine an appropriate fine by applying the provisions of 18 U.S.C. 3553 and 3572. The court should determine the appropriate fine amount, if any, to be imposed in addition to any fine determined under 8C2.8 (Determining the Fine Within the Range) and 8C2.9 (Disgorgement).

Commentary Background: The Commission has not promulgated guidelines governing the setting of fines for counts not covered by 8C2.1 (Applicability of Fine Guidelines). For such counts, the court should determine the appropriate fine based on the general statutory provisions governing sentencing. In cases that have a count or counts not covered by the guidelines in addition to a count or counts covered by the guidelines, the court shall apply the fine guidelines for the count(s) covered by the guidelines, and add any additional amount to the fine, as appropriate, for the count(s) not covered by the guidelines.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

* * * * *

3.

IMPLEMENTING THE SENTENCE OF A FINE

8C3.1.

Imposing a Fine (a) Except to the extent restricted by the maximum fine authorized by statute or any minimum fine required by statute, the fine or fine range shall be that determined under 8C1.1 (Determining the Fine - Criminal Purpose Organizations); 8C2.7 (Guideline Fine Range - Organizations) and 8C2.9 (Disgorgement); or 8C2.10 (Determining the Fine for Other Counts), as appropriate. Where the minimum guideline fine is greater than the maximum fine authorized by statute, the maximum fine authorized by statute shall be the guideline fine. Where the maximum guideline fine is less than a minimum fine required by statute, the minimum fine required by statute shall be the guideline fine.

(b)

(c)

Commentary Background: This section sets forth the interaction of the fines or fine ranges determined under this chapter with the maximum fine authorized by statute and any minimum fine required by statute for the count or counts of conviction. The general statutory provisions governing a sentence of a fine are set forth in 18 U.S.C. 3571.

518

November 1, 2012

GUIDELINES MANUAL

8C3.3

When the organization is convicted of multiple counts, the maximum fine authorized by statute may increase. For example, in the case of an organization convicted of three felony counts related to a $200,000 fraud, the maximum fine authorized by statute will be $500,000 on each count, for an aggregate maximum authorized fine of $1,500,000.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C3.2.

Payment of the Fine - Organizations (a) If the defendant operated primarily for a criminal purpose or primarily by criminal means, immediate payment of the fine shall be required. In any other case, immediate payment of the fine shall be required unless the court finds that the organization is financially unable to make immediate payment or that such payment would pose an undue burden on the organization. If the court permits other than immediate payment, it shall require full payment at the earliest possible date, either by requiring payment on a date certain or by establishing an installment schedule.

(b)

Commentary Application Note: 1. When the court permits other than immediate payment, the period provided for payment shall in no event exceed five years. 18 U.S.C. 3572(d).

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C3.3.

Reduction of Fine Based on Inability to Pay (a) The court shall reduce the fine below that otherwise required by 8C1.1 (Determining the Fine - Criminal Purpose Organizations), or 8C2.7 (Guideline Fine Range Organizations) and 8C2.9 (Disgorgement), to the extent that imposition of such fine would impair its ability to make restitution to victims. The court may impose a fine below that otherwise required by 8C2.7 (Guideline Fine Range - Organizations) and 8C2.9 (Disgorgement) if the court finds that the organization is not able and, even with the use of a reasonable installment schedule, is not likely to become able to pay the minimum fine required by 8C2.7 (Guideline Fine Range - Organizations) and 8C2.9 (Disgorgement). Provided, that the reduction under this subsection shall not be more than necessary to avoid substantially jeopardizing the continued viability of the organization.

(b)

519

8C3.3

GUIDELINES MANUAL

November 1, 2012

Commentary Application Note: 1. For purposes of this section, an organization is not able to pay the minimum fine if, even with an installment schedule under 8C3.2 (Payment of the Fine - Organizations), the payment of that fine would substantially jeopardize the continued existence of the organization.

Background: Subsection (a) carries out the requirement in 18 U.S.C. 3572(b) that the court impose a fine or other monetary penalty only to the extent that such fine or penalty will not impair the ability of the organization to make restitution for the offense; however, this section does not authorize a criminal purpose organization to remain in business in order to pay restitution.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C3.4.

Fines Paid by Owners of Closely Held Organizations The court may offset the fine imposed upon a closely held organization when one or more individuals, each of whom owns at least a 5 percent interest in the organization, has been fined in a federal criminal proceeding for the same offense conduct for which the organization is being sentenced. The amount of such offset shall not exceed the amount resulting from multiplying the total fines imposed on those individuals by those individuals total percentage interest in the organization.

Commentary Application Notes: 1. For purposes of this section, an organization is closely held, regardless of its size, when relatively few individuals own it. In order for an organization to be closely held, ownership and management need not completely overlap. This section does not apply to a fine imposed upon an individual that arises out of offense conduct different from that for which the organization is being sentenced.

2.

Background: For practical purposes, most closely held organizations are the alter egos of their owner-managers. In the case of criminal conduct by a closely held corporation, the organization and the culpable individual(s) both may be convicted. As a general rule in such cases, appropriate punishment may be achieved by offsetting the fine imposed upon the organization by an amount that reflects the percentage ownership interest of the sentenced individuals and the magnitude of the fines imposed upon those individuals. For example, an organization is owned by five individuals, each of whom has a twenty percent interest; three of the individuals are convicted; and the combined fines imposed on those three equals $100,000. In this example, the fine imposed upon the organization may be offset by up to 60 percent of their combined fine amounts, i.e., by $60,000.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

* * * * * 520

November 1, 2012

GUIDELINES MANUAL

8C4.1

4.

DEPARTURES FROM THE GUIDELINE FINE RANGE

Introductory Commentary The statutory provisions governing departures are set forth in 18 U.S.C. 3553(b). Departure may be warranted if the court finds "that there exists an aggravating or mitigating circumstance of a kind, or to a degree, not adequately taken into consideration by the Sentencing Commission in formulating the guidelines that should result in a sentence different from that described." This subpart sets forth certain factors that, in connection with certain offenses, may not have been adequately taken into consideration by the guidelines. In deciding whether departure is warranted, the court should consider the extent to which that factor is adequately taken into consideration by the guidelines and the relative importance or substantiality of that factor in the particular case. To the extent that any policy statement from Chapter Five, Part K (Departures) is relevant to the organization, a departure from the applicable guideline fine range may be warranted. Some factors listed in Chapter Five, Part K that are particularly applicable to organizations are listed in this subpart. Other factors listed in Chapter Five, Part K may be applicable in particular cases. While this subpart lists factors that the Commission believes may constitute grounds for departure, the list is not exhaustive.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C4.1.

Substantial Assistance to Authorities - Organizations (Policy Statement) (a) Upon motion of the government stating that the defendant has provided substantial assistance in the investigation or prosecution of another organization that has committed an offense, or in the investigation or prosecution of an individual not directly affiliated with the defendant who has committed an offense, the court may depart from the guidelines. The appropriate reduction shall be determined by the court for reasons stated on the record that may include, but are not limited to, consideration of the following: (1) the courts evaluation of the significance and usefulness of the organizations assistance, taking into consideration the governments evaluation of the assistance rendered; the nature and extent of the organizations assistance; and the timeliness of the organizations assistance.

(b)

(2) (3)

Commentary Application Note: 1. Departure under this section is intended for cases in which substantial assistance is provided in the investigation or prosecution of crimes committed by individuals not directly affiliated 521

8C4.1

GUIDELINES MANUAL

November 1, 2012

with the organization or by other organizations. It is not intended for assistance in the investigation or prosecution of the agents of the organization responsible for the offense for which the organization is being sentenced.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C4.2.

Risk of Death or Bodily Injury (Policy Statement) If the offense resulted in death or bodily injury, or involved a foreseeable risk of death or bodily injury, an upward departure may be warranted. The extent of any such departure should depend, among other factors, on the nature of the harm and the extent to which the harm was intended or knowingly risked, and the extent to which such harm or risk is taken into account within the applicable guideline fine range.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C4.3.

Threat to National Security (Policy Statement) If the offense constituted a threat to national security, an upward departure may be warranted.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C4.4.

Threat to the Environment (Policy Statement) If the offense presented a threat to the environment, an upward departure may be warranted.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C4.5.

Threat to a Market (Policy Statement) If the offense presented a risk to the integrity or continued existence of a market, an upward departure may be warranted. This section is applicable to both private markets (e.g., a financial market, a commodities market, or a market for consumer goods) and public markets (e.g., government contracting).

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

522

November 1, 2012

GUIDELINES MANUAL

8C4.9

8C4.6.

Official Corruption (Policy Statement) If the organization, in connection with the offense, bribed or unlawfully gave a gratuity to a public official, or attempted or conspired to bribe or unlawfully give a gratuity to a public official, an upward departure may be warranted.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C4.7.

Public Entity (Policy Statement) If the organization is a public entity, a downward departure may be warranted.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C4.8.

Members or Beneficiaries of the Organization as Victims (Policy Statement) If the members or beneficiaries, other than shareholders, of the organization are direct victims of the offense, a downward departure may be warranted. If the members or beneficiaries of an organization are direct victims of the offense, imposing a fine upon the organization may increase the burden upon the victims of the offense without achieving a deterrent effect. In such cases, a fine may not be appropriate. For example, departure may be appropriate if a labor union is convicted of embezzlement of pension funds.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8C4.9.

Remedial Costs that Greatly Exceed Gain (Policy Statement) If the organization has paid or has agreed to pay remedial costs arising from the offense that greatly exceed the gain that the organization received from the offense, a downward departure may be warranted. In such a case, a substantial fine may not be necessary in order to achieve adequate punishment and deterrence. In deciding whether departure is appropriate, the court should consider the level and extent of substantial authority personnel involvement in the offense and the degree to which the loss exceeds the gain. If an individual within high-level personnel was involved in the offense, a departure would not be appropriate under this section. The lower the level and the more limited the extent of substantial authority personnel involvement in the offense, and the greater the degree to which remedial costs exceeded or will exceed gain, the less will be the need for a substantial fine to achieve adequate punishment and deterrence.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

523

8C4.10

GUIDELINES MANUAL

November 1, 2012

8C4.10. Mandatory Programs to Prevent and Detect Violations of Law (Policy Statement) If the organizations culpability score is reduced under 8C2.5(f) (Effective Compliance and Ethics Program) and the organization had implemented its program in response to a court order or administrative order specifically directed at the organization, an upward departure may be warranted to offset, in part or in whole, such reduction. Similarly, if, at the time of the instant offense, the organization was required by law to have an effective compliance and ethics program, but the organization did not have such a program, an upward departure may be warranted.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 2004 (see Appendix C, amendment 673).

8C4.11. Exceptional Organizational Culpability (Policy Statement) If the organizations culpability score is greater than 10, an upward departure may be appropriate. If no individual within substantial authority personnel participated in, condoned, or was willfully ignorant of the offense; the organization at the time of the offense had an effective program to prevent and detect violations of law; and the base fine is determined under 8C2.4(a)(1), 8C2.4(a)(3), or a special instruction for fines in Chapter Two (Offense Conduct), a downward departure may be warranted. In a case meeting these criteria, the court may find that the organization had exceptionally low culpability and therefore a fine based on loss, offense level, or a special Chapter Two instruction results in a guideline fine range higher than necessary to achieve the purposes of sentencing. Nevertheless, such fine should not be lower than if determined under 8C2.4(a)(2).
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

524

November 1, 2012

GUIDELINES MANUAL

8D1.1

PART D - ORGANIZATIONAL PROBATION

Introductory Commentary Section 8D1.1 sets forth the circumstances under which a sentence to a term of probation is required. Sections 8D1.2 through 8D1.4, and 8F1.1, address the length of the probation term, conditions of probation, and violations of probation conditions.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 2004 (see Appendix C, amendment 673).

8D1.1.

Imposition of Probation - Organizations (a) The court shall order a term of probation: (1) if such sentence is necessary to secure payment of restitution (8B1.1), enforce a remedial order (8B1.2), or ensure completion of community service (8B1.3); if the organization is sentenced to pay a monetary penalty (e.g., restitution, fine, or special assessment), the penalty is not paid in full at the time of sentencing, and restrictions are necessary to safeguard the organizations ability to make payments; if, at the time of sentencing, (A) the organization (i) has 50 or more employees, or (ii) was otherwise required under law to have an effective compliance and ethics program; and (B) the organization does not have such a program; if the organization within five years prior to sentencing engaged in similar misconduct, as determined by a prior criminal adjudication, and any part of the misconduct underlying the instant offense occurred after that adjudication; if an individual within high-level personnel of the organization or the unit of the organization within which the instant offense was committed participated in the misconduct underlying the instant offense and that individual within five years prior to sentencing engaged in similar misconduct, as determined by a prior criminal adjudication, and any part of the misconduct underlying the instant offense occurred after that adjudication; if such sentence is necessary to ensure that changes are made within the organization to reduce the likelihood of future criminal conduct; if the sentence imposed upon the organization does not include a fine; or if necessary to accomplish one or more of the purposes of sentencing set forth in 18 U.S.C. 3553(a)(2). 525

(2)

(3)

(4)

(5)

(6)

(7) (8)

8D1.2

GUIDELINES MANUAL

November 1, 2012

Commentary Background: Under 18 U.S.C. 3561(a), an organization may be sentenced to a term of probation. Under 18 U.S.C. 3551(c), imposition of a term of probation is required if the sentence imposed upon the organization does not include a fine.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 2004 (see Appendix C, amendment 673).

8D1.2.

Term of Probation - Organizations (a) When a sentence of probation is imposed -(1) In the case of a felony, the term of probation shall be at least one year but not more than five years. In any other case, the term of probation shall be not more than five years.

(2)

Commentary Application Note: 1. Within the limits set by the guidelines, the term of probation should be sufficient, but not more than necessary, to accomplish the courts specific objectives in imposing the term of probation. The terms of probation set forth in this section are those provided in 18 U.S.C. 3561(b).

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8D1.3.

Conditions of Probation - Organizations (a) Pursuant to 18 U.S.C. 3563(a)(1), any sentence of probation shall include the condition that the organization not commit another federal, state, or local crime during the term of probation. Pursuant to 18 U.S.C. 3563(a)(2), if a sentence of probation is imposed for a felony, the court shall impose as a condition of probation at least one of the following: (1) restitution or (2) community service, unless the court has imposed a fine, or unless the court finds on the record that extraordinary circumstances exist that would make such condition plainly unreasonable, in which event the court shall impose one or more other conditions set forth in 18 U.S.C. 3563(b). The court may impose other conditions that (1) are reasonably related to the nature and circumstances of the offense or the history and characteristics of the organization; and (2) involve only such deprivations of liberty or property as are necessary to effect the purposes of sentencing.

(b)

(c)

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 1997 (see Appendix C, amendment 569); November 1, 2009 (see Appendix C, amendment 733).

526

November 1, 2012

GUIDELINES MANUAL

8D1.4

8D1.4.

Recommended Conditions of Probation - Organizations (Policy Statement) (a) The court may order the organization, at its expense and in the format and media specified by the court, to publicize the nature of the offense committed, the fact of conviction, the nature of the punishment imposed, and the steps that will be taken to prevent the recurrence of similar offenses. If probation is imposed under 8D1.1, the following conditions may be appropriate: (1) The organization shall develop and submit to the court an effective compliance and ethics program consistent with 8B2.1 (Effective Compliance and Ethics Program). The organization shall include in its submission a schedule for implementation of the compliance and ethics program. Upon approval by the court of a program referred to in paragraph (1), the organization shall notify its employees and shareholders of its criminal behavior and its program referred to in paragraph (1). Such notice shall be in a form prescribed by the court. The organization shall make periodic submissions to the court or probation officer, at intervals specified by the court, (A) reporting on the organizations financial condition and results of business operations, and accounting for the disposition of all funds received, and (B) reporting on the organizations progress in implementing the program referred to in paragraph (1). Among other things, reports under subparagraph (B) shall disclose any criminal prosecution, civil litigation, or administrative proceeding commenced against the organization, or any investigation or formal inquiry by governmental authorities of which the organization learned since its last report. The organization shall notify the court or probation officer immediately upon learning of (A) any material adverse change in its business or financial condition or prospects, or (B) the commencement of any bankruptcy proceeding, major civil litigation, criminal prosecution, or administrative proceeding against the organization, or any investigation or formal inquiry by governmental authorities regarding the organization. The organization shall submit to: (A) a reasonable number of regular or unannounced examinations of its books and records at appropriate business premises by the probation officer or experts engaged by the court; and (B) interrogation of knowledgeable individuals within the organization. Compensation to and costs of any experts engaged by the court shall be paid by the organization. The organization shall make periodic payments, as specified by the court, in the following priority: (A) restitution; (B) fine; and (C) any other monetary sanction.

(b)

(2)

(3)

(4)

(5)

(6)

527

8D1.4

GUIDELINES MANUAL

November 1, 2012

Commentary Application Note: 1. In determining the conditions to be imposed when probation is ordered under 8D1.1, the court should consider the views of any governmental regulatory body that oversees conduct of the organization relating to the instant offense. To assess the efficacy of a compliance and ethics program submitted by the organization, the court may employ appropriate experts who shall be afforded access to all material possessed by the organization that is necessary for a comprehensive assessment of the proposed program. The court should approve any program that appears reasonably calculated to prevent and detect criminal conduct, as long as it is consistent with 8B2.1 (Effective Compliance and Ethics Program), and any applicable statutory and regulatory requirements. Periodic reports submitted in accordance with subsection (b)(3) should be provided to any governmental regulatory body that oversees conduct of the organization relating to the instant offense.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422). Amended effective November 1, 2004 (see Appendix C, amendment 673); November 1, 2010 (see Appendix C, amendment 744).

8D1.5. [Deleted]
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422); was moved to 8F1.1 effective November 1, 2004 (see Appendix C, amendment 673).

528

November 1, 2012

GUIDELINES MANUAL

8E1.1

PART E - SPECIAL ASSESSMENTS, FORFEITURES, AND COSTS

8E1.1.

Special Assessments - Organizations A special assessment must be imposed on an organization in the amount prescribed by statute. Commentary

Application Notes: 1. This guideline applies if the defendant is an organization. It does not apply if the defendant is an individual. See 5E1.3 for special assessments applicable to individuals. The following special assessments are provided by statute (see 18 U.S.C. 3013): For Offenses Committed By Organizations On Or After April 24, 1996: (A) (B) (C) (D) $400, if convicted of a felony; $125, if convicted of a Class A misdemeanor; $50, if convicted of a Class B misdemeanor; or $25, if convicted of a Class C misdemeanor or an infraction.

2.

For Offenses Committed By Organizations On Or After November 18, 1988 But Prior To April 24, 1996: (E) (F) (G) (H) $200, if convicted of a felony; $125, if convicted of a Class A misdemeanor; $50, if convicted of a Class B misdemeanor; or $25, if convicted of a Class C misdemeanor or an infraction.

For Offenses Committed By Organizations Prior To November 18, 1988: (I) (J) 3. $200, if convicted of a felony; $100, if convicted of a misdemeanor.

A special assessment is required by statute for each count of conviction.

Background: Section 3013 of Title 18, United States Code, added by The Victims of Crimes Act of 1984, Pub. L. No. 98-473, Title II, Chap. XIV, requires courts to impose special assessments on convicted defendants for the purpose of funding the Crime Victims Fund established by the same legislation.
Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422); November 1, 1997 (see Appendix C, amendment 573).

529

8E1.2
8E1.2.

GUIDELINES MANUAL

November 1, 2012

Forfeiture - Organizations Apply 5E1.4 (Forfeiture).

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

8E1.3.

Assessment of Costs - Organizations As provided in 28 U.S.C. 1918, the court may order the organization to pay the costs of prosecution. In addition, specific statutory provisions mandate assessment of costs.

Historical Note: Effective November 1, 1991 (see Appendix C, amendment 422).

530

November 1, 2012

GUIDELINES MANUAL

8F1.1

PART F - VIOLATIONS OF PROBATION - ORGANIZATIONS


Historical Note: Effective November 1, 2004 (see Appendix C, amendment 673).

8F1.1.

Violations of Conditions of Probation - Organizations (Policy Statement) Upon a finding of a violation of a condition of probation, the court may extend the term of probation, impose more restrictive conditions of probation, or revoke probation and resentence the organization.

Commentary Application Notes: 1. Appointment of Master or Trustee.In the event of repeated violations of conditions of probation, the appointment of a master or trustee may be appropriate to ensure compliance with court orders. Conditions of Probation.Mandatory and recommended conditions of probation are specified in 8D1.3 (Conditions of Probation - Organizations) and 8D1.4 (Recommended Conditions of Probation - Organizations).

2.

Historical Note: Effective November 1, 2004 (see Appendix C, amendment 673).

531

Better Class Of Board Ethics Education


A
By W. Michael HotTman, Dawn-Marie Driscoll and Mark Rowe

Directors are not typically accustomed to being told what to think. Indeed, a rigorous intellect and an independent spirit of inquiry have never been considered handicaps in the thought-intensive business of corporate governance. However, the last four years have produced some startling examples of boards either unencum bered by such qualities or at least unwilling to parlay' them into demonstrations of effective ethical leadership and oversight. While such boards appear to be in a small minority--especially now that shareholders, regulators and the public have such high expectations-we think many boards would appreciate assistance in navigating a course through the ethical reefs on which other companies have foundered. This involves educating them in

,merldati()ns! r , 4eYf! q.]Jil'l$ . tp} , d .fq9Uitf4,tin ;b a.


. ...
,

," Ten eyrf!COrrl- ,

education iin ':'i ,."

how

(rather than

what)

itliics; '

,:,'

\,

"

, '::.

to think about the ethics and

compliance issues that will confront their companies and them personally. In our earlier article, "Effective Ethics Education of the Board"

(Ethikos,

January/

. i

February 2005, Vol. 18, No.4), we presented some ideas for setting the stage. In this article, we are largely concerned with the perfonnance itself: how to organize and facilitate board ethics sessions.

Education versus training


In the board context we will continue to use the tenn "education" (in preference to "training"), even though the amended Federal Sentencing Guidelines for Organi zations (FSGOs) refer to the need to conduct effective training programs in which an organization's governing authority must participate. The reasoning bears repetition. Directors should perceive activities in this area as being part of their continuing education responsibilities. Moreover, use of the term education will reinforce the board's sense of an opportunity to extend, refine and practice its thinking-and therefore improve its decision-making-rather than merely an exercise in receiving presentations. We make recommendations in 10 key areas for developing and facilitating board education in ethics.
W. Michael Hoffman is the founding
executive director of the Center for Business Ethics (CBE) at Bentley College, Waltham, Massachusetts, a business ethics consulting fIrm (www.ethicstrust.com).Dawn-Marie Driscoll is a CBE executive fellow and president of Driscoll Associates, She is also independent chairman of the board of The Scudder Funds. search associate and a partner in Hoffman Rowe. Mark Rowe is the CBE's senior re and senior partner of Hoffman Rowe,

1. Design a goals-oriented curriculum


When putting together a curriculum for board ethics education, be guided by educational goals--even as basic as having directors talk about ethics and values. But the ultimate objective (however achieved) is to ensure directors can recognize and deal effectively with any ethical issues that may arise. , Different boards have reached different stages of ethical development, so first establish where your board stands. Is it still coming to grips with ethical awareness or has it acquired sophisticated ethical reasoning skills? Does the board have the

ETHIKOS

MarchiApril2005 / 5

I I

I:I I /1

!; il

first.yoiJ(1rt11:s1. esiablishwh re. your , '" . ' . . .. .. ':' . : ' S? : nd st d bob.r :,.} . >::_/:.,}':;,:'-'o" ': ::_;:>" ;::,, ::":::;'<; :"
" .. " '> .... . . . :."
,_ _

. rtt i'ake.(oJ.e hiC;jl d,e; (4 dpn;,;(iiit)So:


. .
.

viff e'riiit . bo(jrds have re4chedd iff ei .


. ...

3. Put on your director's hat


It helps to understand what directors worry about before you begin. Directors know that theirs is an oversight and not a management role, but when they hear about ethical problems occurring under their noses-or even another board's noses-they worry that they should be asking more questions and getting more information. Where is the balance between the board's oversight role and the desire for detailed information? Directors worry about the integrity of top execu tives-particularly those in finance-who, naturally, are on best behavior when they come to board meetings. With directors flying in and out, their experience of the corporate culture is usually limited to what they may discern in the elevator or the boardroom. Renewed . emphasis on the importance of corporate culture-in the FSGOs, for instance-makes the board's under standing of it a live issue. Directors may find they never have enough time to discuss ethical issues. If they don't talk to each other or have private conference calls in between board meet ings, there is generally a gap, during which they may feel out of touch. Having a director as an ally is the best way to get an appreciation of the board's concerns so that these might be addressed in ethics education.

::,

;-

' :_;>." ;

confidence and tools to put decisions about ethically sensitive issues into action effectively? Is the board familiar and comfortable with the concept of ethical leadership and does it demonstrate this in practice? Does the board demand the same of management? One or two directors might already be ethical leaders but will need help in moving their peers to the same level of understanding. Perhaps you need to sharpen the board's appreciation for FSGO obligations and industry' best practices. In any event, answering these questions is critical to shaping an effective board education strategy. Here are some possible board education goals:

Address board responsibilities under the amended Increase the board's comfort and candor with Achieve board consensus around what is "ethi Address ethical issues affecting the board, com Consider board 'best practices'; Raise individual directors' ethical awareness.

FSGOs;

ethics;

cal;"

pany and industry;


4. Take cues from the corporate climate


If your company or industry has been in trouble, the ethical issues to be addressed may be obvious and' pressing. Good times can also be risky, however, be cause ethical complacency can creep in. A board edu cation program should recognize and respond to the current corporate climate in order that directors are equipped to handle prevailing ethical considerations.

2. Relate to four main areas of board's ethical


oversight When thinking about goals and content, consider the board's responsibility for the oversight of ethics in four areas: i. The integrity of management and of financial disclosures; ii. Ethics and compliance programs; iii. Ethical issues relating to corporate responsibility or public investor expectations (e.g. proxy resolutions, community issues, the environment and doing business overseas); iv. Ethical issues of the board itself (e.g. conflicts of interest and other issues of director independence, etc.). Then, depending on the goals of the program, your company and industry, you can focus more attention or less attention on any of these.

A new CEO or new board members will also affect


the way board education is handled.

5. Understand board dynamics


Effective board education requires a keen apprecia tion of board dynamics. Is your board polite or adversarial in conducting its business? Are PowerPoint and other visual aids regarded as helpful or distracting? What is the board's approach to action points and follow-up? What is the board's attitude toward outside experts? Does the board prefer pre-session reading to provoke discussion?

6/ ETHIKOS

March/April 2005

6. Decide who should lead the sessions


Some directors may prefer that the facilitating be done by an outsider (carefully screened, and of the stature and caliber of your board members). Bear in mind that with regard to ethical issues at the board level, an outside resource might have more credibility than someone in-house. The issue of candor is also important so the directors may recommend that at least part of the discussion be held in executive session.

!i : : :;:;: Jqr .

" ','

iri:Stance makesihe

;n

,"""

'de sandirig :ofit ;':zive issu.::' , " :' "

tf1ts . board:: u.T!"''

,.\:

' ;

;,;

7. Decide how much time to allot


If asked, say that an education session could be done in however much time the board allows. (Of course a very short time might not meet the "due diligence" test, but shorter sessions more often can also work.) If your board has an annual retreat, this would be the ideal time and place to hold ethics education. If, by now, the ethics and compliance function is at least a tab in every board book, continuing education can be achieved with regular articles, news stories, memos and the like.

8. Don't try to cover a wide range of goals in one


session

they faced. Consider Enron, Holl inger, United Way of America, Boston University, Cendant, Hea lthSouth, Putnam, Disney and the New York Stock Exchange as Legal cases are also effective because directors are nervous about being sued, having their depositions possible examples.

Stories are effective because most directors want to know how other boards got in trouble and wha t liability

are retrospective only. They must look forward to tomorrow's risks. Director independence has also be come a key issue that needs addressing, and standards of due diligence and loyalty from the board a re higher.

board responsibility identified in (2) above. Dir e ctors know that the certifications required by Sarb anes-Oxley

understanding of the ethics and values of the c orpora tion, particularly as they relate to the four main areas of

derstand that in an environment of significantly to ugher regulation and intense public scrutiny, mere compli ance is insufficient. What is required now is a proactive

It may be

ing on formal board education-that the goal is simply to try to get everyone comfortable talking about ethics and coming to an agreement about what they should discuss at the board level. That's not a bad place to start. Perhaps the board might be more comfortable limiting the discussion to real-life issues that have arisen in their own industry or at competitors. Are there ethical issues with regard to the board itself? What's the status of the board's best practices for governance? Does the board do a self-evaluation, and has that raised any sensitive issues? Are there ethical issues with respect to a particular director? It helps to know before you start, as these are the toughest to navigate.

specially for companies just embark

9. Create custom content


cation sessions requires considerable investment of thought and time but this is likely to be well rewarded. tors appreciate being kept up to date with a discussion of current issues, but they will also be better able to perform their oversight function. Directors should unFirst, make the content timely. Not only will direc Planning and preparing content for the board edu

"Red flags" are also good, particularly if tbey are customized for your organizati on or industry. It helps directors think about the que stions they shoul d be gr am asking, not only of compliance and ethics pro . executives, but also of line managers.

a particular boa rd.

of over 50 of these real-life problems, which are useful to stimulate brief discussions about ethical iss ue s, al though the most effective are those expressly written for

ing-off point. One technique is to divide the board into small groups, have them discuss a very short hypotheti cal issue and then share their answers. We have a l ibrary

taken and having their personal reputations questio ned. (A headhunter, who was retained by a board to fi nd a new director, recently called a senior executive in the financial services industry. When asked his view o n the most important skill a director needed today, the e xe cu tive answered, "One word: deposability.") Consider using hypothetical problems as a jump

Continued on page 14

ETHIKOS

March/April 2005/ 7

Board Education.

. Continued from page 7

10. Assign homework


We recommend pre-session reading as this will encourage discussion that is informed and reflective. In keeping with our suggestions at reading may also be useful. Ethics education for the board is finally being taken seriously in corporations. There is a range of different approaches and techniques that can be used, depending on the particular organization, but all share one objec tive: to get directors into conversations about ethics and to keep them talking for as long and as often as possible.

Finally. end every session with specific ideas about how directors can continue their ethics education. Sug gest opportunities for directors to make themselves visible, such as participating in the company's ethics training. Let them listen in to the ethics helpline. Invite them to come to the next Ethics Officer Association confer ence. Put them on an ethics mailing list or subscribe to
a publication. Suggest outside guest speakers for certain

(9) above, follow-up

board committees.

When this happens, it is impossible for board members not to gain a better insight into their role as ethical leaders. individually and as a group, This is the second of a two-part article. The first

part, "Effective Ethics Education of the Board," ran in issue of ethikos. 0 the January/February 2005 .
Footnote:
I

Effective

as

of November 1, 2004.

ethilfos
Effective Ethics Education of the Board

and Corporate Conduct Quarterly


JANUARYIFEBRUARY 2005 VOL. 18, NO.4

EXAMINING ETHICAL AND COMPLIANCE ISSUES IN BUSINESS

By W. Michael Hoffman, Dawn-Marie Driscoll and Mark Rowe


Directors must

direct.

Imagine

The Godfather

if Francis Ford Coppola had let Collaboration and

Brando decide one day that they should tone down all that gangster stuff. Or what if Scorsese had De Niro insisting that he play

Raging Bull for laughs?

Most companies

discussion are healthy but directors must insist on doing their job, no matter how big the star. So it should be with corporations. The rise of the superstar CEO in the 1990s upset the balance of power between management and the board, the extreme consequences of which were exemplified by Enron, WorldCom, Tyco and others. Richard Breeden, the court-appointed corporate monitor investigating the mas sive fraud at WorldCom, noted in his report that "the board did not act like it was in control of the Company's overall direction."1 Indeed, investigations into a number of major corporate scandals have concluded that the relevant boards of directors failed to ask the tough questions of management before approving their schemes. As Breeden also wryly observes, "While not in most descriptions of director qualifica tions, 'backbone' and 'fortitude' may be the most important qualities needed by a director of a public company."2 Ethics and compliance training for the board can serve to develop such fortitude in the form of moral courage, allowing directors to show ethical leadership in developing the appropriate corporate culture.

do not yet deliver systematic ongo ing ethics train ing to their boards of direc
tors.

W. Michael Hoffman isthe founding exec uti ve director of the Center for Business Ethics (CBE) at Bentley College, Waltham, Massachusetts, and senior partner of Hoffman Rowe, a business ethics consulting firm (www.ethicstrust.com). Dawn-Marie Driscoll is a CBE executive fellow and president of Driscoll Associates. She is also independent chainnan of the board of The Scudder Funds. Mark Rowe is the CBE's senior re search associate and a partner in Hoffman Rowe.

A level of engagement is required


The current regulatory pressure on corporations and their boards to review their governance systems requires no explanation here. No doubt many companies have gone to considerable lengths and expense to ensure that their boards comply with the applicable rules and follow the necessary procedures. It is also fair to assume that the majority of directors take their responsibilities seriously. However, good governance requires more than diligence in adhering to checklists of rules and recommended best ' practices. It is a complex equation that is dependent on the attitudes and actions of the people involved. From the board, it demands a certain critical level of engagement

In This Issue:
How MemorialHealth University Medical

EffectiveEthics Educ ation Of The

Board Of Directors .
Packaging An Ethics Code: Altria Learns That One Size Does Not Fit All

....... 1

Center Measure s The Ethics Peformance Of Its Senior Managers

.. 8
.

...'..... 4

South Africa Puts Ethics And Social Responsibility On The Business Agenda

..

. 11
.

ETHIKOS

January/February 2005/1

As Breeden wryly observed, 'While not in most descriptions of director qualifications, "backbone" and "for titude" may be the most important qualities needed by a director of a public company.'

in the affairs of the company, which means that indi vidual directors must have the necessary knowledge, interest and skills to maintain effective oversight. This is where education and training come in. For some time, many boards have relied on continu ing education programs in order to remain up to date and to acquire or refresh skills in key governance areas. Although there would now appear to be consensus that ethics and compliance are two such areas, there is evidence that most companies do not yet deliver sys tematic ongoing ethics training to their boards of direc tors. We conducted a survey of participants in a board ethics training discussion we facilitated at the Ethics Officer Association annual conference. Out respondents, only

on the board to be "knowledgeable about the content and operation of the compliance and ethics program" and to exercise reasonable oversight of it. Secondly. the following sub-section expressly re compliance and ethics program.'
The organization shall take reasonable steps to com municate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to [the Board and others I by conducting effective training programs and otherwise disseminating information appropri ate to such individuals' respective roles and respon sibilities.4

quires the board to participate in training related to the

These provisions (and the amended Guidelines generally) have understandably attracted attention, es pecially from ethics officers and corporate counsel. There will be considerable discussion about their inter-

ethilfos
Co-Editor and Publisher:
Co-Editor:
Co-Publisher/Exec. Editor: Andrew W. Singer Joseph E. Murphy Jeffrey M. Kaplan

29 (42

2004 of 69

percent) said that their organi

zations provide ethics and compliance training for the board of directors. Twenty percent said they plan to introduce such training "within the next 6 months" and a further

Book Review Editor: Business Manager:

Loren Singer

Victoria Theodore

Contributing

Editors:

17

percent "within the next year."

Walter Schanbacher, Jay A. Sigler,


Winthro p

Karl Groskaufmanis,

However,

12

percent said their organizations had

Sw nson,
Rebecca S.Walker.

no current plans to do so. Just over a year previously, the Conference Board conducted a similar survey of attend ees at its

Internet: http://EthikosJourna!:com
ethikos(IS.SN 0895-5026) is published bimonthly, Copyright 2005 by Ethics Partners, Inc., 154 East Boston Post Road, Mamaroneck. New YOrk 10543. Editorial comments, questions, article. proposals, and reprint requests should bedirected to the editors: Andrew W. Singer at (914) 381-74750rJosephE. Murphy at(856}429-5355. Unsolicited manuscriptsshould'be accompanied by a self-addressed stamped envelope, Otherwise they may not be returned. . . The annual subscription toethikos is$175; themte for universities and government agencies is $115. Ac;ld$1O for Canada and $20 for Europe and elsewhere. Multiple subscription rates are available; also reprints. To order a subscription fill out the insert order cardin this publication or call (914) 381-7475 orfax iUo(914) 381-6947. Copies of past issuesofethikos are available for $30 each. AIistof backissuescanbefound on the thikos Web Site; http:// www.EthikosJournal;com. Authorization to-photocopy items for personal or internal use; or the intemalorpersonaI useof specitkcliellts. must be obtained from Ethikos Inc.

2003

Ethics Conference. That survey found

that al though 81 percent have conducted ethics and compliance training among their employees, only

27

percent have held any training sessions for their direc tors. Significantly, 55 percent of those surveyed be lieved their boards were "not engaged enough" in major ethical issues involving the company. But a major development has occurred since the above statistics were gathered: the amendments to the federal Sentencing Guidelines for Organizations ("Guidelines"). Since to show the necessary Guidelines' minimum requirements for an organization ovember 1.

'

2004,

among ,the

due

diligence and to promote an

ethical and legally compliant culture, is the obligation

21 ETHIKOS

January/February 2005

pretation. For example, one might be tempted to inter pret quite narrowly the phrase "and otherwise dissemi nating information," to mean that the main purpose of the training is to

Directors should be encouraged to

inform

the participants.

On the contrary, we believe the provision should be read in a much broader sense to encompass an explora tion of ethical issues pertaining to the company, its industry and even ethical issues of the board itself. Merely briefing the board on the ethics and compliance program is unlikely to satisfy the requirement that the directors be trained; and we suspect future best practices will dictate otherwise. This is why, in place of 'training: we would encourage the use of the term 'education: the Latin root of which is quite fittingly lead. "5 It is understandable if ethics officers are feeling challenged in getting the board to participate in educa tion or training that relates to their company's standards and procedures and its compliance and ethics program; directors are already inundated with additional work created by Sarbanes-Oxley and associated regulations. Here are six suggestions that may help ethics officers to get the directors "on board," as it were.

think about the importance offinding ways to show ethical leadership at a time when the ethical credentials of boards are under intense scrutiny.
the board in the process would be to brainstorm the educational objectives with several directors, an appro priate board committee, or perhaps your director-ally and several company executives. Get the group to think about their conceptions of the board's roles and respon . sibiiities-especially in relation to ethics and compli ance-and obtain consensus on particular challenges and routes to overcome them. You might wish to propose as possible objectives the creation of opportu nities for raising the board's level of ethical awareness and discovering individual directors' positions on spe cific ethical issues. Bear in mind that legitimate ethical disagreement is healthy and in its deliberations the board should never sacrifice truth in the interests of unity. The directors should be encouraged to think about the importance of finding ways to show ethical leadership at a time when the ethical credentials of boards are under intense scrutiny. It is possible to present all of these things as opportunities for the board to discharge its functions more effectively.

ducere,

meaning "to

1. Get an 'angel' on board


One of the ways to meet the challenge is to find and cultivate at least one ally on the board who is prepared to champion ethics-related initiatives among fellow board members. His or her fellow directors will listen to a peer's suggestion' that the board should find a way to include ethics and compliance within its continuing education program, especially if there is new legislatio that requires it. Having such an advocate on your side will dramati cally increase the chances of an education program being allocated the necessary time, priority and re sources. You can present the education as an opportu nity for the directors to have all the assistance they need. in identifying, understanding and discussing the ethical issues that come within their governance purview. Accordingly, you need to have an insight into the board's specific issues and needs. Having a 'guardian angel' on the board can give you this.

3. Think curriculum, not session


It is also useful to get the board thinking long-term about ethics and compliance education. It should cer tainly not be a one-off event. The importance of an ongoing ethical dialogue should be emphasized, as should the ability of the education sessions to help facilitate this. Accordingly, the board should be encour aged to view educational activities as a curriculum, rather than as just one or even a limited number of sessions. Isolated sessions will not be as effective because ethical development is an ongoing process that uses essential building blocks and linkages.

2. Plot the course


Once you have established that the board is at least receptive to the idea of ethics education, you need to involve it in the planning. The best way to start engaging

4. Emphasize participation, not presentation


Any ethics education program should aim to be as interactive and as participatory as possible. The hoard

Continued on page 16

ETHIKOS

January/February 2005/3

a new product.

thusiastic and supportive . .. . all." His group shepherded it along, but the real drivers were the local operating groups. 0

It was all done in a "collaborative spirit," he adds:

The works councils in places like Germany were "en-

appreciate its vital role in promoting the success of that

Recent scandals suggest ethics prac


titioners have been less successful in moving ethics up tnto the board
rooms

program but it will make the program itself more coherent.

6. Go public
Obviously the directors need to know when ethics education sessions are happening, but it is equally important for the rest of the company to be aware that the board is doing this.It sends a strong positive signal to employees that the board takes its ethical obligations seriously and endorses the idea of ethics education. In fact, we believe that this information should be shared with all of the company's key stakeholders, since it helps to demonstrate the commitment to ethics and compliance throughout the entire organization. It would be a mistake to view the amendments to the federal Sentencing Guidelines for Organizations as merely one more piece of legislation with which orga nizations should comply,as a list of items to be checked off.It would be far more constructive to view them in the non-confining spirit which motivated their review and revision: As an opportunity to improve the ethical health of our organizations to ensure l o n g-term sustainability and success. In order to make the best of this opportunity-as well as mitigating substantial risks-boards and man agement teams need to give the necessary priority to ethics education, especially because of its power to influence culture and to allow us to see the world in more ethically sensitive ways.After all,isn't this the real reason for ethics education generally?

and executive suites.

Educating the Board ...Continued Jrom page 3


may be accustomed to receiving presentations but that approach will not work here. A presentation format would not engage individual directors in a sufficiently probing inquiry of their attitudes, understanding and knowledge where ethics and compliance are concerned. Nor would it create an opportunity to acknowledge the value of legitimate ethical disagreement. Furthermore, as has already been noted, merely briefing the board without getting their active participation may not satisfy the requirement of the Guidelines.

5. Get with the program


Over the past 10 or 15 years, corporations have done a reasonably good job of pushing ethics down through their organizations so that employees become familiar and comfortable with the standards,procedures and systems to ensure ethical business practices. Recent scandals suggest ethics practitioners have been much less successful in moving ethics up into the boardrooms and executive suites. This may have been because certain incorrect assumptions were made about the need for this, or companies simply overestimated the ability of senior executives and directors to be ethically sensitive and effective.There might even have been resistance to educational efforts from senior people who resented the inference, in their minds, that they were unethical. However, the amended Guidelines reinforce the message that education in ethical awareness and deci sion-making must be undertaken effectively at all levels of our organizations. When it comes to the board, it is critical that the education has-and is widely perceived to have-a strong connection to the ethics and compli- ance program.In that way,not only will the board better

This is the first oj a two-part series. The upcoming segment will provide some practical guidance Jor deliv ering ethics training to board members. 0
Footnotes:
I

Breeden, Richard c., Restoring Trust, Report to the Hon. Jed S. Rakoff

of the United States District Court for the Southern District of New York on Corporate Governance for the Future ofMCI, Inc, August Ibid., p. 30.
J 4 5

2003; p. 33.

2004 Federal Sentencing Guidelines for Organizations, 8B2.1 (b Ibid., 8B2.1(b)(4)(A),

)(2)(A) .

Interestingly, when the authors presented at the 2004 Ethics Officer

Association conference, there was an overwhelming endorsement of 'education' rather than 'training,' which many participants said would be off-putting to their boards. 0

16/ ETHIKOS

January/February 2005

When Should a Board Find out About a Compliance Issue?


Consider having a formal process for notifying the board, or a committee of the
Board (e.g., the Audit Committee or the Governance & Nominating Committee). Set out what types of allegations require the Compliance Officer to make a notification. Consider making the fact that such allegations must go to the board public within the
company.

Board should know what the process is when the compliance function receives a
contact (helpline, email, telephone call, or hallway conversation). For example, the helpline. When someone does speak up by choosing to call a helpline, does the board know: Who answers the call, who employs that person, and where is he/she sitting when the
call is answered? That the helpline uses no caller-ID and no GPS tracking technology? How calls are classified or routed, who gets notified for what types of calls, and then how the investigative process may be divided among various functions (if the case)? Whether or not those with investigative authority also have disciplinary authority? .
Confidential 1

Is 2013 the Year of the Whistleblower?


The SEC can pay financial awards to whistleblowers who provide high-quality, original
information about a possible securities law violation that leads to a successful SEC enforcement action with more than $1 million in monetary sanctions.

The SEC is authorized to pay the whistleblower between 10% and 30% of the sanctions
collected.

3001 tips came in during the first full year of the program. They came from all 50 states
(California had the most) and 49 other countries (the U.K. had the most) resulting in143 enforcement judgments and orders that potentially qualify as eligible for a whistleblower award. Calls picked up after the first award was made in August 2012 reportedly to a whistleblower who helped
the SEC stop a multimillion dollar fraud scheme.

Dont look now, but there might be another federal whistleblower program born in 2013 related
to criminal anti-trust cases. Originally introduced by Senators Leahy and Grassley in July 2012, The Criminal Antitrust Anti-Retaliation Act was reintroduced on January 22, 2013. Creates a process through the Department of Labor for a whistleblower to seek reinstatement, back pay, and
damages if he or she was discharged for being a whistleblower with regard to horizontal conspiracy violations (i.e., concerted actions among companies in actual or potential competition with one another).

.
Confidential 2

Dodd-Frank Whistleblower: You Need to Present a Cogent Mitigation Strategy to the Board
A Helpline helps, but if no one calls, dont think that everything is going along swimmingly.
For a Helpline (or any other modality of contacting the compliance function) to be successful, the culture needs to embrace speaking up/out. The very nature of translating speaking up/out must be done thoughtfully and carefully. In some

languages, the translation is problematic as its perceived as a pejorative. Understanding the history of speaking up, the perceived degree of fear and of retaliation in each particular culture across a companys footprint is crucial. Focus on middle management, imploring them to find targets of opportunity for learning moments about speaking up, retaliation, and ethics. Use all conceivable communication channels to make vivid concrete examples of employees, vendors, visitors, suppliers, and customers who may have spoken up, and the attendant benefits to the business that resulted. Use those same channels to illustrate what has happened to anyone who has been found to have retaliated against someone speaking up in good faith. Senior management must explicitly support and communicate strongly about speaking up and speaking out. Speaking openly about how values drove a particular decision would be meaningful. Make certain to emphasize that the Helpline is encouraged, but serves as a last resort as (hopefully) the company provides many other means by which speaking up can be accomplished See Slide 1 for tips on making public details of precisely how the Helpline functions Personification may be helpful.

Confidential

Using Incentives in Your Compliance and Ethics Program


Joseph E. Murphy, JD, CCEP

6500 Barrie Road, Suite 250, Minneapolis, MN 55435, United States +1 952 933 4977 or 888 277 4977 | www.corporatecompliance.org

Society of Corporate Compliance and Ethics: published November 2011.

Table of Contents
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Scope of this Paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Objections to Using Incentives . . . . . . . . . . . . . . . . . . . . . . . 4 Reasons for Using Incentives. . . . . . . . . . . . . . . . . . . . . . . . 10 Personnel Evaluations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Input on Promotions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Compliance and Ethics Input in All Incentive/Reward Systems. . . . . . . . . . . . . . . . . . 25 Rewards and Recognition. . . . . . . . . . . . . . . . . . . . . . . . . . 27 Rewards and Recognition for Compliance and Ethics Staff . . . . . . . . . . . . . . . . . 32 What about Whistleblowers?. . . . . . . . . . . . . . . . . . . . . . . . 33 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Credits and Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Appendix 1: Evaluation Form. . . . . . . . . . . . . . . . . . . . . . . . 46 Appendix 2: Recognition Letter . . . . . . . . . . . . . . . . . . . . . . 48 Appendix 3: Ideas for Using Incentives in Compliance and Ethics Programs . . . . . . . . . . . . . 49 Endnotes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Introduction
Daniel R. Roach, VP Compliance & Internal Audit, Catholic Healthcare West; Co-chair, Society of Corporate Compliance and Ethics

Incentives help drive behavior! While incentives are common in businesses, homes, schools and other contexts, the use of incentives in the context of compliance and ethics programs has been slow to catch on. This has been true because many compliance and ethics officers dont understand that appropriate incentives are a required element of an effective compliance and ethics program as articulated under the Federal Sentencing Guidelines and because too many in management and on boards believe that most employees will naturally do the right thing. Unfortunately, the evidence suggests just the opposite. Without adequate controls and incentives, most of us will (at least occasionally) do the wrong thing. With the growing distrust of business and the increasing levels of misconduct, it will become critically important for businesses and other organizations to do a better job of using incentives as a tool to drive the kind of behavior they expect of employees. By developing appropriate compliance and ethics incentives, management and boards can demonstrate their commitment to compliant and ethical conduct in the organization; they can significantly reduce the risk of illegal or unethical conduct; and they can fulfill their fiduciary obligations to ensure that the organization has an effective compliance and ethics program. Mr. Murphys paper on aligning incentives provides a road map for organizations which understand the incentive imperative but have been struggling with execution. It is a must read for every compliance and ethics officer, as well as for board members and management who

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

are concerned about the impact of non-compliance. I have heard many board members and managers tell me that they are serious about compliance and ethics. The adoption of some of the incentives described in this paper will give those board members and leaders a chance to prove that commitment!

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Using Incentives in Your Compliance and Ethics Program


Joseph E. Murphy, JD, CCEP

Scope of this Paper


For those with compliance and ethics program responsibility, or for those called upon to assess these programs, one of the questions to be addressed is the role of incentives in the program. This issue was highlighted by the 2004 revisions to the Federal Sentencing Guidelines standards, which require, in item 6 of the 7 standards: (6) The organizations compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program.1 What does this mean, and what is the appropriate role of incentives in a program? Item 6 of the Guidelines goes on to address discipline separately, so it is clear that this means something other than negative incentives. In other words, the simple proposition, you get to keep your job if you dont break the rules will not be enough. Although incentives are an essential element of compliance and ethics programs, surprisingly little attention has been paid to this topic, as compared to other elements such as codes of conduct, helplines, training, and risk assessment.2 In this SCCE white paper it is our objective to help compliance and ethics professionals address this important topic.

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

The scope of this paper includes a variety of approaches to the topic. We start with likely objections to using incentives, and then discuss the reasons for including an incentive-based approach. We then analyze the different aspects of using incentives: personnel evaluations; considering compliance and ethics in promotions; compliance and ethics input in developing and assessing all incentive and reward systems; rewards and recognition for those employees and managers who show compliance and ethics leadership; rewards and recognition for the compliance and ethics staff; and the most controversial issue, rewards for whistleblowers (an increasingly sensitive issue, as a result of the whistleblower provisions in Dodd Frank). In this paper, we may at times refer to incentives to include all of these elements. Throughout, we refer to compliance and ethics as a term of art to incorporate the full range of activities in this field, whether they are described as compliance programs, ethics and integrity, business practices, specific risk areas such as privacy, or similar nomenclature. At the end we provide a list of credits for those who have assisted in this project, a bibliography and an appendix of examples and materials for use by the practitioner.

Objections to Using Incentives


Those who do compliance and ethics work can usually expect to encounter objections to their activities, and this is certainly true in dealing with incentives and rewards. Here, you are venturing into an area that draws attention and can actually affect the culture of an organization. You can expect to see serious resistance, including that of those who consider the setting of goals and determination of rewards and promotions to be their own domain. Here are some of the objections most frequently raised in this area.

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

People Should Not Be Rewarded for Doing Their Jobs


This is a very common objection to the idea of considering compliance and ethics in evaluations and rewards. The view is that people are supposed to do the right thing; if anyone is not ethical, they should just be fired. From this perspective, it is not appropriate to reward people for what they are already supposed to do. There are two good answers to this concern. The first is that, in fact, incentive systems in companies do typically reward people for doing their jobs. For example, sales people are supposed to sell, yet they are frequently given commissions and other rewards for selling. CEOs are supposed to lead, yet have been given rewards and incentive packages that have drawn newspaper headlines. In fact, all employees are compensated for doing their jobs and often given more for doing more; that is how the system works. But the strongest answer is that the incentives we are discussing are not just rewards for avoiding trouble. Rather, the recognition is for outstanding performance and leadership in the area of compliance and ethics. One easy example of when this can work is for subordinates who complete compliance training. While they are all expected to take the training, a company could rationally offer an incentive to the first work group to complete the training. Recognition could also be offered for managers who show leadership in their commitment to the compliance and ethics program and to doing the right thing. We provide more examples in other parts of this discussion.

It is Impossible To Evaluate Employees Virtue or Ethics


People will often misunderstand the meaning of the Sentencing Guidelines language and what the purpose is. They will object that it is not really possible to evaluate and thus reward employees virtue.

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

If this were, in fact, the objective of the Sentencing Guidelines, the point would be well taken.3 But the focus is not on testing employees internal ethics, but on evaluating what they do on the job. For example, in evaluating a supervisor, the process would not attempt to divine what the persons moral beliefs were. Rather, the question would be what type of leadership did this person demonstrate? Did the supervisor encourage subordinates to raise difficult questions openly, use the code of conduct as a guide, and complete compliance training on time? The recognition is not for what the supervisors thought or believed, but what they said and did as managers to promote the code of conduct and encourage an ethical environment. Finally, to those who say this is impossible, the simple and complete answer is that companies are already doing it, as the examples and references in this paper make clear. It is certainly impossible to argue that something is impossible when others are already doing it.

This Area Is too Subjective, Unlike Sales or Production


Resistance to this effort can also come in the related objection that, unlike sales or production, evaluating compliance and ethics is too subjective. Because the subject matter is not just a matter of counting numbers, evaluating it is not really feasible. This objection has a surface plausibility, but it does not hold up to actual experience. One response is that even measures that appear strictly objective are often influenced by less objective factors requiring judgment. In the words of one expert, all performance reviews are subjective. Just because its hard doesnt mean you cant do it.4 Assessments based on sales may be subject to re-evaluation based on factors outside of the sales forces control, such as natural disasters and demographic shifts. Disputes may arise over who really made the sale,

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

how should the sale be measured, was the real value of the sale accurately calculated, etc. Production numbers may appear objective, but be subject to closer analysis based on issues of quality and cost. Thus, even superficially objective measures may not be easy to translate when it comes to assessing employees performance. Moreover, a cursory review of a small sample of employee evaluation forms will reveal more than a few judgmental elements. For example, these management characteristics, which had to be assessed, are from actual company evaluation forms: Leadership Innovation Developing subordinates Embracing change Encouraging teamwork Communicating effectively Team commitment Treating co-workers with respect and dignity Taking accountability for professional growth.

These management assessment factors are certainly no more quantifiable than promotes the code of conduct or encourages open communication, which are factors that could be used in assessing a managers commitment to compliance and ethics. Even if the task may be difficult, merely requiring hard work should not stand in the way of implementing effective approaches. Specific behaviors that promote compliance and ethics can be used as employee performance objectives and form part of the basis for the evaluation;5 supervisors can be trained on what these mean and how to address them in evaluations.

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Risk of Use Against Company in Litigation


To a trial lawyer, the question may arise about what might happen if an employees evaluation shows an ethical weakness, and then that employee later breaks the law? This circumstance could be used as evidence against the company. The argument would be that the company knew this person was a bad actor but continued to retain him or her. This concern does not, however, take away from the value of the process. After all, if an employee is a bad actor, there may already be other evidence of that fact available elsewhere. Moreover, this concern exists regarding any step taken to evaluate a companys compliance and ethics profile. The best way to address this concern is not to abandon the effort to improve conduct, but to ensure that appropriate action is taken any time a deficiency is found. If an employees assessment shows a weakness in this area, the company should take steps to strengthen that employees performance. Not only is this the safest legal course, but it is the one most in the companys interest.

OSHAs Concerns
There are concerns about reward systems beyond the ones raised internally by those unfamiliar with the use of incentives in this area. Specifically, the Occupational Safety and Health Administration (OSHA) has questioned the use of rewards tied to a decline in reports of injuries and violations.6 The concern expressed by the agency is that rewarding the absence of reported injuries will lead to pressure not to report actual injuries or violations. This concern is premised on the observation that people tend to look for the shortest route to obtain rewards. While making the workplace safer is the ideal, employees who want to game the system could just refuse to report incidents in order to obtain the reward.

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

OSHAs concern recognizes a factor that must be considered in all reward and incentive systems: the stronger the incentives are, the stronger the controls and checks need to be. It is likely that every incentive system can be gamed if it is not monitored and controlled. The lesson here is not that incentives are improper, but that they need to be developed, implemented and monitored carefully, with strict accountability. For example, when a work unit claims perfect results, there should be some type of on-sight checking. When an instance occurs of someone gaming the system, there should be strong discipline and the example (with identities omitted) publicized to others as a warning.

Compliance and Ethics People Should Stick to Their Own Business


In response to proposals that compliance and ethics staff should have a role in promotions, evaluations and rewards, you may get pushback along the lines that the compliance and ethics people should not try to run the whole business. They should keep to what relates to their subject, such as codes, training, and helplines. Compliance and ethics people may be accused of empire building and of intruding on the domain of the human resources department. There may also be a specific objection to having compliance and ethics included in the personnel evaluation form, in these terms: If everything someone thought was important was made part of the evaluation form, there would be too many things covered and it would not be practical. We cannot cover everything. From an internal political perspective, it is important for compliance and ethics staff to work cooperatively with their colleagues in HR and elsewhere. Rather than springing a full-blown plan on them by surprise, it may be more effective to work with them from the beginning to gain their support. The compliance and ethics people need

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

to help other managers realize how substantial an undertaking it is to have an effective, best practices program, and that it will affect those things people value in a company, including pay and advancement. In reality, these objections reflect the point that incentives, evaluations and rewards really do drive behavior and are an important element of power. People do not typically voluntarily yield power, and the control of rewards and assessments is a clear element of power. The answer to these objections goes to the core of what compliance and ethics is about. Compliance and ethics is not just a corporate decoration, some frivolous public relations step to make the company look good. As the Sentencing Guidelines make clear, companies must focus on the corporate culture, affecting how employees think and act. If we intend a compliance and ethics program to be successful and actually to change culture and affect employees behavior, then the process must be genuinely intrusive. As for the objection about the need to avoid overloading the personnel evaluation form, this is a test of the companys actual commitment to compliance and ethics. While it is easy for senior management to talk the talk of ethics, having it affect pay and recognition is a true test of commitment. If it is not important enough to be part of the rewards and evaluations, then the company may lack a real commitment to its professed values.

Reasons for Using Incentives


Now that we have considered the objections to using incentives in the program, we should discuss the reasons for using them. No matter what the objections may be, these reasons are really what will drive companies to incorporate incentives as part of their programs.

10

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

U.S. Governments Standards


As noted above, the Federal Sentencing Guidelines 2004 amendments make it clear that incentives must be part of a compliance program if it is to receive credit in sentencing. As the Report of the Ad Hoc Advisory Group on the Organizational Sentencing Guidelines concluded, a culture of compliance can be promoted where organizational actors are judged by, and rewarded for, their positive compliance performance.7 And, as history has also made clear, other agencies and enforcement personnel tend to follow these same standards in making enforcement decisions. While the Sentencing Guidelines had previously referred only to discipline and not to incentives, an argument could have been made, even under the 1991 version, that incentives needed to be considered in programs.8 First, the Guidelines have always required due diligence, and required companies to be at least as good as industry practice. Given that incentives are key drivers in organizational behavior, they could be read into the diligence standard. Also, because their use was widespread in at least some industries (specifically in the defense industry and in environmental compliance), they might also have been seen as a necessary element, and certainly part of best practices. But in any event, it is clearly required today under the revised Sentencing Guidelines. Incentives had been a part of governmental standards even before 2004. For example, the Department of Justices criminal environmental enforcement unit issued a letter in July 1991 stating that it would consider companies environmental compliance efforts. The government listed the questions it would ask: Was environmental compliance a standard by which employee and corporate departmen-

www.corporatecompliance.org

11

Using Incentives in Your Compliance and Ethics Program

tal performance was judged?9 The Environmental Protection Agency, in its definition of environmental management systems entitled to favorable consideration by the government, included the existence of appropriate incentives to managers and employees to perform in accordance with the compliance policies, standards and procedures.10 The Department of Health and Human Services, Office of Inspector General (OIG) has provided guidance to the health care and pharmaceutical industry on what it expects to see in compliance programs. In 2003, focusing on the pharmaceutical industry, the OIG included elements of incentive systems.11 In describing the minimum expected elements the office referred to: written policies, procedures and protocols that verbalize the companys commitment to compliance (e.g., by including adherence to the compliance program as an element in evaluating management and employees). Elsewhere the Guidance explains that adherence to the training requirements as well as other provisions of the compliance program should be a factor in the annual evaluation of each employee. It even went so far as to suggest that pharmaceutical manufacturers may also consider rewarding employees for appropriate use of established reporting systems as a way to encourage the use of such systems. The Federal Energy Regulatory Commission, in its Policy Statement on Compliance, listed nine suggested steps for company compliance programs, including action to Tie regulatory compliance to personnel assessments and compensation, including compensation of management.12 References to incentive systems have also appeared in settlement agreements reached by government with companies.13 For example, in the 2006 deferred prosecution agreement with Mellon Bank, the U.S.

12

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Attorneys Office for the Western District of Pennsylvania included this provision: Performance evaluation criteria and compensation should also be linked to specific steps taken by [substantial authority] personnel to support the compliance and ethics program (e.g., briefing direct reports on the codes application and the importance of raising compliance and ethics issues; ensuring that direct reports have completed required training).14 One odd exception to this trend occurred in 2008 when the Federal Acquisition Regulation was amended to require certain government contractors to implement compliance and ethics programs.15 Although the FAR Councils ostensibly sought to follow the Sentencing Guidelines model, they substantially diluted the standards by omitting reference to incentives. In an attempt to explain the omission, the Councils first mismatched the concept of carrot and stick for programs (as opposed to employee incentives) in referring to the use of an incentive system in compliance programs that encourages and rewards companies for implementing effective programs when in fact the issue was incentives for employee performance. Then, with no further explanation, the Councils stated that that they did not want to require incentives for employees because this is within companies discretion.16 Of course, the structured flexibility within the Guidelines standards leaves details of all program elements generally within companies discretion, so this concern appears not to distinguish incentives from discipline or any other essential element of a compliance and ethics program. This weakening of the program standards is even more inexplicable given that the defense industry, the prototypical government contract community, was one of the originators of the use of incentives in compliance programs.17

www.corporatecompliance.org

13

Using Incentives in Your Compliance and Ethics Program

Other Standards
In addition to standards established by the U.S. government, others have carried this approach forward. In 2010, the Working Group on Bribery of the Organization for Economic Cooperation and Development, representing 38 nations committed to fighting corruption, issued the first international guidance on compliance programs (specifically anti-corruption programs), the Good Practice Guidance. This standard listed 12 elements, including the following: 9. appropriate measures to encourage and provide positive support for the observance of ethics and compliance programmes or measures against foreign bribery, at all levels of the company;18 While the standard does not literally use the word incentives, the direction to encourage and provide positive support would take programs in a very similar direction to the Sentencing Guidelines language. The U.K. Office of Fair Trading, which is the principal enforcer of competition law in that country, issued a guidance document on compliance programs indicating that such programs may be taken into account when assessing penalties. In describing the things that could be included in a creditworthy program, the OFT stated: A business is likely to benefit if it links its scheme of incentives and disincentives to its compliance objectives.19 It also listed as a positive step, rewarding employees who proactively take appropriate steps to raise competition law compliance concerns. In one of the case study examples in the guidance document, it included as an example of creditworthy conduct the promotion of an employee who reported a concern to the companys hotline, noting

14

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

that this hypothetical company effectively linked internal incentives/ disincentives to competition law compliance.20 The Competition Bureau Canada, in its Information Bulletin on compliance programs, notes how incentives tie in with corporate culture: Providing appropriate incentives (for instance, compliance could be considered for the purposes of employee evaluations, promotions and bonuses) for performing in accordance with the compliance program can play an important role in fostering a culture of compliance. Incentives can work as effective tools for a business that wishes to promote compliance by employing concrete actions. For this Canadian competition law enforcement agency, the existence of an effective compliance program, including the use of incentives, is a factor that is taken into account in its determination of how to proceed against companies in enforcement actions.21 In Australia, the national standards organization, Standards Australia, has promulgated standards for compliance programs in AS 38062006.22 This detailed standard recognizes the role of incentives in several passages. Section 4.1.4(i) charges managers with responsibility for including compliance performance in evaluations. 4.3.2 notes that culture is affected by personnel evaluations that include compliance behavior and meeting compliance obligations; it also calls for rewarding such behavior in a way that is highly visible. 5.2.3(d) specifies that incentives and managing for performance should be tied to compliance. Finally, under 6.1.2(c) companies are called upon to recognize this behavior for teams, work units and individuals.

www.corporatecompliance.org

15

Using Incentives in Your Compliance and Ethics Program

Reitaku University in Japan, under the guidance of noted Professor Iwao Taka, has issued an Ethics Compliance Management System Standard for use by companies serious about compliance and ethics. In the Guidance Document issued to offer advice on the application of the standards, companies are told to cover the evaluation of departments and individuals who are actively embracing the purpose and spirit of ethical-legal compliance. The Guidance observes that if this evaluation is integrated with the personnel evaluation and reward system within the organization it would surely have a strong positive effect. In the sample materials included in the Guidance, there is reference to HR as responsible for the System of awards for achievement & contribution in ethical legal compliance.23 In the U.S. defense industry, the major companies have joined and subscribed to the standards of the Defense Industry Initiative on Business Ethics and Conduct (DII). The DII was the forerunner of industry compliance practices groups, and one of the initial sources for the Sentencing Guidelines standards. Members must agree to six broad principles, and then respond to a questionnaire enumerating specific points expected to be in a program.24 Question 14 asks: Is implementation of the codes provisions one of the standards by which all levels of supervision are expected to be measured in their performance? As a result, the DII members routinely include code performance in their management assessment systems a commitment that dates back to the formation of DII in the late 1980s.

Practical Reasons
Whatever the government or other bodies may advise, however, the ultimate question for any compliance and ethics initiative is whether it actually works. Does it help in preventing misconduct and leading

16

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

employees to act ethically and legally? To this point the late management expert, Peter Drucker, offers a succinct answer: [C]hanging habits and behavior requires changing recognitions and rewards. People in organizations, we have known for a century, tend to act in response to being recognized and rewarded everything else is preaching. . . . The moment they realize that the organization rewards for the right behavior they will accept it.25 This conclusion was also well expressed by Stephen Cutler, Director, Division of Enforcement of the SEC, in advising companies on how to set the right tone at the top: [M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that doing the right thing is a priority, is to reward it. Conversely, if employees are led to believe that, when it comes to compensation and career advancement, all that counts is shortterm profitability, and that cutting ethical corners is an acceptable way of getting there, theyll perform to that measure. To cite an example from a different walk of life: a college football coach can be told that the graduation rates of his players are what matters, but hell know differently if the sole focus of his contract extension talks or the decision to fire him is his win-loss record.26 The point is a simple one that is intuitive. People tend to do what gets rewarded. This is how organizations communicate what management

www.corporatecompliance.org

17

Using Incentives in Your Compliance and Ethics Program

values most highly. Employees look to see who gets promoted and who gets passed over, who gets the bonus and who is ignored. The use of rewards is one of an organizations most effective communications tools. The stories of who are the heroes and what conduct leads to advancement become part of the culture of an organization. Indeed, given the prevalence of reward, evaluation and incentive systems in organizations, it would be difficult to conclude that this was anything other than an essential tool. If bad actors or those with questionable ethics are rewarded and promoted, the tone at the top of the organization and the culture throughout the organization will likely lead to similar behavior at all levels of the organization. By contrast, if those who champion compliance and ethics are selected as leaders and are seen by other employees as being rewarded and recognized, that then becomes the model for success in that organization.

Personnel Evaluations
Thus far we have addressed the reasons for using incentives in programs. Next we consider what are the ways incentives become part of the compliance and ethics program? The first one we examine here is the inclusion of compliance and ethics performance in employees assessments and evaluations. In this process the employees performance evaluation includes elements related to compliance and ethics. Because most major companies use written evaluation forms, this would mean inclusion of this point in these forms. For those companies that use other forms of assessment and feedback to employees throughout the year, this same analysis would apply. What is it that would be assessed? As noted above in addressing objections to the use of incentives, this assessment does not usually attempt to measure ones intrinsic virtue or personal sense of values. Instead it

18

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

measures the employees leadership actions in promoting the company code of conduct and ethical business practices. The process involves measuring the application of management skills to achieve an objective, i.e., promoting the code and the compliance and ethics program. In Appendix 1, we include a list of these factors. Examples include: ___ U  ses the code of conduct and encourages subordinates to do the same ___ A  ctively takes steps to implement the compliance program and the code of conduct ___ A  ttends appropriate compliance training, and makes sure subordinates get appropriate training and know the rules that apply for their jobs ___ I  s willing to challenge questionable conduct or proposals Note that this evaluation can address performance related to the compliance and ethics program in general, and/or the program as it deals with specific risk areas, such as FCPA, environmental compliance or safety.27 Once a company has decided to include this point in assessments, there are a variety of ways to proceed.28 The simplest is a check-off item on the form. An example would be: Has this employee supported the code of conduct and acted ethically in business decisions? ___ Yes ___ No This has the advantage of covering the point and making the process fairly easy for the supervisor. It may serve to remind employees that compliance and ethics is an important point in the company. But this simplicity may also tend to make the process rather perfunctory, a

www.corporatecompliance.org

19

Using Incentives in Your Compliance and Ethics Program

tick and flick exercise in which the supervisor ticks the yes answer and quickly flicks the page to the next item. If this occurs, it may breed skepticism among employees. One way to limit this risk is to require that the evaluator identify something specific that is the basis for the score. This helps ensure that the evaluator is more engaged, and makes the assessment more reviewable.29 A more nuanced approach would include specific factors and require a rating drawn from a range of scores, perhaps 15, with 1 being poor and 5 outstanding. Taking this a considerable step further, the form could include specific management objectives as part of the rating. For example, a manager might have goals that include having all subordinates complete the compliance training, and achieving a high score regarding ethics and compliance in 360 reviews. The use of 360 reviews, in which an employees colleagues above, below and at peer level are surveyed about that employee, is one way to cover the less quantifiable aspects of these evaluations. Setting specific compliance and ethics goals for business managers has substantial advantages. It can lead managers to think more realistically about the importance of management leadership in promoting the code of conduct and the compliance and ethics program. It can provide specific objectives for management to focus on, rather than using just vague or undefined terms. It also acknowledges the direction of the Sentencing Guidelines that high-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program . . .30 Promotion of the program is not a function that can simply be delegated to one compliance and ethics officer. Of course, even with such specific goals the managers should still also be evaluated on how they achieve their other goals, i.e., ethically or by improperly cutting corners.

20

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Once the detail on this step is set, the next question is the rating or value to be assigned; how important is this element in the employees overall evaluation? The simplest is the check the box approach, with no special value assigned. It is on the form but left up to the supervisors discretion how to count it. In companies that want to emphasize the priority of this area, however, they may set the compliance and ethics rating as a threshold for achieving ones bonus, or as a percentage gateway. For example, the employees who receive 5 get 120% of bonus, those with 4 get 100%, and so on. It could also be assigned a percentage value, perhaps representing 20% of the employees total evaluation.31 At Catholic Healthcare West, business unit leaders are rated on 2530 elements tied to the Sentencing Guidelines standards for effective compliance and ethics programs. Their rating in these categories acts as a threshold for determining eligibility to participate in the incentive program each year. However, rather than setting a minimum, it has evolved into a competitive element, with those who are subject to the rating trying to surpass one another.32 Whatever approach is adopted, there are some important cautions to consider in this effort. One should never assume that attempts to alter the evaluation process will go smoothly or that supervisors will approach this evaluation the way intended. For many supervisors, assessment of subordinates is considered one of the more difficult parts of their jobs. If there is a way to ease the process and get it done more quickly, there will be a strong temptation to find a shortcut. It is necessary, therefore, to check how these assessments are being done, including auditing, testing and monitoring the process. Part of executives and managers responsibilities should include monitoring how well subordinate supervisors are doing such assessments.

www.corporatecompliance.org

21

Using Incentives in Your Compliance and Ethics Program

For example, if the CEO wants to take an active role in the compliance and ethics program, he or she could start this process at the executive level, and then discuss with the other officers how they will rate their direct subordinates. Each supervisor down the ladder could then be charged with the same monitoring responsibility. In fact, the evaluation of any supervisor should take into account how well that supervisor, in turn, used the evaluation of subordinates to promote the compliance and ethics program. As part of the monitoring process, it should be made clear to all supervisors that it is unacceptable to simply give every subordinate the same perfect rating. Since all employees typically do not perform all tasks at the same level, it is highly unlikely that all would show the same level of commitment and leadership in the compliance and ethics program (i.e., everybody cannot be above average). But expect resistance on this matter; there will be some supervisors who insist all their subordinates are ethical and therefore deserve perfect ratings. This misses the point. The employees are not measured on their personal values, but on how they exercise leadership in creating an ethical work environment. To facilitate this evaluation process, there should be training and reminders for supervisors, and modeling of the proper way to conduct these assessments by senior managers. Once supervisors have been won over, there should then be occasions where employees ratings reflect weakness in compliance and ethics leadership. At this point we should recall the lawyers objections raised above; there needs to be follow up on all negative compliance assessments. The assessment system should require remediation plans for those with weaknesses in this area. For example, such plans would be mandatory for those with ratings below a certain level. Of course, the fact that such plans are required and will thus require more work by the supervisor will create a perverse incentive never to give a poor

22

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

rating; management will have to take a strong position and supervise the process in detail to prevent this outcome.

Input on Promotions
One of the purposes of employee evaluation systems is to identify candidates for promotion to positions of increasing authority. This touches on another aspect of the Sentencing Guidelines 2004 revisions that may prove difficult for companies to apply. Item 3 of the 7 standards states: (3) The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.33 The Sentencing Guidelines commentary for item 3, goes on to state that companies need to avoid promoting people who have engaged . . . in conduct inconsistent with an effective compliance and ethics program.34 Combining this with the Sentencing Guidelines item 6 focus on incentives sends the message that companies need to consider employees compliance and ethics performance in determining their eligibility for promotion. This step not only helps to meet the legal standards and convince government skeptics that a company is committed to ethics and compliance, but it also sends a strong message to employees at all levels that advancement in the company requires serious attention to doing the right thing and setting a positive example.

www.corporatecompliance.org

23

Using Incentives in Your Compliance and Ethics Program

One way for companies to follow this path is to set a minimum standard for the compliance and ethics part of an employees assessment in order to be considered for promotion. For example, if compliance and ethics has a 1 to 5 scale on employees evaluation forms, perhaps only those scoring a 3 or above would be eligible for any promotion. Companies can also go the next step beyond this and make compliance and ethics an explicit factor in determining promotions. While satisfactory ratings could still be a threshold, the overall evaluation of those eligible for advancement would include a thoroughgoing review of the candidates record as a leader in compliance and ethics. Companies wanting to ensure that this approach moves beyond form into substance, and also seeking to fully empower the compliance and ethics function, can set a requirement that the compliance and ethics office have input into the companys promotions. This would certainly be an indication of due diligence in determining promotions. In one companys case, this requirement came about as a result of an unfortunate incident involving a promotion. A relatively senior manager was promoted in the company, but shortly thereafter was terminated for violations of the code of conduct. It turned out that at the time of the promotion the manager had been under investigation by the compliance and ethics office, but no one had consulted them regarding the promotion. The companys board of directors made it clear that this was not to happen again, and that the compliance and ethics office was to be consulted. While this consultation could be just a simple check for investigation and disciplinary matters, the review could be much broader, seeking input on whether a manager was fully committed to the companys code of conduct and its compliance and ethics program.

24

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Requiring that the compliance and ethics office have a say in promotions ties in with the general advice that compliance and ethics needs a seat at the table for major decisions. It would clearly be a sign of empowerment, and send a strong signal to the government and to the employees. This is another area to anticipate strong resistance, especially if the compliance officer is really a junior level person, and officers are not comfortable with this person being involved in or having advance knowledge of promotions. Any objections along these lines are a red flag that compliance and ethics people are positioned too low in the organization. While preventing the promotion of bad actors is an important objective, there is an additional step a company can take to promote ethics and compliance as part of its culture. Some companies engage in succession planning or the identification of high potential employees. They use various processes to identify and encourage employees considered to be likely candidates for future leadership positions. If in fact compliance and ethics is an important value to the company, then that element should be included in this process. Those interested in being selected for this special treatment should know that a strong compliance and ethics record and commitment are positive factors that will be considered.35

Compliance and Ethics Input in All Incentive/Reward Systems


In considering compliance and ethics programs, it can sometimes be easy to get caught up in the details and the exact language of the Sentencing Guidelines and to lose sight of the ultimate purpose. These

www.corporatecompliance.org

25

Using Incentives in Your Compliance and Ethics Program

programs exist to prevent and detect violations. To prevent misconduct it is essential to understand the power of reward and incentive systems. People do what gets rewarded, and tend to take the most direct path to the reward. It is also fair to assume that the stronger the incentive, the more likely it is to affect behavior. If enormous rewards and recognition are offered to those who achieve X, it is highly likely that many will try to reach this goal. And experience also teaches that they will look for the fastest, most direct route to the goal. This understanding leads to the recognition that misaligned incentive systems can encourage unethical or illegal conduct. For example, it is rational for a company to reward sales; sales are essential to a companys success. But if the goals are too high, the rewards enormously rich, and meeting the goals becomes the singular focus of the organization to the exclusion of other considerations, will this not lure employees in a potentially dangerous direction? The Sears brake repair story illustrates this phenomenon.36 Sears had reportedly decided to increase revenue in its auto service centers by providing incentives to its service employees. A significant portion of the employees pay was tied to the ability to achieve results such as the sales of new brake systems. Apparently those designing this system did not think about how this would work in practice in an environment where the store employee has all the knowledge and the customer must rely on that employees honesty. As alleged by enforcement officials, this incentive system resulted in what appeared to be a pattern of fraud by Sears auto repair operations, and a serious detriment to the companys reputation. Consider also the impact of the shift of senior executive compensation to stock options. Senior executives whose options were in the money stood to reap millions in personal gains. Yet these same executives were often

26

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

in control of the pricing mechanisms for these options. The result was a plethora of allegations involving the top management of major companies and the improper pricing and reporting of options for these executives.37 One lesson from these cases is the importance of setting realistic goals and reasonable rewards. If there is too much at stake, this in itself can drive employees in questionable directions. On the other hand, it is not necessary to conclude that strong incentives are corrupt or even undesirable. The key is that companies need to exercise care in setting these incentives. This leads to a basic proposition: the stronger the incentives, the stronger the checks and controls need to be. There is nothing wrong with offering handsome rewards for results, but there also need to be appropriate controls. How can this balance be achieved? How can controls be imposed when the very people setting the rewards may stand to benefit from them? One step to help add a control perspective is to ensure that the compliance and ethics officer is there when the incentive plans are considered. Compliance and ethics would be there to act as the devils advocate, and to ask the questions what could go wrong and how would this look in the newspapers?38 The compliance and ethics person can make other managers step back and examine their proposals from a more realistic perspective, and can escalate to the board any plan that is likely to drive employees to unethical conduct. This step is very similar to the idea of requiring compliance and ethics review for promotions, and ties in with the need for a compliance and ethics person to be involved in major decisions. It is also clearly a sign of compliance and ethics empowerment that sends a strong signal to the government and to the employees. As was true for review of promotions, winning support from human resources may be a challenge, since this is terrain that has traditionally belonged to that department.

www.corporatecompliance.org

27

Using Incentives in Your Compliance and Ethics Program

Rewards and Recognition


In addition to paying employees for doing their assigned tasks and providing the usual annual reviews and bonuses, companies frequently offer employees special types of rewards and recognition. These may include rewards such as travel, cash prizes, small tokens or letters of appreciation. These rewards and recognition help make up the culture of a company; employees frequently mold their behavior based on who gets rewarded and who does not. As Deal and Kennedy observed in their groundbreaking work on corporate cultures, Culture-shaping managers . . . seek ways to provide frequent and visible praise or other recognition for even modest contributions to the service of important values.39 Those who are recognized can become the heroes and part of the stories of the companys history. How should rewards be integrated into the compliance and ethics program? In many companies there is an existing system of rewards. A company may have a high-profile chairmans award for special contributions to the company. The sales organization may fly the top performers to Hawaii for the annual sales conference. Compliance and ethics can be integrated into existing rewards by adding compliancerelated factors into the criteria for these rewards. This helps remind employees that compliance and ethics is valued, and that it is a part of everything that matters in the company. Rewards may also be provided specifically for contributions to the compliance program, and for those who show leadership in promoting the code of conduct. It is best if these rewards are at least on a par with other rewards. Thus, if the top sales people go to Hawaii and the top production person gets a thousand dollar check, the top compliance and ethics performer should get something more than a solo lunch at the local bistro. In the corporate world appearances always matter.

28

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Rewards and recognition are powerful tools. Even in companies that have not otherwise offered these, it is worth considering them to promote the compliance and ethics program. Employees are likely to remember the fact that meaningful recognition was given for leadership in this area. If an employee is ever asked by the government about the companys compliance and ethics program and its code, the person is very likely to respond with the story about the awards dinner. Such outstanding recognition will be part of the stories employees recount to new employees at the company. When done right, it can be one of the surest ways to affect the culture in an organization. Often the field of compliance and ethics involves activities like investigations, audits and discipline that are not always well received. Even requiring employees to attend training may not be a happy experience. But the area of rewards and recognition is one that can be positive and benefit from imaginative approaches. There are numerous ways to provide recognition in this field. Perhaps the easiest and least expensive is the recognition letter from a senior executive, such as the CEO or the compliance officer. In one company, for example, a marketing manager received in the mail an unmarked envelope with her name on it. When she opened the envelope she realized it contained a competitors proprietary planning information. She quickly closed the envelope and contacted the legal department. For this ethical act the manager received a glowing letter from the chief compliance officer, with a copy to her supervisor. A speaker from Boeing has recounted a similar story, with the hero also being written up in a company newsletter. In yet another example, a company CEO is reported to have charged his officers to bring him specific examples of employees who demonstrated model behavior; he, in turn, sent these employees personal commendation notes.40 We have attached in Appendix 2 an example of a recognition letter.

www.corporatecompliance.org

29

Using Incentives in Your Compliance and Ethics Program

Perhaps an even more powerful variant on this method is to personally deliver the letter and read it to the employee. This approach, which has been described as a gratitude visit, can have an impact on both the recipient and the person delivering the message.41 Lockheed-Martin provides two excellent examples that were reported in ethikos.42 The company staged a contest inviting employees to develop their own videos to promote ethics in the workplace. Employees submitted two-minute videos produced on their own time and using their own resources. There were twenty videos submitted from all areas of the business, with three finalists selected and invited to the annual meeting for the companys ethics officers, in Orlando. This event, called the Ethics Film Festival, celebrated all those who participated, and awarded statuettes to the top three. Portions of the top three videos were included in the companys ethics training video. Lockheed Martin also instituted an annual Chairmans Award for actions or behavior that exemplifies the companys ethics commitment. Any employee can submit nominations; each business unit can submit one finalist. The winner is selected by the CEO and the president and presented with a crystal bowl at the companys annual senior management meeting. Award recipients are written up in the companys newspaper. What other awards and recognition can be given? One starting point is to consider anything that is used in the company for recognition for any purpose cash, certificates, time off, lunches, etc. But beyond this, the possibilities are endless. For example, Appendix 3 includes a list of ideas taken from training sessions for compliance professionals; within 15 minutes, working in teams, they were able to come up with numerous clever ideas. For those who would like a source of ideas to get the thinking process started, there is an entire book, 1001 Ways to

30

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Reward Employees, which can help with this process.43 It is important to remember, too, that when it comes to recognition, even very small rewards can have a big impact. For example, immediate recognition, or spot rewards even involving small amounts, given on the spot for positive compliance performance, can be a useful addition to the methods used to promote the program.44 One other variant to consider for giving rewards is the recognition of entire work groups. This has the benefit of demonstrating that the company values compliance and ethics, but with an added kick it can harness the enormous power of peer pressure. For example, if the company offers a free lunch to the work group that completes the code training first, this can make it almost impossible for one employee to hold out, lest he or she cause the entire group to miss out. This result can be achieved with even very small rewards for the groups members. In one business that used this approach, small rewards for entire work groups caused a dramatic decline in injuries in the workplace.45 The value of rewarding groups was recognized, for example, in the Australian Standards for compliance programs, section 6.1.2(c), which calls for recognizing compliance performance by teams, work units and individuals.46 On this point, though, it is worth reiterating the concern expressed by OSHA; because of the power of peer pressure the company needs to be very sensitive to the risk of groups taking short cuts to achieve the reward. The same group that pressures colleagues to work safely could also pressure a co-worker not to report an injury, lest the entire group lose out on a reward. As is true with other elements of incentive systems, strong forces need comparably strong controls. In designing these reward programs, it is also wise to remember the words of the Australian Standards which refer to Highly visible rewarding of the behavior being encouraged. Except in special cases

www.corporatecompliance.org

31

Using Incentives in Your Compliance and Ethics Program

such as recognition of a whistleblower who wishes to remain confidential, there is great value in praising outstanding compliance and ethics behavior in front of the entire company. This is part of the process of molding the companys culture.

Rewards and Recognition for Compliance and Ethics Staff


As noted above, employees trying to determine what a companys priorities and values really are will look to see who gets rewarded and who gets passed by. Who are the heroes and who are the goats? In this landscape they will observe what happens to those who are part of the companys compliance and ethics program. How are the champions of compliance and ethics treated? What is their record when it comes to salary, bonus treatment, promotion and other recognition? Is the compliance and ethics office where almost-retired loyal workers are put quietly out to pasture, or is this a function that really matters? How the compliance and ethics staff members are treated will be read by employees as an essential sign of their importance.47 The message here is that the company should treat its compliance and ethics staff well. If the company is serious when it talks about integrity being its first value, if it intends to follow the gold standard for its program, if all of this is more than mere lip service, then its money should be behind its words. The financial treatment of the compliance and ethics officer and staff should communicate clearly that this is an important function that the company values highly. Words alone will not do this; actions will. On the other hand, there should be some caution exercised in determining how to reward the compliance and ethics staff; it is best if incentives are de-coupled from objectives and benchmarks that would call into question the compliance and ethics staffs objectivity.48

32

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Companies should also consider whether compliance and ethics is a path for promotion in the company. If compliance and ethics really does matter, then service in that area should be considered a positive factor in selecting people for promotion. A stint in the compliance and ethics program would become a ticket that needs to be punched for those who want to get ahead in the company. Companies may also consider establishing a career path for those who do compliance and control-related work. A route for advancement, combining paths in HR, internal audit, environment, health and safety, legal, compliance headquarters, compliance field work and related functions could be mapped out for those who are interested.49 Boeing Corp. has reportedly started this process for its compliance and ethics staff. Companies can also focus on the achievements of the compliance and ethics staff, singling out the top performers for special recognition. For example, in one major financial services company, the person who developed their privacy program was recognized throughout the company, including mention in the companys annual report. In another company, the compliance and ethics unit received the highest rating of any unit in the entire company.

What about Whistleblowers?


The last question we consider in this paper is whether companies should provide rewards for whistleblowers. We are treating this separately from all the other aspects of this field because the topic is highly controversial. While the ideas covered above are all things that can add to the effectiveness of a compliance and ethics program, there is a concern that rewarding whistleblowers may not necessarily have a positive effect.

www.corporatecompliance.org

33

Using Incentives in Your Compliance and Ethics Program

The idea behind rewarding whistleblowers is that companies need to have employees be alert to compliance and ethics issues and to raise questions and concerns when they see something that is not right. Employees who witness harassment or consumer fraud or price fixing activity should report this to management or the companys helpline. However it is well known that many people witness misconduct but do not report it, whether from fear of retaliation, indifference, or the belief that nothing will be done. Yet those who do raise issues may benefit their employers enormously by interdicting potentially disastrous misconduct. Therefore, in order to reach employees and incent them to report issues, why not offer them a reward? A reward system would follow the model of the highly successful (for the government) U.S. False Claims Act, which offers whistleblowers a large percentage of any damages the government recovers as a result of a whistleblowers reporting fraud in government contracting. It might also be considered as a way of avoiding having employees call the SEC under the whistleblower provisions of the Dodd Frank Act,50 which follows the False Claims Act model in offering enormous rewards for whistleblowers. One example of this type of approach came from Bear Stearns, which pursued such a policy, going so far as to inform employees: We want people at Bear Stearns to cry wolf. If the doubt is justified, the reporter will be handsomely rewarded.51 The company went on to inform employees how two administrative assistants reported another employees submission of false taxi vouchers and as a result received an immediate cash award. Cash was the incentive for people to report violations by their colleagues. In another company that reported success with this reward system, rewards were only given on condition that reporting employees provide their identities, to reduce the risk of false allegations.52

34

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Perhaps not quite so direct is the language from the Office of Inspector General of HHS in its guidance on pharmaceutical compliance programs. OIG suggested: Pharmaceutical manufacturers may also consider rewarding employees for appropriate use of established reporting systems as a way to encourage the use of such systems.53 What is the concern about such systems? Note first that we are not talking about rewarding people for good ideas, or for suggesting improvements in the compliance program, or positively considering in an employees annual evaluation the fact that the employee raised a compliance issue; rather, the concern is about rewards for turning in fellow workers for money. The fear is that this will have a distinctly negative impact on employee morale, conjuring up the image of bounty-hunters. Will employees be looking over their shoulders to see who is watching them? Will they work secretively and avoid sharing anything with others who may be waiting to pounce at the first opportunity? If the rewards are high enough, will employees even be driven to frame fellow employees or unpopular supervisors to earn the cash?54 Is there also the risk that converting what most employees see as a matter of right and wrong, into merely a financial proposition, might actually cause employees to be less inclined to report issues internally?55 Of the issues involved in incentive programs, this is certainly one that has the potential for triggering strong negative reactions. Unionized work groups may be outspoken in their resistance, possibly tainting their approach to the entire program. For multinational companies, there may be an even greater obstacle in places that have shown resistance to any type of hotline operation, such as France. This is not to say that the desire to have employees raise issues is wrong. Companies should certainly be active in their steps to prevent retaliation. When employees call to report concerns, the company

www.corporatecompliance.org

35

Using Incentives in Your Compliance and Ethics Program

should make it very clear that it appreciates the employees courage in raising the issues. Those who try to do the right thing should be supported, and celebrated.56 These steps need to be part of a companys approach to whistleblowing. But when it comes to handing out cash rewards or other rewards of value, there appears to be a significant difference. On this point I would at minimum caution any company considering such rewards to take steps to learn employees reactions in advance. Know whether your companys culture will support such steps, or whether there is a serious risk that this will be viewed as bounty hunting and possibly undermine the program. Perhaps one way to employ rewards and incentives that promote use of the reporting system is to reward those who report issues that relate to systems and processes, rather than reporting violations by individual co-workers. For example, an employee who uses the reporting system to ask for advice on a difficult compliance question, identify a vulnerability in a compliance control system, or suggest a way to improve compliance training, could receive significant and highlyvisible rewards. This could send the message that the company favors those who utilize the reporting system, but without the possible negative aspect of paying those who report on colleagues.

Conclusion
For a compliance and ethics program to be effective, it needs to affect the behavior of those acting for the company. Rewards and incentives clearly do this, and need to be included in any program. This paper has outlined ways to take this step. In a practical world, compliance and ethics programs also must exist to help the company in times of crises when outside skeptics believe the company has done something wrong. A strong compliance and ethics

36

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

program should demonstrate the companys good faith. But to do this, it must meet the legal standards that would apply; these also require the use of incentives. Again, looking at things in a practical sense, this also means that the company should be careful to document all aspects of its program, including the use of incentives. The simple recognition letters and the forms used for employee evaluations, the fact that the compliance officer attends the management sessions where incentive programs are developed, the recognition dinner for the field compliance staff all of this needs to be documented as part of the compliance programs files. Not only are incentives necessary in a program, but they also help put a more positive face on the program. Compliance and ethics should not only be about enforcing laws and rules. It should also include positive appeals to the best in human nature, and recognition that people in companies do good and even heroic things, and that they should be recognized for showing ethical leadership.

Joseph E. Murphy, JD, CCEP is Director of Public Policy for SCCE, Editor-in-Chief for the Compliance and Ethics Professional, and a member of the SCCE Advisory Board. In addition, he is of counsel to the law firm Compliance Systems Legal Group, and co-founder of Integrity Interactive Corp. He can be reached at Jemurphy@voicenet.com.

www.corporatecompliance.org

37

Using Incentives in Your Compliance and Ethics Program

Credits and Bibliography


Credits
Sincere thanks to the following people and organizations who contributed to this paper: 1. The class of the Health Care Compliance Association Advanced Academy, in Las Vegas October 23, 2006 and subsequent HCCA and SCCE Academy classes for Appendix 3. 2. Compliance Systems Legal Group, for the Evaluation form, Appendix 1. 3. Dan Roach, Compliance Officer for Catholic Healthcare West, for the example of rating officers compliance performance. 4. Martha Ries, VP , Ethics and Business Conduct, The Boeing Company, for the examples of a positive compliance performance being written up in a company newsletter and the establishment of a career path system for compliance professionals. 5. Joan Dubinsky, Ethics Officer, International Monetary Fund, for suggestions on employee assessments and succession planning. 6. Paul McGreal, Professor of Law, Southern Illinois University School of Law, for the suggestion for providing specific bases for employee evaluations, and recommending the New York Times article on gratitude visits. 7. Donna Boehme, Principal, Compliance Strategists, for several suggestions, including pointing out the risk that offering cash for employees turning in fellow workers might convert what should be a moral imperative into a mere financial decision, thus undercutting reporting.

38

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

8. Adam Turteltaub for the Pret a Manger group incentives story. 9. Jeremy West, who caught several points that needed to be fixed. 10. Matt Kelly, for a sharp editors eye for the logic of the arguments and how best to present them. 11. Jeff Kaplan for the incentives lesson from the 2008 financial meltdown.

U.S. Government Sources


1. Ad Hoc Advisory Group on the Organizational Sentencing Guidelines, Report 91 (Oct. 10, 2003), http://www. corporatecompliance.org/StaticContent/AdHocAdvisory.pdf. 2. Cutler, Director, Division of Enforcement, SEC, Tone at the Top: Getting It Right, Second Annual General Counsel Roundtable (Dec. 3, 2004), http://www.sec.gov/news/speech/ spch120304smc.htm. 3. Department of Health and Human Services, Office of Inspector General, Compliance Program Guidance for Pharmaceutical Manufacturers, 68 Fed. Reg. 23731 (May 5, 2003), http://www. corporatecompliance.org/Content/NavigationMenu/Resources/ IssuesAnswers/050503FRCPGPharmac.pdf . 4. Environmental Protection Agency, Incentives for Self-Policing: Discovery, Disclosure, Correction and Prevention of Violations; Notice, 60 Fed. Reg. 66711 (Dec. 22, 1995). 5. Environmental Protection Agency, Incentives for Self-policing: Discovery, Disclosure, Correction and Prevention of Violations, 65 Fed. Reg. 19,618, section IIB, definition of Compliance Management System (Apr. 11, 2000).

www.corporatecompliance.org

39

Using Incentives in Your Compliance and Ethics Program

6. Federal Energy Regulatory Commission, Policy Statement on Compliance, 125 FERC para. 61,058, fns. 9 & 26 (Oct. 16, 2008), http://www.balch.com/files/upload/FERC_Policy_Stmt_ on_Comp_Oct_16_08.pdf 7. Richards, Director, Office of Compliance Inspections and Examinations, SEC, Incentivizing Good Compliance, 2008 Willamette Securities Regulation Conference, Willamette University College of Law (Oct. 30, 2008), http://ftp.sec.gov/ news/speech/2008/spch103008lar.htm. 8. Settlement Agreement with Mellon Bank, N.A., Appendix A, Para 6.c) (Aug. 14, 2006), http://www.corporatecompliance. org/Content/NavigationMenu/Resources/IssuesAnswers/ LetterUSAttorney_MellonBank.pdf. 9. United States v. C.R. Bard Inc., CV93-10276-T, plea agreement (D. Mass; Oct. 14, 1993). 10. U.S. Department of Justice, Factors in Decisions on Criminal Prosecutions for Environmental Violations in the Context of Significant Voluntary Compliance or Disclosure Efforts by the Violator (July 1, 1991), http://www.justice.gov/enrd/3058.htm. 11. USSG sections 8B1.2(b)(2), (3) & (6), and Commentary note 4(B).

Other Standards
1. Australian Standards 3806-2006. 2. Competition Bureau Canada, Information Bulletin: Corporate Compliance Programs 1213 (2010), http:// www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/vwapj/ CorporateCompliancePrograms-sept-2010-e.pdf/$FILE/ CorporateCompliancePrograms-sept-2010-e.pdf .

40

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

3. Defense Industry Initiative Questionnaire, in Kaplan & Murphy, Compliance Programs and the Corporate Sentencing Guidelines: Preventing Criminal and Civil Liability, Appendix 19A (Thomson/West; 1993 & Ann. Supp). 4. Office of Fair Trading (UK), How Your Business Can Achieve Compliance with Competition Law (June 2011), http://www. oft.gov.uk/shared_oft/ca-and-cartels/competition-awarenesscompliance/oft1341.pdf. 5. Organization for Economic Cooperation and Development, Recommendation of the Council for Further Combating Bribery of Foreign Public Officials in International Business Transactions, Appendix II, item 9, http://www.oecd.org/ dataoecd/11/40/44176910.pdf. 6. Reitaku University, Business Ethics & Compliance Research Center, Guidance Document for the Implementation of the Ethics Compliance Standard 2000, 42, 93, 94 (2001), at http:// www.consumer.go.jp/seisaku/shingikai/iinkai2/ecsguide(i).pdf.

Books, Articles and Blogs


1. Banks & Banks, Corporate Legal Compliance Handbook, section 16:03, The Carrot and the Stick (Incentives and Discipline) (Aspen, 2d ed., 2010). 2. Beil, How Memorial Health Measures the Ethics Performance of its Senior Managers, 18 ethikos 8 (Jan./Feb. 2005). 3. Bennett, Are Ethics Awards the Best Form of Incentives? Global Compliance Blog (Apr. 19, 2100), http://www.globalcompliance. com/Resources/Blog/Global-Compliance-Blog/Are-EthicsAwards-the-Best-Form-of-Incentives.aspx.

www.corporatecompliance.org

41

Using Incentives in Your Compliance and Ethics Program

4. Biegelman & Biegelman, Building a World-Class Compliance Program 100, 20708, 229, 275 (John Wiley & Sons, Inc.; 2008). 5. BNA/ACCA, Compliance Manual Ch. 4, section C-3; Ch. 10, section C-2; Ch. 12, Doc. 12 [XIV] (BNA; updated periodically). 6. Braithwaite & Murphy, Clout and Internal Compliance Systems, 2 Corporate Conduct Quarterly (now ethikos) 52, 62 (Spring 1993). 7. Clifford, Would You Like a Smile With That? New York Times (Aug. 6, 2011), http://www.nytimes.com/2011/08/07/business/ pret-a-manger-with-new-fast-food-ideas-gains-a-foothold-inunited-states.html?_r=2&pagewanted=all. 8. Compensation, Performance, Compliance and Ethics, A survey by the Health Care Compliance Association and the Society of Corporate Compliance and Ethics (May 2009), http:// www.corporatecompliance.org/staticcontent/09IncentivesSurv ey_report.pdf. 9. Conference Report: Business Ethics 2000, Prevention of Corporate Liability (BNA) Current Report 55 (June 19, 2000). 10. Dalton, Meaningful Compliance and Ethics Incentives, SAI Global Compliance, Our Viewpoint blog (June 30, 2100), http://compliance.saiglobal.com/viewpoint/2011/06/ meaningful-compliance-and-ethics-incentives. 11. Deal & Kennedy, Corporate Cultures 169 (Addison-Wesley Pub; 1982). 12. Drucker, Dont Change Corporate Culture Use It!, Wall Street Journal A14 (Mar. 28, 1991).

42

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

13. Falcione, Fostering an Ethical Culture Through Performance Reviews and KPIs, SAI Global Compliance, Our Viewpoint Blog (Dec. 15, 2010), http://compliance.saiglobal.com/viewpoint/2010/12/ fostering-an-ethical-culture-through-performance-reviews-andkpis. 14. Forelle & Bandler, As Companies Probe Backdating, More Top Officials Take a Fall, Wall Street Journal A1, Col. 5 (Oct. 12, 2006). 15. Fox, The Role of Human Resources in FCPA Compliance Part 1, Corporate Compliance Insights blog (May 11, 2010), http://tfoxlaw.wordpress.com/2010/05/11/ the-role-of-human-resources-in-fcpa-compliance. 16. Jideani, Anti-corruption compliance: Do incentives work, Nigerian Pilot (May 27, 2011). 17. Jordan & Murphy, Compliance Programs: What the Government Really Wants, 14 ACCA Docket 10, 22 (July/Aug. 1996). 18. Kaplan, The First Word On Compliance Incentives, The FCPA Blog (Jan. 19, 2011), http://www.fcpablog.com/ blog/2011/1/19/the-first-word-on-compliance-incentives.html. 19. Kaplan & Murphy, Compliance Programs and the Corporate Sentencing Guidelines: Preventing Criminal and Civil Liability sections 16:29-32, 19:57 (Thomson/West; 1993 & Ann. Supp.). 20. McGonegle, How to Reward Ethical Behavior, Sustainable Business Forum blog (Feb. 13, 2011), http:// sustainablebusinessforum.com/richard-murphy/49071/ how-reward-ethical-behavior.

www.corporatecompliance.org

43

Using Incentives in Your Compliance and Ethics Program

21. Murphy & Leet, Working for Integrity: Finding the Perfect Job in the Rapidly-Growing Compliance and Ethics Field, Ch. XVIII Advice for Companies: Finding the Right Person for Your Compliance Positions (SCCE; 2006). 22. Murphy & Vigale, The Role of Incentives in Compliance Programs, 18 ethikos 8 (May/June 2005). 23. Murphy, 501 Ideas for Your Compliance and Ethics Program 6670 (SCCE; 2008). 24. Murphy, Evaluations, Incentives and Rewards in Compliance Programs, 3 Corporate Conduct Quarterly (now ethikos) 40 (1994). 25. Murphy, How the CEO Can Make the Difference in Compliance and Ethics, 20 ethikos 9, 1011 (May/June 2007). 26. Nelson, 1001 Ways to Reward Employees (Workman Pub; 2005). 27. Pink, Gratitude Visits, New York Times (Dec. 14, 2003), at http://query.nytimes.com/gst/fullpage.html?sec=health&res=9D0 7E4DF163CF937A25751C1A9659C8B63. 28. Richter, Employee Incentive Programs: A VPP Perspective, The Leader 12 (Winter 1999; VPPPA). 29. Sears, Lights! Camera! Action! Lockheed Martins Ethics Film Festival, 17 ethikos 8 (Jan/Feb 2004). 30. Sigler & Murphy, Interactive Corporate Compliance: An Alternative to Regulatory Compulsion 83, 86, 90 (Quorum Books; 1988). 31. Singer, A Computer Software Giant Takes Time Out for Compliance, 21 ethikos 5, 7 (Sept./Oct. 2007). 32. Singer, Fannie Mae Rates Managers on Integrity and Honesty, 17 ethikos 4 (July/Aug. 2003).

44

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

33. Singer, TAP Pharma Isnt Afraid To Show A Little Levity, 19 ethikos 16, 18 (Mar./Apr. 2006). 34. Trevino & Nelson, Managing Business Ethics, 3rd Ed., 170, 186 89, 24347, 251, 30405 (Wiley; 2004). 35. Troklus & Warner, Compliance 101, 2nd Ed., 36 (HCCA; 2006). 36. Webb, Ottenbergs: A Recipe for Rewarding Safety: Bakerys Incentive Program Cuts Costs, Improves Productivity, Washington Post F11 (Feb. 19, 1990).

Examples and Forms


1. Evaluation Form, Appendix 1. 2. Recognition Letter, Appendix 2. 3. Ideas for Using Incentives in Compliance and Ethics Programs (from SCCE and HCCA Academies), Appendix 3.

www.corporatecompliance.org

45

Using Incentives in Your Compliance and Ethics Program

Appendix 1
Evaluation Form
Integrity Leadership: Encourages and rewards ethical conduct. Conducts business according to our code of conduct. Inspires subordinates to do the right thing. Expectations: ___  Uses the code of conduct and encourages subordinates to do the same ___  Actively takes steps to implement the compliance program and the code of conduct ___  Attends appropriate compliance training, and makes sure subordinates get appropriate training and know the rules that apply for their jobs ___  Takes ongoing steps to renew and refresh the message from subordinates compliance and ethics training ___  Is willing to challenge questionable conduct or proposals ___  Encourages openness and subordinates raising issues and concerns ___  Has an active management style, knows what his/her subordinates are doing, and coaches them on meeting objectives while acting with integrity ___  Promotes safe and environmentally sound work practices ___  Evaluates subordinates on their commitment to the code of conduct ___  Shows commitment to workplace diversity ___  Includes compliance issues in business plans ___  Places the health and safety of our customers above any sales or production objectives

46

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Specific examples supporting this rating: __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________

NB: A managers overall performance rating for the year is not permitted to exceed the rating achieved for this competency. A rating of Did Not Achieve in this category must be addressed in a developmental plan.

www.corporatecompliance.org

47

Using Incentives in Your Compliance and Ethics Program

Appendix 2
Recognition Letter
William Employee Distant sales office Any location

Dear Mr. Employee: Mary Integrity of the Compliance & Ethics Department has informed me of your recent actions that reflected a strong commitment to our companys values and code of conduct. As explained to me by Mary, you recently received anonymously, through the mail, an unmarked envelope containing sensitive information about a competitor. Under the circumstances you rightly determined that this appeared to be suspicious. Rather than seek any potential short term advantage from this information you immediately contacted the Compliance & Ethics Department for advice on doing the right thing. As explained to our office, you did this as soon as you recognized the nature of the information, and immediately stopped reading any further. You have provided the materials to our office for further action. You are to be commended for your alertness in the face of a potentially dangerous circumstance, and your willingness to take the right steps. I believe your actions exemplify our companys core values and commitment to integrity. On behalf of this company, our management and all of our employees, thank you for having the courage of your convictions and doing the right thing.

Sincerely, Chief Compliance & Ethics Officer cc: CEO Mr. Employees supervisor

48

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Appendix 3
Ideas for Using Incentives in Compliance and Ethics Programs
These are ideas from the Health Care Compliance Association and Society of Corporate Compliance and Ethics Academies classes on Building Incentives in Your Compliance & Ethics Program. The classes were divided into 4 teams, with each team asked to develop its best ideas related to incentives, evaluations and rewards. The other teams then judged each presentation. Some editing has been added, including changing industry-specific references so that they apply more generally. It is hoped that this list will inspire more ideas from readers. While listing these does not mean we endorse them all, any particular idea might inspire the reader to develop an approach that will be perfect for his or her own circumstances. Departments would nominate people who exemplify the integrity program; a board level committee would select the best and give the winner free, preferential parking for a year. Provide as a reward a pin or other visible emblem. When the employee accumulates enough points, they can turn in the emblem for gifts or time off. Rewards could include two season basketball tickets or free lunch passes. Have a dinner with the CEO as recognition. Have the annual compliance and ethics award winner flown in to the shareholders annual meeting with the award presented there.

www.corporatecompliance.org

49

Using Incentives in Your Compliance and Ethics Program

Audit findings should include positive findings regarding compliance & ethics activities; these could be shared in a newsletter. The compliance committee could select the department or work group that best exemplifies compliance & ethics. Measures could include such things as completing training on time, code of conduct attestations done on time, best personnel evaluations, etc. The reward could be a lunch for the department. Those managers with the best compliance & ethics records could be awarded free tuition and expenses to attend a compliance academy and/or to get certified in compliance & ethics. Make compliance & ethics certification (CHC, CCEP) a condition for promotion to senior management positions. Reward employees for making recommendations and suggestions to improve the compliance & ethics program. This also brings in new, creative ideas. Provide rewards and recognition for those who conduct self-audits and share the findings and lessons learned. Require a compliance comprehension test as an adjunct to regular annual evaluations. A 100% score would be an added 1% pay increase on top of the usual incentives. 80% = .8, 70% = .7, less would equal zero.

50

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Provide an incentive for reports to the helpline or otherwise to the compliance and ethics office that help avoid noncompliance or identify actual problems that are system errors. This would only be for reports about systems, but not about people, to avoid a bounty-hunter environment. Make attendance at compliance training a condition for being in any responsible position. Award organization-wide recognition if the compliance & ethics program overall gets a high score, e.g., time off for all employees. Provide an incentive for all division and unit compliance and ethics officers to get training and certification (CHC, CCEP). Performance indicators could be linked to a compliance plan. This could include timely submissions of required regulatory filings, on-time completion of compliance training, etc. Provide on-the-spot recognition by peers/ supervisors with certificates (compliance bucks) for behavior promoting compliance and ethics that can be redeemed for company merchandise. Give $50 for any submissions to the company newsletter relating to compliance and ethics that are published. Have a compliance and ethics courage award, e.g., for turning down a choice vacation trip from a vendor.

www.corporatecompliance.org

51

Using Incentives in Your Compliance and Ethics Program

Have a system for compliance & ethics points or presidents points in small incremental amounts awarded based on performance during the month, quarter or year. The points would be totaled for each time period, with recognition for those receiving a certain number of reward points. Senior leaders ask employees compliance and ethics questions on the spot; those who answer correctly get free movie tickets.

52

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

Endnotes
1 USSG section 8B1.2 (b)(6). 2 See Dalton, Meaningful Compliance and Ethics Incentives SAI Global Compliance blog, http://compliance.saiglobal.com/viewpoint/2011/06/ meaningful-compliance-and-ethics-incentives (incentives are an area where we see perhaps the greatest gaps within compliance and ethics programs, even for the most dynamic and robust programs.); Compensation, Performance, Compliance and Ethics, A survey by the Health Care Compliance Association and the Society of Corporate Compliance and Ethics 1 (May 2009) http://www. corporatecompliance.org/staticcontent/09IncentivesSurvey_report.pdf (when it comes to compliance and ethics metrics, very little has been done to incent ethical behavior). 3 Although even in this area some have tried such assessments. See Beil, How Memorial Health Measures the Ethics Performance of its Senior Managers, 18 ethikos 8 (Jan./Feb. 2005). 4 Interview with Joan Dubinsky, Ethics Officer, International Monetary Fund, Dec. 14, 2006. 5 These compliance and ethics leadership steps could even be included in job and position descriptions. 6 Richter, Employee Incentive Programs: A VPP Perspective, The Leader 12 (Winter 1999; VPPPA). See also Federal Energy Regulatory Commission, Policy Statement on Compliance, 125 FERC para. 61,058, fn. 26 (Oct. 16, 2008), http://www.balch.com/files/upload/FERC_Policy_Stmt_on_Comp_Oct_16_08. pdf (noting risk that too great an emphasis on compliance in compensation may actually discourage employees or senior management from acknowledging and reporting violations). 7 Ad Hoc Advisory Group on the Organizational Sentencing Guidelines, Report 91 (Oct. 10, 2003), at http://www.corporatecompliance.org/StaticContent/ AdHocAdvisory.pdf. 8 Murphy, Evaluations, Incentives and Rewards in Compliance Programs, 3 Corporate Conduct Quarterly (now ethikos) 40 (1994). 9 U.S. Department of Justice, Factors in Decisions on Criminal Prosecutions for Environmental Violations in the Context of Significant Voluntary Compliance or Disclosure Efforts by the Violator (July 1, 1991) http://www.justice.gov/enrd/3058.htm.

www.corporatecompliance.org

53

Using Incentives in Your Compliance and Ethics Program

10 Environmental Protection Agency, Incentives for Self-Policing: Discovery, Disclosure, Correction and Prevention of Violations; Notice (Dec. 22, 1995); Environmental Protection Agency, Incentives for Self-Policing: Discovery, Disclosure, Correction and Prevention of Violations, 65 Fed. Reg. 19,618, section IIB, definition of Compliance Management System (Apr. 11, 2000). 11 Department of Health and Human Services, Office of Inspector General, Compliance Program Guidance for Pharmaceutical Manufacturers, 68 Fed. Reg. 23731 (May 5, 2003) at http://www.corporatecompliance.org/resources/ documents/050503FRCPGPharmac.pdf. 12 Federal Energy Regulatory Commission, Policy Statement on Compliance, 125 FERC para. 61,058, fn. 9 (Oct. 16, 2008), http://www.balch.com/files/upload/ FERC_Policy_Stmt_on_Comp_Oct_16_08.pdf. 13 See Jordan & Murphy, Compliance Programs: What the Government Really Wants, 14 ACCA Docket 10, 22 (July/Aug. 1996). 14 Settlement Agreement with Mellon Bank, N.A., Appendix A, Para 6.c) (Aug. 14, 2006), at http://www.corporatecompliance.org/Content/NavigationMenu/ Resources/IssuesAnswers/LetterUSAttorney_MellonBank.pdf. 15 Federal Acquisition Regulation, Contractor Business Ethics Compliance Program and Disclosure Requirements, 73 Fed. Reg. 67064, 6709192 (Nov. 12, 2008). 16 Federal Acquisition Regulation, Contractor Business Ethics Compliance Program and Disclosure Requirements, 73 Fed. Reg. 67064, 67068 (Nov. 12, 2008). 17 See page 16, in the paragraph beginning In the U.S. defense industry, infra. 18 OECD, Recommendation of the Council for Further Combating Bribery of Foreign Public Officials in International Business Transactions, Appendix II, http://www.oecd.org/dataoecd/11/40/44176910.pdf. 19 Office of Fair Trading (UK), How Your Business Can Achieve Compliance with Competition Law 26 (June 2011), http://www.oft.gov.uk/shared_oft/ca-andcartels/competition-awareness-compliance/oft1341.pdf . 20 Office of Fair Trading (UK), How Your Business Can Achieve Compliance with Competition Law 2829 (June 2011), http://www.oft.gov.uk/shared_oft/ca-andcartels/competition-awareness-compliance/oft1341.pdf. 21 Competition Bureau Canada, Information Bulletin: Corporate Compliance Programs 1213 (2010), http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/vwapj/CorporateCompliancePrograms-sept-2010-e.pdf/$FILE/CorporateCompliancePrograms-sept-2010-e.pdf

54

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

22 Australian Standards 3806-2006. 23 Reitaku University, Business Ethics & Compliance Research Center, Guidance Document for the Implementation of the Ethics Compliance Standard 2000, 42, 93, 94 (2001), http://www.consumer.go.jp/seisaku/shingikai/iinkai2/ecsguide(i).pdf. 24 Kaplan & Murphy, Compliance Programs and the Corporate Sentencing Guidelines: Preventing Criminal and Civil Liability, Appendix 19A (Thomson/West; 1993 & Ann. Supp.). 25 Drucker, Dont Change Corporate Culture Use It! Wall Street Journal A14 (Mar. 28, 1991). 26 Cutler, Director, Division of Enforcement, SEC, Tone at the Top: Getting It Right, Second Annual General Counsel Roundtable (Dec. 3, 2004) at http:// www.sec.gov/news/speech/spch120304smc.htm. 27 See Kaplan, The First Word On Compliance Incentives, The FCPA Blog (Jan. 19, 2011), http://www.fcpablog.com/blog/2011/1/19/the-first-word-on-compliance-incentives.html. 28 For other examples of factors considered in performance appraisals regarding compliance and ethics, see Kaplan & Murphy, Compliance Programs and the Corporate Sentencing Guidelines: Preventing Criminal and Civil Liability section 19:57 (Thomson/West; 1993 & Ann. Supp.). 29 Emailed comment from Professor Paul McGreal, Southern Illinois University, Dec. 31, 2006. 30 USSG section 8B1.2 (b)(2); see Competition Bureau Canada, Information Bulletin: Corporate Compliance Programs (2010) (similar emphasis), http:// www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/vwapj/CorporateCompliance Programs-sept-2010-e.pdf/$FILE/CorporateCompliancePrograms-sept-2010-e.pdf. 31 See Biegelman & Biegelman, Building a World-Class Compliance Program 100 (John Wiley & Sons, Inc.; 2008) (At CA, up to 10% of executive compensation was based on how they handled compliance requirements.). 32 Presentation by D. Roach, SCCE Corporate Compliance Workshop, Dec. 2, 2005, Houston, TX. 33 USSG section 8B1.2 (b)(3). 34 USSG section 8B1.2 (b) Commentary, note 4(B).

www.corporatecompliance.org

55

Using Incentives in Your Compliance and Ethics Program

35 Interview with Joan Dubinsky, Ethics Officer, International Monetary Fund, Dec. 14, 2006. 36 See Trevino & Nelson, Managing Business Ethics 18689 (Wiley; 2004 3rd Ed). 37 See, e.g., Forelle & Bandler, As Companies Probe Backdating, More Top Officials Take a Fall, Wall Street Journal A1, Col. 5 (Oct. 12, 2006). 38 It would also make sense to include the incentive systems in the risk assessment process. See Richards, Director, Office of Compliance Inspections and Examinations, SEC, Incentivizing Good Compliance, 2008 Willamette Securities Regulation Conference, Willamette University College of Law (Oct. 30, 2008) at http://ftp.sec.gov/news/speech/2008/spch103008lar.htm, at p. 7. 39 Deal & Kennedy, Corporate Cultures 169 (Addison-Wesley Pub; 1982). 40 Trevino & Nelson, Managing Business Ethics 251 (Wiley; 2004 3rd Ed). 41 Pink, Gratitude Visits, New York Times (Dec. 14, 2003) at http://query.nytimes.com/ gst/fullpage.html?sec=health&res=9D07E4DF163CF937A25751C1A9659C8B63. 42 Sears, Lights! Camera! Action! Lockheed Martins Ethics Film Festival, 17 ethikos 8 (Jan/Feb 2004). 43 Nelson, 1001 Ways to Reward Employees (Workman Pub; 2005). 44 McGonegle, How to Reward Ethical Behavior, Sustainable Business Forum blog (Feb. 13, 2011), http://sustainablebusinessforum.com/richard-murphy/49071/ how-reward-ethical-behavior; Murphy, 501 Ideas for Your Compliance and Ethics Program 70 (SCCE; 2008). 45 Webb, Ottenbergs: A Recipe for Rewarding Safety: Bakerys Incentive Program Cuts Costs, Improves Productivity, Washington Post F11 (Feb. 19, 1990); See Clifford, Would You Like a Smile With That? New York Times (Aug. 6, 2011), http://www.nytimes.com/2011/08/07/business/pret-a-manger-with-new-fastfood-ideas-gains-a-foothold-in-united-states.html?_r=2&pagewanted=all for an example of how group awards can drive employee morale and performance, even in a fast-food environment. 46 Australian Standards 3806-2006. 47 Braithwaite & Murphy, Clout and Internal Compliance Systems, 2 Corporate Conduct Quarterly (now ethikos) 52, 62 (Spring 1993).

56

www.corporatecompliance.org

Using Incentives in Your Compliance and Ethics Program

48 See United States v. C.R. Bard Inc., CV93-10276-T, plea agreement (D. Mass; Oct. 14, 1993); Sigler & Murphy, Interactive Corporate Compliance: An Alternative to Regulatory Compulsion 83 (Quorum Books; 1988). 49 Murphy & Leet, Working for Integrity: Finding the Perfect Job in the RapidlyGrowing Compliance and Ethics Field, Ch. XVIII. Advice for Companies: Finding the Right Person for Your Compliance Positions (SCCE; 2006). 50 The Dodd-Frank Wall Street Reform and Consumer Protection Act section 922, 15 USC 78u-6. 51 Trevino & Nelson, Managing Business Ethics 246 (Wiley; 2004 3rd Ed). 52 Biegelman & Biegelman, Building a World-Class Compliance Program 20708 (John Wiley & Sons, Inc.; 2008). 53 Department of Health and Human Services, Office of Inspector General, Compliance Program Guidance for Pharmaceutical Manufacturers, 68 Fed. Reg. 23731 (May 5, 2003), http://www.corporatecompliance.org/Content/Navigation Menu/Resources/IssuesAnswers/050503FRCPGPharmac.pdf. 54 Note that while lying in a whistleblower report to the government might be a crime, doing so only in an internal report has much less risk. 55 Emailed comments from Donna Boehme, Compliance Strategists, July 2930, 2011. 56 Banks & Banks, Corporate Legal Compliance Handbook, section 16:03, The Carrot and the Stick (Incentives and Discipline) (Aspen, 2d ed., 2010).

www.corporatecompliance.org

57

SCCEs
Mission
SCCE exists to champion ethical practice and compliance standards in all organizations and to provide the necessary resources for compliance professionals and others who share these principles.
Society of Corporate Compliance and Ethics
6500 Barrie Road, Suite 250 Minneapolis, MN 55435, United States +1 952 933 4977 or 888 277 4977 (p) +1 952 988 0146 (f) helpteam@corporatecompliance.org www.corporatecompliance.org

Securities and Exchange Commission Requirements regarding Ethics and Compliance, Effective Compliance Programs, and the Morgan Stanley Declination

April 11-12, 2013

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

What Does it Mean to Have an Effective Compliance Program?


An effective program does not mean that a company is expected to be able to detect and stop
every single violation, but it does require a thoughtful and substantial commitment

The November 14, 2012, joint DOJ/SEC FCPA guidance does provide a new compilation of
hallmarks of such a program from prior settlements and statements: Commitment from senior management along with a clear anti-corruption policy Code of Conduct with associated policies and procedures Appropriate oversight, autonomy, and resources Risk assessment-driven program Ongoing training and advice Incentives for self-policing, reporting of potential violations, and contributing to a culture of compliance, as
well as appropriate and effective sanctions for compliance violations and lapses

Due diligence of third-parties including monitoring of third-party payments Confidential reporting and internal investigations Continuous improvement along with periodic testing and review Pre-M&A due diligence of an ethics and compliance program with associated post-M&A integration A secure and anonymous channel for reporting concerns

The program should apply from the boardroom to the supply room no one should be beyond
its reach
Confidential 2

How Do You Tell if You Have An Effective Compliance Program?


Best practice for a compliance program requires a third-party check on the
effectiveness of the program, but even such an acknowledgment will not function as an affirmative defense.

It will, however, be a significant factor in determining whether a settlement is reached,


a non-prosecution or a deferred prosecution agreement is possible, any fine will be reduced, and whether an independent monitor will be imposed.

The Federal Sentencing Guidelines state that an organization shall take reasonable
steps . . . to evaluate periodically the effectiveness of the organizations compliance and ethics program. The joint DOJ/SEC FCPA guidance states that An assessment of a companys compliance
program, including its design and good faith implementation and enforcement, is an important part of the governments assessment of whether a violation occurred, and if so, what action should be taken. The recent joint guidance notes that many companies are doing so by undertaking proactive evaluations through the use of employee surveys that measure compliance culture, the strength of internal controls, identify best practices, and detect new risk areas.

.
Confidential 3

Some Implications of an Effective Compliance Program


Many federal agencies and bodies have enforcement programs that are consistent with the
Department of Justices Federal Sentencing Guidelines and, therefore, consistent with portions of the November 14, 2012, joint DOJ/SEC FCPA guidance relating to hallmarks of an effective compliance program: Securities and Exchange Commission Environmental Protection Agency Department of Commerce Department of Health and Human Services Food and Drug Administration

Many other federal and state agencies and bodies have separate programs, but in an
investigation, all are almost certain to seek all available information and data concerning a compliance programs, design, implementation, and oversight, as well as whether it works

What we can learn from the 2012 Morgan Stanley Non-Prosecution Agreement that found its
program effective? Proportionality Not everyone can replicate the Morgan Stanley program, but its all about proportionality Assess risks and update your program accordingly Train often and thoughtfully, and document, document, document Send reminders and be persistent Conduct due diligence
Confidential 4

More on the Morgan Stanley Declination


Training occurred at least once per year via different modalities (i.e., online, in-person, telephonic) Written training materials were distributed to be kept in offices There was at least some occasional personal contact between the compliance function and those it
sought to guide, based on risk Multiple reminders to complete a required task (e.g., training) were sent each year There was an annual certification process for anti-bribery/anti-corruption training There was an annual certification process for the Code of Conduct There was an annual requirement to disclose any outside business interests A documented policy existed to diligence foreign business partners A documented policy existed to review and approve any payments to foreign business partners

Regarding Morgan Stanleys internal control structure: It maintained a system of Section 404 internal controls; It had documented gift and entertainment policies as well as documented anti-bribery and corruption
policies; Trained its highest-risk geographical employees on internal controls and anti-bribery and corruption much more than other lower-risk geographical employees Appeared to have a close connection with Internal Audit such that certain employees, transactions and business units were randomly audited and tested.
Confidential 5

An LRN Thought Leadership Report

Risk Forecast Report 2013


Focus Area: SEC Enforcement

Ethics & Compliance Alliance

ECA Risk Forecast Report 2012 Ethics & Compliance Alliance Risk Forecast Report 2013

SEC Enforcement Hot Topics and Trends


Bradley J. Bondi ECA Expert Panelist Bradley J. Bondi brings a strong background and expertise to our LRN community in areas of SEC compliance and enforcement, insider trading compliance programs, and internal investigations on a global scale. Brad is a partner at the Law Firm of Cadwalader, Wickersham & Taft, LLP, where he focuses on securities, corporate, and financial laws, and enforcement cases. Prior to joining Cadwalader, Brad was a member of the executive staff of the Securities and Exchange Commission where he served as Counsel to key SEC Commissioners advising on enforcement actions and regulatory rulemaking.

Review of 2012 and Outlook for 2013


Current Enforcement Activity
The Enforcement Division of the U.S. Securities and Exchange Commission (SEC) continues to aggressively pursue violations of federal securities laws by corporations, financial institutions, and individuals. Compliance and legal personnel must be proactive to ensure that appropriate controls and policies are in place to prevent or catch misconduct. The SEC has been active this year with high-profile enforcement actions and investigations. According to its annual report, the SEC brought 734 enforcement actions this past year, the second highest number ever filed in a fiscal year (and one less than the 735 filed the prior year). Of these actions, 150 were filed in investigations designated as National Priority Cases, representing the Divisions most important and complex mattersan approximately 30 percent increase over 2011. During 2012, the SEC obtained for $3.1 billion in penalties and disgorgement. Much of these enforcement actions relate to conduct preceding or during the financial crisis. For example, during the past year, the SEC initiated enforcement cases relating to the financial crisis against top executives of the two largest government-sponsored entities for allegedly making misleading statements regarding the extent of each companys holdings of subprime mortgage loans; against former investment bankers and traders at a financial institution for allegedly overstating the prices of subprime bonds during the financial crisis; against former executives of a commercial bank for allegedly misleading investors about the size of the banks loan losses during the financial crisis; and against former executives of a bank for allegedly participating in a scheme to understate millions of dollars in losses and mislead investors and Federal regulators during the financial crisis. In addition, the SEC remains active in investigating and bringing actions for insider trading, violations by asset management firms, accounting misconduct, and violations of the Foreign Corrupt Practices Act (FCPA). The current enforcement focus of the SEC is a manifestation of the five specialized enforcement groups that SEC Enforcement Director Robert Khuzami established in late 2009: Asset Management, Market Abuse, Structured and New Products, Foreign Corrupt Practices, Municipal Securities and Pension Funds. With specialized enforcement groups focused on these areas, there undoubtedly will be further investigations and enforcement actions in these areas.

The SEC remains active in investigating and bringing actions for insider trading, violations by asset management firms, accounting misconduct, and violations of the Foreign Corrupt Practices Act (FCPA).

An LRN Thought Leadership Report

72

Ethics & Compliance Alliance Risk Forecast Report 2013 In addition to having personnel and resources allocated to them, these specialized enforcement groups are armed with new tools under the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank or the Act), namely, the ability to offer whistleblowers, who provide original information that leads to an enforcement action, between 10 to 30 percent of the SECs recovery. The year 2012 marked the first ever payout by the SEC to a whistleblower under the Dodd-Frank whistleblower bounty program. This program has the potential to change the landscape of the SECs enforcement efforts.

Emerging Enforcement Trends


Certain trends in SEC enforcement likely will emerge over the next year that will determine the cases the SEC chooses to investigate and bring as enforcement actions. Monitoring these trends will be important as companies strive to remain compliant with federal securities regulations.

Increased Importance of Whistleblowers

The year 2012 marked the first ever payout by the SEC to a whistleblower under the Dodd-Frank whistleblower bounty program. This program has the potential to change the landscape of the SECs enforcement efforts.

As part of Dodd-Frank, Congress created powerful incentives to encourage persons to report (i) potential violations of the federal securities laws to the SEC and (ii) potential violations of the Commodity Exchange Act (CEA) to the Commodity Futures Trading Commission (CFTC). While the Sarbanes-Oxley Act (SOX) encouraged up-the-ladder reporting by employees and allowed for self-policing and self-reporting by companies of potential violations, the Dodd-Frank whistleblower provisions create incentives for external reporting to regulators, thus hindering a companys self-policing efforts. The SECs rules to implement those provisions of the Act that are within the SECs authority raise serious challenges for public corporations, financial services firms, and other companies that are subject to the federal securities laws. Companies can expect an increase in the number of complaints that circumvent internal reporting mechanisms, and that instead, go directly or through plaintiffs lawyers to the government. Under Dodd-Frank and rules passed thereunder, the SEC may award a cash bounty of 10 to 30 percent of recovery to any individual whistleblower who voluntarily provides the SEC with original information derived through independent knowledge of a possible violation of any federal securities law. The information must lead to a successful enforcement action resulting in monetary sanctions exceeding $1 million in order for the bounty to be awarded. While certain legal, compliance, and audit professionals are generally excluded from qualifying as whistleblowers, current and former employees, competitors, vendors, customers, and even wrongdoers (provided the wrongdoer is not convicted of a related crime) all may qualify as whistleblowers under the rule. The SEC has formed the Whistleblower Office in the Division of Enforcement to handle the inflow of tips from whistleblowers, and the agency is actively searching for whistleblowers in certain cases. (The CFTC also passed similar rules for its whistleblower bounty program and took similar actions in establishing a whistleblower office). The SEC estimates that it will receive approximately 30,000 tips, complaints, and referrals submissions each year pursuant to the Dodd-Frank whistleblower provisions.

An LRN Thought Leadership Report

73

Ethics & Compliance Alliance Risk Forecast Report 2013 Importantly, the SECs whistleblower bounty program specifically allows and incentivizes individuals to utilize internal reporting channels before going to the SEC. The SECs rules seek to accomplish internal reporting in three ways. First, the SEC rules provide that an internal whistleblower may be eligible for an award where the company reports to the SEC information received from the whistleblower or the results of an investigation initiated in response to the whistleblowers information. In those circumstances, all the information reported by the company will be deemed attributable to the internal whistleblower. Second, a whistleblower is deemed to have reported directly to the SEC at the same time he or she has reported internally, so long as the whistleblower voluntarily reports original, independent information to the SEC within 120 days of having first reported the information internally to the company. Third, the SEC will consider whether and to what extent an individual made use of internal compliance procedures when assessing the amount of the bounty. On November 15, 2012, the SEC issued its Second Annual Report on the Dodd-Frank Whistleblower Program (the Report), covering the period between October 1, 2011 and September 31, 2012. The Report, which satisfies congressional reporting obligations found in sections 922(a) and 924(d) of the Dodd-Frank Act, provides insight into the effectiveness of the Commissions whistleblower bounty program,1 the activities of the office charged with administering the program, and the Investor Protection Fund from which bounty payments are made. The issuance of the Report offers an opportunity for companies to understand the focus of the Commissions whistleblower program and to reevaluate their own compliance and internal reporting systems. The SEC made its first whistleblower award in fiscal year 2012. According to the Report, the whistleblower received the maximum award of 30 percent for helping the Commission stop an ongoing multi-million dollar fraud.2 The Report indicates that fines in the judicial action already exceed $1 million, with further judgments and sanctions possible.3 Because the government collected approximately $150,000 by the end of the fiscal year, the Commission was able to pay nearly $50,000 to the whistleblower.4 While the percentage awarded was the maximum of 30 percent, the total dollar amount is relatively modest considering that most securities cases involve hundreds of millions of dollars in fines and penalties, and thus the potential remains for far greater awards than the one discussed in the Report.5 Because few details about the whistleblower, the fraudulent activity involved, or the company have been provided due to confidentiality provisions in the Dodd-Frank Act,6 the larger

Importantly, the SECs whistleblower bounty program specifically allows and incentivizes individuals to utilize internal reporting channels before going to the SEC.

1 For more information on the SECs whistleblower bounty program and best practices for companies dealing with whistleblowers, please see Bradley J. Bondi, Jodi Avergun, Thomas Kuczajda & Steven D. Lofchie, Cadwalader, Wickersham & Taft LLP, The Dodd-Frank Whistleblower Provisions: Considerations for Effectively Preparing for and Responding to Whistleblowers, BUSINESS FRAUD ALERT, May 26, 2011, http://www.cadwalader.com/ PDFs/newsletters/201105263321_BusinessFraudAlert_May_26.pdf. 2 U.S. SEC. & EXCH. COMMN, ANNUAL REPORT ON THE DODD-FRANK WHISTLEBLOWER PROGRAM FISCAL YEAR 2012 8 (2012) [hereinafter ANNUAL REPORT]. 3 Id. 4 Id. 5 Indeed, the amount pales in comparison to the whistleblower award of $104 million announced by the Internal Revenue Service (IRS) on September 11, 2012, in connection with the governments investigation of tax evasion by a Swiss bank. See David Kocieniewski, Whistle-Blower Awarded $104 Million by I.R.S., N.Y. TIMES, Sept. 11, 2012, available at http://www.nytimes.com/2012/09/12/business/whistle-blower-awarded-104-millionby-irs.html. The whistleblower, who was involved in that offense and who served two and a half years in prison, assisted the IRS in collecting over $780 million in fines and penalties from the bank. Id. By contrast, the SECs whistleblower bounty rules do not permit a whistleblower to recover a bounty where the whistleblower was convicted of a related crime. 6 15 U.S.C. 78u-6(h)(2).

An LRN Thought Leadership Report

74

Ethics & Compliance Alliance Risk Forecast Report 2013 significance of the award is hard to ascertain.7 Interestingly, the SEC also denied another tipper in the same matter an award, reportedly because that persons information did not contribute significantly to the SECs investigation. The Report also provided information on the number of whistleblower tips, complaints, and referrals (TCRs) made during fiscal year 2012. According to the Report, 3,001 TCRs were received by the SECs Office of the Whistleblower during the reporting period.8 Nearly 50% of those TCRs fell within three complaint categories: Corporate Disclosures (18.2%), Offering Fraud (15.5%), and Manipulation (15.2%).9 The 3,001 TCRs came from not only the United States (including all fifty states, the District of Columbia, and Puerto Rico), but forty-nine other countries as well.10 With respect to domestic TCRs, of which there were 2,507, nearly 50% came from six states: California (17.4%), Florida (8.1%), New Jersey (4.1%), New York (9.8%), Texas (6.3%), and Washington (4.1%).11 As for foreign TCRs, nearly 60% of the 324 came from Commonwealth countries,12 with another 8.0% from the Peoples Republic of China.13 Although only one award was paid out in fiscal year 2012, the SECs Office of the Whistleblower posted 143 Notices of Covered Actionnotices of enforcement judgments and orders that imposed monetary sanctions of $1 million or more.14 According to the Report, the Office of the Whistleblower continues to review and process applications for whistleblower awards based on those notices received during fiscal year 2012.15 In response to the new whistleblower bounty program, potentially affected companies should undertake a critical review of internal policies, procedures, and training to determine whether changes should be made. Educating employees on the SEC rules and the important fact that the employee may qualify as a whistleblower even after reporting the information through internal compliance channels are key. Compliance procedures must be clear and easy for employees to understand. Companies should implement an overall risk system that integrates compliance, legal, human resources, internal audit, and external audit to create a risk-

Educating employees on the SEC rules and the important fact that the employee may qualify as a whistleblower even after reporting the information through internal compliance channels are key.

7 ANNUAL REPORT at 8. 8 Id. at 4. 9 Id. at 45. 10 Id. at 5. One hundred and seventy (170) TCRs received in Fiscal Year 2012, representing 5.7% of the total received, were submitted without any geographical information provided. Annual Report at Appendix B: Whistleblower Tips Received by Location United States and its Territories Fiscal Year 2012. 11 Id. at Appendix B: Whistleblower Tips Received by Location United States and its Territories Fiscal Year 2012. 12 While the relatively high percentage of TCRs from Commonwealth countries may suggest a common culture that encourages whistleblowing activity, the number probably reflects the more mundane fact that residents of those countries are more likely to speak English, the language in which Form TCR and the Commission website are written. 13 The relatively high percentage of TCRs from China may be due to the SECs significant focus on issuers from China, and in particular Chinese reverse merger companies listed on U.S. exchanges. See, e.g., Press Release, U.S. Sec. & Exch. Commn, SEC Charges N.Y.-Based Fund Manager and Others With Securities Laws Violations Related to Chinese Reverse Merger Company (July 30, 2012), available at http://www.sec.gov/news/ press/2012/2012-146.htm; Press Release, U.S. Sec. & Exch. Commn, SEC Charges China-Based Company and Others with Stock Manipulation (Apr. 11, 2012), available at http://www.sec.gov/news/press/2012/2012-59.htm; Press Release, U.S. Sec. & Exch. Commn, SEC Approves New Rules to Toughen Listing Standards for Reverse Merger Companies (Nov. 9, 2011), available at http://www.sec.gov/news/press/2011/2011-235.htm; Luis A. Aguilar, Commr, U.S. Sec. & Exch. Commn, Facilitating Real Capital Formation (Apr. 4, 2011), available at http:// www.sec.gov/news/speech/2011/spch040411laa.htm; Scott Eden, China Reverse Mergers Continue Wild Ride, THE STREET, June 23, 2011, http://www.thestreet.com/story/11083003/1/china-reverse-mergers-continue-wildride.html. 14 ANNUAL REPORT at 6, 89. Individuals have 90 days to apply for an award based on the posted notices of covered action. 15 Id. at 9.

An LRN Thought Leadership Report

75

Ethics & Compliance Alliance Risk Forecast Report 2013 based approach to preventing, detecting, and responding promptly to potential violations. As part of such a system, user-friendly internal reporting mechanisms are essential to encourage employees, agents, and others to bring any potential wrongdoing to the attention of the company. For example, companies should consider: Hotlines. Anonymous and confidential hotlines for employees, contractors, vendors, and customers to report potential securities law violations and other misconduct; Audit. An independent and robust internal audit function and an audit committee with active oversight and involvement in the audit function; Prioritization. Processes and procedures that ensure that internal complaints are prioritized and evaluated quickly, and thoroughly investigated based on risk factors. Results and trends from such complaints should be integrated into the companys assessment of its compliance risks and financial reporting controls; Internal Reporting Requirements. Internal rules that require employees to report any suspected wrongdoing to legal or compliance personnel; and Training. Training programs that credibly reiterate an institutional commitment to integrity and fair dealing, and that clearly set out internal complaint procedures.

Insider Trading
The SECs Market Abuse unit in the Division of Enforcement likely will remain heavily focused on investigations and enforcement actions for insider trading. In 2012, the SEC filed 58 insider trading actions with a focus on financial professionals, hedge fund managers, and corporate insiders. Some of these insider trading actions involved high-profile individuals such as the former global head of McKinsey and Co. The SECs Enforcement Division remains focused on employees and agents (including lawyers and consultants) of public companies who trade on material, nonpublic information gained from their work relationship. Employees are prohibited by law from trading on material, nonpublic information gained from their employment. Similarly, agents and contractors may be liable for insider trading if they violate their confidentiality to the source of the information by trading on material, nonpublic information or providing it to someone else who trades. The SEC remains active in bringing cases where employees and agents illegally capitalize based on their relationship with a company. In addition, the Department of Justice (DOJ) has increased efforts to prosecute inside trading as a crime. The DOJ possesses law enforcement tools such as the use of wiretaps, trap-and-trace devices, confidential informants, search warrants, and grand juries to gather information where the SEC is unable. Of course, the SEC ultimately may use much of this information following a criminal trial. With the presence of criminal prosecutors and federal agents, the stakes could not be higher for companies, financial services firms, and individuals. Companies and financial services firms must establish compliance policies and procedures to address insider trading and interactions with potential tippers, including outside consultants, agents, and expert networks. Effective

Companies and financial services firms must establish compliance policies and procedures to address insider trading and interactions with potential tippers, including outside consultants, agents, and expert networks.

An LRN Thought Leadership Report

76

Ethics & Compliance Alliance Risk Forecast Report 2013 policies and procedures should address, as applicable: (1) the prevention of selective release of information in violation of Regulation FD (Fair Disclosure); (2) protecting the release of material, nonpublic information, including the use of social networks; (3) the implementation of information barriers between the firms public and private sides; (4) the interaction with expert networks and experts; (5) rules for trading by employees; and (5) the monitoring, surveillance, and supervision of employees with material, nonpublic information. All employees at the company should be trained thoroughly on the laws governing insider trading and the firms policies and procedures. A culture should be created to encourage employees to report to compliance or legal personnel any unusual or problematic activity. Companies should document both the processes implemented and the steps personnel take in compliance with these processes, thereby creating a detailed record of the firms efforts to meet its legal and regulatory obligations.

Foreign Corrupt Practice Act


The SEC, together with the DOJ, continues to be aggressive in pursuing violations of the Foreign Corrupt Practice Act. The DOJ and SEC settled several high profile FCPA matters, and according to news reports, initiated several new investigations. During 2013, the DOJ and SEC are likely to be involved in more investigations stemming from the topple of governments. The recent wave of Arab Spring upheavals that continue to ripple across the southern and eastern shores of the Mediterranean may present the threats common to foreign businesses caught in the midst of revolution, including extortion, nationalization, expropriation, and physical violence against executives and employees. These modern revolutions also pose new challenges to international firms, as evidence or allegations that they engaged in corrupt behavior may be made public through documents in a ransacked government ministry building, or through an incarcerated former official, an enterprising journalist or prosecutor in the new regime, or a whistleblower within the foreign company itself. If such allegations come to the attention of U.S. authorities or other governments, the company could face severe criminal and civil penalties for violations of the Foreign Corrupt Practices Act, among other laws.

During 2013, the DOJ and SEC are likely to be involved in more investigations stemming from the topple of governments. Threats common to foreign businesses caught in the midst of revolution include extortion, nationalization, expropriation, and physical violence against executives and employees.

Corporate Accounting and Internal Controls


In the aftermath of the financial crisis, companies both in the United States and around the globe have struggled to meet investor expectations and remain competitive on the international stage. Faced with challenging financial conditions, companies have focused efforts on essential costcutting measures, while also exploring opportunities in emerging markets and developing new products and services for this decade and beyond. During challenging times, some employees may become tempted to cut corners and engage in fraud. At the same time, regulators, faced with increased scrutiny for their apparent shortcomings prior to and during the financial crisis, have increased investigative and enforcement efforts to combat a perceived growth in corporate fraud. The SEC, in particular, will continue to focus on corporate accounting involving significant accounting judgment such as revenue recognition, capitalization of costs, valuation, and percentage-of-completion accounting.

An LRN Thought Leadership Report

77

Ethics & Compliance Alliance Risk Forecast Report 2013 For example, in 2012, the SEC charged a financial services firm and three of its senior executives for allegedly participating in an accounting scheme involving life settlements. According to the SEC, the company overstated the value of assets held on the companys books and created the appearance of a steady stream of earnings from brokering life settlement transactions.

The best global companies of today and the future must make corporate integrity and ethics the centerpiece of their culturepermeating every level of the organization, from the board and senior management down to entry level employees in foreign subsidiaries.

Against this backdrop, companies must remain focused on building and maintaining a strong fraud prevention and compliance program. The best global companies of today and the future must make corporate integrity and ethics the centerpiece of their culturepermeating every level of the organization, from the board and senior management down to entry level employees in foreign subsidiaries. Focus must be placed not only on compliance with the law, but compliance with the tenets of honesty, ethics, and the highest levels of integrity. Creating such a culture is not easy, but must become a reality for any organization that hopes to compete on the global stage. A strong anti-fraud program is not only an essential business requirement in todays modern world, it is a crucial factor for regulators when determining sanctions after problems arise. The United States Department of Justice and the Securities and Exchange Commission have written policies that allow for leniency when sanctioning companies that have established and maintained robust compliance programs and internal controls.

Conclusion
This year likely will see an increase in enforcement actions by the SEC. The SEC enters 2013 with the nomination as agency Chairman of Mary Jo White, a former U.S. Attorney with a strong reputation in law enforcement. The SECs Division of Enforcement also is likely to see the benefits of the whistleblower bounty program. The SEC is likely to bring fewer cases this upcoming year relating to the financial crisis and more cases in the area of insider trading, accounting misconduct, and investment management. With this in mind, legal and compliance personnel should be proactive in assessing compliance programs, internal controls, and anti-fraud programs to ensure that proper policies and procedures are in place.

An LRN Thought Leadership Report

78

The LRN Ethics & Compliance Alliance (ECA) is an online community of thought leaders and practitioners that provides unique resources and support to enhance enterprise-wide knowledge, mitigate risk, support collaboration with experts and peers, and implement program components. Encompassing practical and leading-edge resources, tools and content across 15 key ethics and compliance risk areas, the ECA is an invaluable partner resource for ethics and compliance program design, implementation and management strategies and provides important insights and tools to effectively mitigate and manage risk. Among other valuable subscriber benefits, the ECA provides a unique opportunity to interact and collaborate with leading subject-matter experts across all the major ethics and compliance risk areas and provides an extensive library of handson resources and tools to include model policies and program materials, risk assessment procedures, legal research, analyses of recent legal developments, and educational materials such as the ECA Risk Forecast Report. The ECA Risk Forecast Report is an annual publication of the most significant risks facing organizations today, as reported upon and analyzed by 11 leading ethics and compliance experts. These individualsleading specialists whose articles are featured in the body of the Reportprovide insight into the regulatory and compliance challenges we face in 2013 and the developments that are likely to result. NOTE: The specific focus area and expert perspective covered in this resource is an excerpt from our full ECA Risk Forecast Report and is representative of other major focus and risk areas covered and presented. The full, 72-page Report is available on the LRN Ethics & Compliance Alliance member site. If you are an ECA subscriber, please log onto the ECA web site to download the complete version. If you are not currently an ECA partner subscriber and would like to receive a copy of the full Report and learn more about our LRN ECA Solution, please email us at ContactUs@lrn.com.

The views and opinions expressed in the ECA Risk Forecast Report: (a) are for informational purposes only and are intended to represent only educated forecasts, not predictions of future events; and (b) are not presented for the purpose of providing legal advice. You should contact your legal counsel to obtain advice with respect to any particular legal or regulatory issue. In the case of opinions in this Report presented by a named author, those opinions are held by the individual author and do not necessarily reflect the opinions of that authors employer or firm.

About LRN: Inspiring Principled Performance


Since 1994, LRN has helped over 20 million people at more than 700 companies worldwide simultaneously navigate complex legal and regulatory environments and foster ethical cultures. LRNs combination of practical tools, education, and strategic advice helps companies translate their values into concrete corporate practices and leadership behaviors that create sustainable competitive advantage. In partnership with LRN, companies need not choose between living principles and maximizing profits, or between enhancing reputation and growing revenue: all are a product of principled performance. LRN works with organizations in more than 100 countries and has offices in Los Angeles, New York, London, and Mumbai. For more information, visit www.LRN.com, join our community on Facebook at facebook.com/howistheanswer, or call: 800 529 6366 or 646 862 2040.

Copyright LRN Corporation. All rights reserved. L1044-0113-01-NY

Roles, Reporting, & Relationships with the Board

April 11-12, 2013

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

Lets Start with the Basics Delaware Law Considerations


Fiduciary Obligations of the Board of Directors The Board is charged with managing and directing the affairs of the
company. Delaware Law imposes fiduciary duties on directors (and officers) of corporations, but doesnt dictate with specificity how the board should carry out its mandate. The primary fiduciary duties are: The duty of care, which requires that a boards actions and conduct be
informed and considered and that decisions made must be with requisite care. So, a board should (1) inform itself of all material information reasonably available to it; (2) carefully consider that information and all reasonable alternatives, and (3) act with requisite care in discharging its duties. The duty of loyalty, which requires a board to act in good faith, in a manner it reasonably believes to be in the best interests of the corporation, and to place the interests of the corporation and the shareholders above any personal interest.
Confidential 2

Board Decision Making


Decisions made by a Board of Directors are generally protected by the business
judgment rule (BJR), which presumes that in making a decision, a board acted in an informed basis, in good faith, and in the honest belief that the action taken was in the best interests of the company and its shareholders.

BJR protections can be lost if a boards action was found to have been tainted with
fraud, a lack of good faith, a failure to act or exercise judgment, self-dealing, recklessness, or improper director interest in the decision.

Generally, fiduciary duties are owed to the corporation and its shareholders only;
no such duties are owed to creditors of a solvent corporation as such parties are protected by and rely on their contractual rights.

If a corporation is insolvent, then a board has a duty to maximize the value of the
corporation to serve the interests of all stakeholders even though the boards substantive fiduciary obligations and the application of the BJR to those obligations are generally the same. The difference is that upon insolvency, the corporations creditors take the place of the shareholders as the residual beneficiaries of the corporations value.
Confidential 3

Boards Can Choose to Have Companies Focus onWhatever They Want


Is the board at liberty to focus on one aspect of its business, perhaps enhancing corporate
culture, rather than on strictly maximizing shareholder value? Interestingly, the two are by no means mutually exclusive quite the contrary but the short answer is, absolutely.

Corporations have the choice to focus on long-term, value-building strategies over short-term
initiatives.

Beyond their fiduciary obligations, broadly speaking, only the companys charter constrains the
choices boards and management can make on how to conduct the companys business.

Normally, the charter contains no more than a generic statement that the corporation can do whatever
it decides to do, as long as its legal. And since there is typically nothing in the charter directing a focus exclusively on quarterly profits, maximizing shareholder value, or increasing revenue or operating margins, a corporations board can consider its mission, and how it chooses to fulfill it, both broadly and carefully.

In referring to a corporations assets and earnings, Professor Lynn Stout notes in her book, The
Shareholder Value Myth How Putting Shareholders First Harms Investors, Corporations, and the Public, that as long as a board does not take those assets for themselves, they can give them to charity; spend them on raises and health care for employees; refuse to pay dividends so as to build up a cash cushion that benefits creditors; and pursue low-profit projects that benefit the community, society, or the environment. They can do all these things even if the result is to decrease not increase shareholder value.
Confidential 4

Boards of Directors Have Been Called Out on Compliance


The Federal Sentencing Guidelines (FSG) say that ,with respect to such governing authorities,
they shall: [B]e knowledgeable about the content and operation of the program to prevent and detect violations of the
law

Periodically receive information on the implementation and effectiveness of the program [E]xercise reasonable oversight with respect to the implementation and effectiveness of the program Periodically receive training on the program and on its responsibilities

In the 1996 decision in the case of In re Caremark Inc. Derivative Litigation by the Delaware
Chancery Court, the court noted, with respect to the criteria for compliance programs in the FSG, that any rational person attempting in good faith to meet an organizational governance responsibility would be bound to take into account this development and the enhanced penalties and the opportunities for reduced sanctions that it offers.

In two 2006 Delaware Supreme Court decisions (In re Walt Disney Company Derivative
Litigation and Stone v. Ritter), that court noted that boards may be liable for a failure to exercise oversight if they completely failed to implement any reporting system or controls. Further, even if such a system or set of controls is in place, liability might still arise for a conscious failure to monitor such programs thereby hindering themselves from becoming informed of risks and problems.
Confidential 5

When Should a Board Find out About a Compliance Issue?


Consider having a formal process for notifying the board, or a committee of the
Board (e.g., the Audit Committee or the Governance & Nominating Committee). Set out what types of allegations require the Compliance Officer to make a notification. Consider making the fact that such allegations must go to the board public within the
company.

Board should know what the process is when the compliance function receives a
contact (helpline, email, telephone call, or hallway conversation). For example, the helpline. When someone does speak up by choosing to call a helpline, does the board know: Who answers the call, who employs that person, and where is he/she sitting when the
call is answered? That the helpline uses no caller-ID and no GPS tracking technology? How calls are classified or routed, who gets notified for what types of calls, and then how the investigative process may be divided among various functions (if the case)? Whether or not those with investigative authority also have disciplinary authority? .
Confidential 6

Preface

This is a presentation used at the first meeting of the Altria Compliance Leadership Team, a group composed of all the peer functions of the chief compliance officer audit, human resources, legal, communications, finance, etc and with key representatives of the operating companies. The task was to create a consensus and build an operating approach that all functions and all operating units were invested in. It is a good background to bring out the issues inherent in leading compliance and risk via influence rather than via top down control. David Greenberg

Why are we here?

Reflecting high standards that help us meet our legal obligations and our commitments to stakeholders and society The Chief Compliance Officer will be responsible for making sure that appropriate policies and programs, reflecting high standards of conduct, are established which allows us to fully comply with all applicable laws, regulations and significant corporate commitments.

Via world class compliance practice The CCO will work with PM Companies and the operating companies to make sure that such policies and programs are implemented through best practices in the areas of communications, training, monitoring and enforcement.

What do we want to accomplish?

Develop a forward strategy for the enterprise on integrity and compliance Draft corporate standards that reach the critical corporate integrity and compliance issue

Discuss and share best practices on those elements that, together, will produce world class compliance programs for PM Companies and the operating companies Examine how to integrate learnings from our experience and that of other companies into the systems and processes our companies use to drive our businesses

What do we want to accomplish?

Define how we can best work together Develop a realistic way of driving a coordinated strategy, sharing resources and information, and giving the Corporate CCO the ability to assure the Board of Directors that PM Companies Inc is meeting its compliance and integrity obligations

What is my current point of view?

We will know we are successful when every employee makes decisions with the help of the compliance trinity Is it the right thing to do? Is it legal? What will others think?

What is my current point of view?

We are not there yet because We lack a systematic, high level, collaborative, process for thinking about risk, reputation and high standards of conduct We have not integrated integrity and compliance into how we manage our businesses in particular, the corporation does not sufficiently engage the operating companies on this topic We do not broadly reach out to our employees on issues of integrity and compliance; technology now makes it possible to do so; and the Federal Sentencing Guidelines require us to do so We have not had a focal point for driving such an effort, but we do now its in this room today

What are the big questions we should try to answer?

Overall What is the essence of the task of compliance and compliance officers? How do we move the corporation and the operating companies toward a strong culture of integrity and compliance? How do we get better at anticipating and minimizing legal and reputational risks? How do we leverage existing processes so that compliance does not remain the province of compliance officers?

What are the big questions we should try to answer?

Risk Assessment How do we move risk assessment up the food chain of key considerations in running our businesses and functions? What tools are available to help us? How do we connect risk assessment to key budget, planning and reporting events and processes? Who is already involved in evaluating legal and reputational risks and how can they help us? What are each of our key priority risk areas, and why?

What are the big questions we should try to answer?

Compliance Management How do we drive compliance and integrity into the business? How do we develop a clear plan and clear accountability for compliance and integrity? What is the process for ensuring that the plan is executed?

What are the big questions we should try to answer?

Compliance Management Continued


Do we have fail safe outlets for employee questions and concerns about integrity and legality? Do we have a consistent and fair process for investigating and sanctioning legal and ethical violations? Do we have a learning loop to incorporate our successes and failures in managing compliance and integrity?

What are the big questions we should try to answer?

Communications and Training Are we reaching our people with powerful messages about the importance of integrity and compliance? Are we reaching them with the specific training they need to deal with the risk areas they confront in their work? Are we engaging them on integrity and compliance or just preaching to them? Do we know whether our training works?

What are the big questions we should try to answer?

Auditing and Evaluating How do we know if our compliance and integrity efforts are effective? How do we leverage the reach and expertise built into our audit network?

What are the big questions we should try to answer?

Structure and Coordination Which aspects of our efforts are so central to our corporate integrity and compliance that they need to be uniform across the enterprise? What tasks/projects add sufficient value across operating companies that they should be done from the corporate center? What is the impact of corporate separateness on our programs and practices?

What are the big questions we should try to answer?

Structure and Coordination Continued What kind of review and reporting process will allow the operating companies to get on with their integrity and compliance programs but give corporate the assurance it needs for the Board? What task forces are needed to build/share best practices? What communications tools will facilitate our work together? What is the role of the corporate functions (law, HR, IS, corporate affairs, finance) in our overall integrity and compliance effort?

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


Do we have the right model for the program?
How do we benchmark our program with those of other leading companies? How have we ascertained whether our program is consistent with key external (e.g., governmental) standards by which our program could be judged?

Are we identifying and prioritizing the Companys compliance risks?


How do we get input from businesses and functions to be sure our assessment of the Companys compliance risks is realistic and current? How do we ensure that compliance risks are taken into account and managed when we: Launch new products? Enter into collaborative relationships with third parties? Launch business initiatives in new geographies? Initiate new management strategies and business models (cost-cutting, new performance metrics, etc.)?
1

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


Are our compliance standards (e.g., code of conduct), procedures and internal controls linked to the results of our prioritized compliance risk assessments? How are we communicating to employees about (A) their job-related compliance risks and (B) the importance of Compliance/Integrity generally at the Company?
Are communications and training calibrated to compliance risk assessments? How do make sure employees meet their compliance training requirements? How do we assess the effectiveness of compliance training and other communications? How do we know if the code is understood and accepted throughout the Company? Is the Board receiving appropriate training with respect to its compliance program oversight responsibilities and its own compliance risks? Have we assured that we have a code that appropriately covers risk associated with Board membership (NYSE requirement)?
2

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


How do we use performance management tools - compensation, bonuses, promotion, and discipline - to help ensure that Company personnel - especially managers - take compliance/integrity seriously?
Are compliance performance and commitment to the compliance program made part of objectives and evaluations of:
Employees? Managers? Senior Management?

How do we know that those conducting performance evaluations are taking the compliance-related elements seriously? What do we do to make discipline for code of conduct violations consistent across the Company? Is discipline even-handed so that higher-ups do not get a break when lower level employees would not?

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


How does the board know that management is appropriately vetting new hires and promotions to avoid placing potential wrongdoers in positions of authority?
Are there appropriate safeguards when the company retains agents and other third parties?

Do we have the right systems (including the HelpLine) to ensure that (A) observed compliance violations and (B) compliance questions/concerns are surfaced and brought to the attention of appropriate personnel at the Company?
How does the HelpLine work and what information of value do we gain from the data gathered? What policies and procedures do we have to protect whistleblowers? How do we know if employees trust our systems for advice and reporting? How do we monitor the operation of the HelpLine and the appropriate treatment of HelpLine calls? Is any of the data gathered useful outside the compliance area, e.g., in areas of general management?

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


What mechanisms are in place to assure that important compliance/integrity issues reach the Chief Compliance Officer?
How is the policy that requires elevation of key compliance issues to the Chief Compliance Officer working? Does the Chief Compliance Officer receive regular, appropriately detailed reports on the implementation and effectiveness of the compliance program from around the Company?

Do we audit compliance risk areas?


How do we determine what risk areas, business areas, etc. get audited with respect to compliance and integrity? How do we assure that auditors are independent yet fully qualified to do these specialized audits? How do we audit for risks that are not easily measured, such as antitrust or overseas bribery? How do we assure that audit findings are appropriately responded to and followed up? Are there any areas where the compliance office is not satisfied with managements response to audit findings? Are we auditing for actual violations, or just to see if processes are in place?

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


What other monitoring of the program and of compliance do we do?
What types of internal control systems do we use to prevent violations?

What other ways do we evaluate the effectiveness of the program to gauge whether it is reasonably effective? Are we responding appropriately to identified compliance allegations and issues?
How do we assure that investigations are conducted professionally and in a way that would stand up to outside scrutiny? Do we have any policies or procedures on disclosing violations to the government? Do we have appropriate policies and procedures to assure the preservation of relevant documents and information when there are allegations of misconduct? When we conduct investigations, is there any system that looks at root cause of violations and how the systems can be improved or changed to prevent recurrence?
6

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


Does the company have the right resources and personnel to oversee, manage and implement the program?
Does the program have the right level of resources?
How has management determined the right level of resources? Do compliance officers (Chief Compliance Officer, Operating Company Compliance Officers, any other compliance personnel) have the resources, support and autonomy needed to do the job?

In addition to Chief Compliance Officers at Corporate and OpCos, how well do the following functions support the program:
Law Department? HR? Audit? IT? Finance? Corporate Affairs? How is this assessed?
7

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


In addition to chief compliance officers at Corporate and OpCos, are there adequate personnel to champion and manage the compliance/integrity program at the local level? How do we assure that compliance subject matter experts remain directly involved in compliance planning and execution?
How do these experts communicate compliance requirements to other personnel with compliance responsibilities? How do we assure that our subject matter experts remain current with developing risks in their areas?

How do we manage change in the compliance area?


Personnel? Law, regulation?

QUESTIONS FOR STRATEGIC AND OPERATIOAL OVERSIGHT


Does senior management at the Corporate and OpCo level support the compliance program in terms of:
Program needs (personnel, resources)? Personal actions regarding compliance?

Are there committees established which meet regularly to discuss current issues?
Are these HQ, Company level, or both? Are the members of these committees people who really know what is going on?

Are compliance reports regularly submitted by key field compliance personnel (environmental, FDA, legal, etc.)? Do we receive annual certifications from Company managers about whether they are aware of any compliance failures?

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


Are the Board and Senior Management receiving the information they need to provide a reasonable degree of oversight of the compliance and integrity program?
Does the Board learn in a timely way about:
Compliance violations? Important investigations into possible compliance violations? Progress in implementing new compliance initiatives? Ongoing information relating to the effectiveness of the program? New areas of risk?

How does our Board compare to Boards of other companies in its approach to compliance program oversight?
Does the Board have the resources it needs? Does the Board have the processes it needs?

10

QUESTIONS FOR STRATEGIC AND OPERATIONAL OVERSIGHT


Has the Board sufficiently documented its role in the compliance program and its level of commitment? Does the compliance information provided the Board adequately cover operations in all parts of the globe? Are there any areas of disagreement between the compliance office and management?
If so, how does the Board learn about these?

How does the Board know that the compliance system is comprehensive?
Is there anything carved out from the official compliance program? Are corporate governance, environment, Sarbanes-Oxley, HR compliance issues, matters in the legal department all consolidated in what the Board hears from the compliance officer, or are there any gaps?

How does the Board assess the compliance program other than by relying on what the compliance officer reports on the program?

The E&C Industry Continues to Grow, Though Somewhat More Slowly


KEY INSIGHTS

Budgets are mostly stagnant,


although 39% of E&C leaders project their budgets will increase this year, a 6% decrease compared to last year.

Education and communication


top the list of non-staff expenses

15% 9%

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

21

Overall, Staffing Levels Continue to See Slow Growth


KEY INSIGHTS

E&C staffing levels are


projected to remain largely unchanged for 2013, continuing the 2012 and 2011 trend.

Planned increases (35%) far


outweigh planned decreases (5%).

E&C Employees per Thousand FTEs


15% 9%

Regulated Industries

2.33

Less Regulated Industries

0.89

Overall

1.54

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

22

Highly Regulated Firms Keep Spending and Doing More Than Their Less Regulated Counterparts
E&C Budget Adjustments
(Highly Regulated Firms)
Decrease 16% Increase 49% No Change 34% Increase 29%

E&C Budget Adjustments


(Less Regulated Firms)
Decrease 15%
69% 69%

No Change 56%

E&C Headcount Adjustments


(Highly Regulated Firms)
Decrease 6% Increase 40% No Change 54%
15% 9%

E&C Headcount Adjustments


(Less Regulated Firms)
Decrease 3% Increase 31%

No Change 66%

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

23

Home Topics Accounting and Auditing Compliance and Technology Enforcement & Litigation Enterprise Risk Management Executive Compensation GRC Illustrated International, Global Issues Internal Controls, SOX 404 More: D&O, XBRL, C...

Succeeding With External Compliance Monitors

Jaclyn Jaeger June 02, 2010

Any compliance officers out there who believe they have a hard time working with a government-appointed compliance monitor, be quiet. United Launch Alliance has a story that tops yours.

The aerospace concern, a joint venture between Boeing and Lockheed Martin to build rockets and send satellites into orbit for the U.S. government, had to accept three compliance monitors simply to start business in late 2006. That was primarily driven by pre-existing compliance demands placed upon its parent companies, plus the need to integrate the companies different processes from Day 1 of ULAs existence. Then there was the small fact that as a defense contractor itself, ULA would be subject to its own thicket of compliance rules.

Corrigan

ULAs head of internal governance, Cindy Corrigan, explained how the company navigated such a complex monitoring structure at the Compliance Week 2010 conference. She also brought along Leslie Kenne, a retired U.S. Air Force lieutenant general and one of ULAs monitors, and Steven Shaw, the Air Forces deputy general counsel for contractor responsibility, to give their thoughts on how best to work with monitors. One of ULAs first challenges was that it had to figure out who its monitors would be. To begin business, ULA had to accept the obligations of an administrative agreement previously struck by Boeing and the U.S. Air Force. That agreement did allow ULA to choose its own external special compliance officer to oversee compliance with the agreement, but that monitor needed Air Force approval. Of course, not all companies can choose their compliance monitorbut if you can, then hiring the right person is essential. Kenne stressed that employees generally act more positively if they believe they are being treated fairly and can have their day in court. That means an auditor, whose primary role is to find wrongdoing, might not be the ideal person for the job, she said. Still, she added, the interests of the monitor should remain with the government, not the company. Corrigan said she also worked hard to get clarity around the language of ULAs agreement with the government, to have a common understanding of exactly what the Air Forces expectations were. Building a relationship of mutual trust and respect, and open honest communication with both the compliance monitor and the government was essential, she said. Shaw agreed. The governments goal, he stressed, is to minimize the risk of future misconduct. Were not doing this just by putting people in jail; were trying to be proactive, he said. An ongoing dialogue of trust benefits both sides.

Still, Corrigan added, the process was much easier said than done. It took quite a bit of talks back and forth to ensure things were aligned, she said.

Leslie Kenne, a compliance monitor for ULA appointed by the U.S. Air Force, talks about her job at Compliance Week 2010.

This is where a compliance monitor can play a significant role. For example, Kenne said she defines ensuring compliance and enforcing compliance as two separate matters. Ensuring compliance means looking at how the company obeys government requirements; enforcing it is about how the company punishes wrongdoers. Clarifying those distinctions is essential, she said, because not all companies see them as separate issues. As part of ULAs administrative agreement, individuals also were assigned responsibility for implementing the compliance program. That was really fundamental, Kenne said, because if specific people arent assigned to the task, the compliance program can flop. As a final step, a series of reviews were also performed. These involved weekly internal reviews, and monthly external reviews with the compliance monitor. Punishments When deciding whether to bar a company from working with the government, Shaw said he first assesses the evidence to determine whether

any misconduct did indeed happen. If it did, the burden of proof then falls to the contractor, which must demonstrate that the appropriate processes were existing and operating to try to prevent the misconduct.

Source

DOJ MONITOR MEMO

Department of Justice (March 7, 2008).

If the company can indeed show that it was making a good-faith effort to fight fraud or other misbehavior, Ill probably just ignore the case and put it in my file, Shaw said. On the other hand, if those practices werent present and the company has no immediate hope of implementing any, then debarment from government business is likely and usually lasts three years, he said. Shaw admitted that sometimes his decisions can be a close call. Gray areas arise when a company might need help overseeing a process; Shaw compared it to a criminal defendant being sentenced to probation. In those situations, companies usually must report to the Air Force quarterly, sometimes monthly. At those meetings they must explain whats being done to improve their compliance programs. In addition, the government insists on two outside verifications: one performed by the compliance monitor, and another by a separate ethics consultant. The consultants role is to review the programs and report those findings to the federal government, so that I dont have to take the word of the company, Shaw said. The compliance monitor, meanwhile, reviews the companys compliance with its administrative agreements to see how the company is performing. Above all, the government wants to know that a company takes its compliance program seriously, Kenne said. Its just as important for [companies] to be able to find their own problems, then take the actions to fix them, she said. Thats really what we want to see. In contrast, she said, the government does not want to see the company start slashing budgets and minimizing the importance of a compliance program

immediately after an administrative agreement ends. This is where mutual trust and communication, again, come into play, Kenne said. Really, what you want when its all over is for the company to have a robust, compliance program and for the government to be able to trust that company to stay in compliance, she said. Thats a win-win, and you dont win-win by hiding things from each other. And that mutual respect should reside on all levels. Using her position as an example, Kenne said: Ive worked with Steve [Shaw]s staff frequently, letting him know how things are going, calling him if I have questions, she said. When in doubt, communicate. As often said, tone at the top is paramount. Compliance monitors need to see the full involvement of the chief compliance officer and the CEO, Kenne said. Theyve got to have that upper-level involvement if they are going to be successful.

Seal of the United States Department of Justice U.S. Department of Justice Office of the Deputy Attorney General

The Deputy Attorney General

Washington, D.C. 20530

March 7, 2008

MEMORANDUM FOR HEADS OF DEPARTMENT COMPONENTS UNITED STATES ATTORNEYS FROM: SUBJECT: I. Craig S. Morford Acting Deputy Attorney General Initial of Craig S. Morford Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations'

INTRODUCTION

The Department of Justice's commitment to deterring and preventing corporate crime remains a high priority. The Principles of Federal Prosecution of Business Organizations set forth guidance to federal prosecutors regarding charges against corporations. A careful consideration of those principles and the facts in a given case may result in a decision to negotiate an agreement to resolve a criminal case against a corporation without a formal conviction - either a deferred prosecution agreement or a non-prosecution agreement.2 As part of some negotiated corporate agreements, there have been provisions pertaining to an independent corporate monitor.3 The corporation benefits from expertise in the area of corporate compliance
1

As used in these Principles, the terms "corporate" and "corporation" refer to all types of business organizations, including partnerships, sole proprietorships, government entities, and unincorporated associations. The terms "deferred prosecution agreement" and "non-prosecution agreement" have often been used loosely by prosecutors, defense counsel, courts and commentators. As the terms are used in these Principles, a deferred prosecution agreement is typically predicated upon the filing of a formal charging document by the government, and the agreement is filed with the appropriate court. In the non-prosecution agreement context, formal charges are not filed and the agreement is maintained by the parties rather than being filed with a court. Clear and consistent use of these terms will enable the Department to more effectively identify and share best practices and to track the use of such agreements. These Principles do not apply to plea agreements, which involve the formal conviction of a corporation in a court proceeding. Agreements use a variety of terms to describe the role referred to herein as "monitor," including consultants, experts, and others.
2

Memorandum for Heads of Department Components and United States Attorneys Subject: Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations

Page 2

from an independent third party. The corporation, its shareholders, employees and the public at large then benefit from reduced recidivism of corporate crime and the protection of the integrity of the marketplace. The purpose of this memorandum is to present a series of principles for drafting provisions pertaining to the use of monitors in connection with deferred prosecution and nonprosecution agreements (hereafter referred to collectively as "agreements") with corporations.4 Given the varying facts and circumstances of each case - where different industries, corporate size and structure, and other considerations may be at issue - any guidance regarding monitors must be practical and flexible. This guidance is limited to monitors, and does not apply to third parties, whatever their titles, retained to act as receivers, trustees, or perform other functions. A monitor's primary responsibility is to assess and monitor a corporation's compliance with the terms of the agreement specifically designed to address and reduce the risk of recurrence of the corporation's misconduct, and not to further punitive goals. A monitor should only be used where appropriate given the facts and circumstances of a particular matter. For example, it may be appropriate to use a monitor where a company does not have an effective internal compliance program, or where it needs to establish necessary internal controls. Conversely, in a situation where a company has ceased operations in the area where the criminal misconduct occurred, a monitor may not be necessary. In negotiating agreements with corporations, prosecutors should be mindful of both: (1) the potential benefits that employing a monitor may have for the corporation and the public, and (2) the cost of a monitor and its impact on the operations of a corporation. Prosecutors shall, at a minimum, notify the appropriate United States Attorney or Department Component Head prior to the execution of an agreement that includes a corporate monitor. The appropriate United States Attorney or Department Component Head shall, in turn, provide a copy of the agreement to the Assistant Attorney General for the Criminal Division at a reasonable time after it has been executed. The Assistant Attorney General for the Criminal Division shall maintain a record of all such agreements. This memorandum does not address all provisions concerning monitors that have been included or could appropriately be included in agreements. Rather this memorandum sets forth nine basic principles in the areas of selection, scope of duties, and duration. This memorandum provides only internal Department of Justice guidance. In addition, this memorandum applies only to criminal matters and does not apply to agencies other than the In the case of deferred prosecution agreements filed with a court, these Principles must be applied with due regard for the appropriate role of the court and/or the probation office.
4

Memorandum for Heads of Department Components and United States Attorneys Subject: Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations

Page 3

Department of Justice. It is not intended to, does not, and may not be relied upon to create any rights, substantive or procedural, enforceable at law by any party in any matter civil or criminal. Nor are any limitations hereby placed on otherwise lawful litigative prerogatives of the Department of Justice. II. SELECTION

1. Principle: Before beginning the process of selecting a monitor in connection with deferred prosecution agreements and non-prosecution agreements, the corporation and the Government should discuss the necessary qualifications for a monitor based on the facts and circumstances of the case. The monitor must be selected based on the merits. The selection process must, at a minimum, be designed to: (1) select a highly qualified and respected person or entity based on suitability for the assignment and all of the circumstances; (2) avoid potential and actual conflicts of interests, and (3) otherwise instill public confidence by implementing the steps set forth in this Principle. To avoid a conflict, first, Government attorneys who participate in the process of selecting a monitor shall be mindful of their obligation to comply with the conflict-of interest guidelines set forth in 18 U.S.C. 208 and 5 C.F.R. Part 2635. Second, the Government shall create a standing or ad hoc committee in the Department component or office where the case originated to consider monitor candidates. United States Attorneys and Assistant Attorneys General may not make, accept, or veto the selection of monitor candidates unilaterally. Third, the Office of the Deputy Attorney General must approve the monitor. Fourth, the Government should decline to accept a monitor if he or she has an interest in, or relationship with, the corporation or its employees, officers or directors that would cause a reasonable person to question the monitor's impartiality. Finally, the Government should obtain a commitment from the corporation that it will not employ or be affiliated with the monitor for a period of not less than one year from the date the monitorship is terminated. Comment: Because a monitor's role may vary based on the facts of each case and the entity involved, there is no one method of selection that should necessarily be used in every instance. For example, the corporation may select a monitor candidate, with the Government reserving the right to veto the proposed choice if the monitor is unacceptable. In other cases, the facts may require the Government to play a greater role in selecting the monitor. Whatever method is used, the Government should determine what selection process is most effective as early in the negotiations as possible, and endeavor to ensure that the process is designed to produce a high-quality and conflict-free monitor and to instill public confidence. If the Government determines that participation in the selection process by any Government personnel creates, or appears to create, a potential or actual conflict in violation of 18 U.S.C. 208 and 5

Memorandum for Heads of Department Components and United States Attorneys Subject: Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations

Page 4

C.F.R. Part 2635, the Government must proceed as in other matters where recusal issues arise. In all cases, the Government must submit the proposed monitor to the Office of the Deputy Attorney General for review and approval before the monitorship is established. Ordinarily, the Government and the corporation should discuss what role the monitor will play and what qualities, expertise, and skills the monitor should have. While attorneys, including but not limited to former Government attorneys, may have certain skills that qualify them to function effectively as a monitor, other individuals, such as accountants, technical or scientific experts, and compliance experts, may have skills that are more appropriate to the tasks contemplated in a given agreement. Subsequent employment or retention of the monitor by the corporation after the monitorship period concludes may raise concerns about both the appearance of a conflict of interest and the effectiveness of the monitor during the monitorship, particularly with regard to the disclosure of possible new misconduct. Such employment includes both direct and indirect, or subcontracted, relationships. Each United States Attorney's Office and Department component shall create a standing or ad hoc committee ("Committee") of prosecutors to consider the selection or veto, as appropriate, of monitor candidates. The Committee should, at a minimum, include the office ethics advisor, the Criminal Chief of the United States Attorney's Office or relevant Section Chief of the Department component, and at least one other experienced prosecutor. Where practicable, the corporation, the Government, or both parties, depending on the selection process being used, should consider a pool of at least three qualified monitor candidates. Where the selection process calls for the corporation to choose the monitor at the outset, the corporation should submit its choice from among the pool of candidates to the Government. Where the selection process calls for the Government to play a greater role in selecting the monitor, the Government should, where practicable, identify at least three acceptable monitors from the pool of candidates, and the corporation shall choose from that list. HI. SCOPE OF DUTIES A. INDEPENDENCE

2. Principle: A monitor is an independent third-party, not an employee or agent of the corporation or of the Government. Comment: A monitor by definition is distinct and independent from the directors, officers, employees, and other representatives of the corporation. The monitor is not the

Memorandum for Heads of Department Components and United States Attorneys Subject: Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations

Page 5

corporation's attorney. Accordingly, the corporation may not seek to obtain or obtain legal advice from the monitor. Conversely, a monitor also is not an agent or employee of the Government. While a monitor is independent both from the corporation and the Government, there should be open dialogue among the corporation, the Government and the monitor throughout the duration of the agreement. B. MONITORING COMPLIANCE WITH THE AGREEMENT

3. Principle: A monitor's primary responsibility should be to assess and monitor a corporation's compliance with those terms of the agreement that are specifically designed to address and reduce the risk of recurrence of the corporation's misconduct, including, in most cases, evaluating (and where appropriate proposing) internal controls and corporate ethics and compliance programs. Comment: At the corporate level, there may be a variety of causes of criminal misconduct, including but not limited to the failure of internal controls or ethics and compliance programs to prevent, detect, and respond to such misconduct. A monitor's primary role is to evaluate whether a corporation has both adopted and effectively implemented ethics and compliance programs to address and reduce the risk of recurrence of the corporation's misconduct. A well-designed ethics and compliance program that is not effectively implemented will fail to lower the risk of recidivism. A monitor is not responsible to the corporation's shareholders. Therefore, from a corporate governance standpoint, responsibility for designing an ethics and compliance program that will prevent misconduct should remain with the corporation, subject to the monitor's input, evaluation and recommendations. 4. Principle: In carrying out his or her duties, a monitor will often need to understand the full scope of the corporation's misconduct covered by the agreement, but the monitor's responsibilities should be no broader than necessary to address and reduce the risk of recurrence of the corporation's misconduct. Comment: The scope of a monitor's duties should be tailored to the facts of each case to address and reduce the risk of recurrence of the corporation's misconduct. Among other things, focusing the monitor's duties on these tasks may serve to calibrate the expense of the monitorship to the failure that gave rise to the misconduct the agreement covers. Neither the corporation nor the public benefits from employing a monitor whose role is too narrowly defined (and, therefore, prevents the monitor from effectively evaluating the

Memorandum for Heads of Department Components and United States Attorneys Subject: Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations

Page 6

reforms intended by the parties) or too broadly defined (and, therefore, results in the monitor engaging in activities that fail to facilitate the corporation's implementation of the reforms intended by the parties). The monitor's mandate is not to investigate historical misconduct. Nevertheless, in appropriate circumstances, an understanding of historical misconduct may inform a monitor's evaluation of the effectiveness of the corporation's compliance with the agreement. C. COMMUNICATIONS AND RECOMMENDATIONS BY THE MONITOR

5. Principle: Communication among the Government, the corporation and the monitor is in the interest of all the parties. Depending on the facts and circumstances, it may be appropriate for the monitor to make periodic written reports to both the Government and the corporation. Comment: A monitor generally works closely with a corporation and communicates with a corporation on a regular basis in the course of his or her duties. The monitor must also have the discretion to communicate with the Government as he or she deems appropriate. For example, a monitor should be free to discuss with the Government the progress of, as well as issues arising from, the drafting and implementation of an ethics and compliance program. Depending on the facts and circumstances, it may be appropriate for the monitor to make periodic written reports to both the Government and the corporation regarding, among other things: (1) the monitor's activities; (2) whether the corporation is complying with the terms of the agreement; and (3) any changes that are necessary to foster the corporation's compliance with the terms of the agreement. 6. Principle: If the corporation chooses not to adopt recommendations made by the monitor within a reasonable time, either the monitor or the corporation, or both, should report that fact to the Government, along with the corporation's reasons. The Government may consider this conduct when evaluating whether the corporation has fulfilled its obligations under the agreement. Comment: The corporation and its officers and directors are ultimately responsible for the ethical and legal operations of the corporation. Therefore, the corporation should evaluate whether to adopt recommendations made by the monitor. If the corporation declines to adopt a recommendation by the monitor, the Government should consider both the monitor's recommendation and the corporation's reasons in determining whether the corporation is complying with the agreement. A flexible timetable should be established to ensure that both a monitor's recommendations and the corporation's decision to adopt or reject them are made well before the expiration of the agreement.

Memorandum for Heads of Department Components and United States Attorneys Subject: Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations D. REPORTING OF PREVIOUSLY UNDISCLOSED
OR NEW MISCONDUCT

Page 7

7. Principle: The agreement should clearly identify any types of previously undisclosed or new misconduct that the monitor will be required to report directly to the Government. The agreement should also provide that as to evidence of other such misconduct, the monitor will have the discretion to report this misconduct to the Government or the corporation or both. Comment: As a general rule, timely and open communication between and among the corporation, the Government and the monitor regarding allegations of misconduct will facilitate the review of the misconduct and formulation of an appropriate response to it. The agreement may set forth certain types of previously undisclosed or new misconduct that the monitor will be required to report directly to the Government. Additionally, in some instances, the monitor should immediately report other such misconduct directly to the Government and not to the corporation. The presence of any of the following factors militates in favor of reporting such misconduct directly to the Government and not to the corporation, namely, where the misconduct: (1) poses a risk to public health or safety or the environment; (2) involves senior management of the corporation; (3) involves obstruction of justice; (4) involves criminal activity which the Government has the opportunity to investigate proactively and/or covertly; or (5) otherwise poses a substantial risk of harm. On the other hand, in instances where the allegations of such misconduct are not credible or involve actions of individuals outside the scope of the corporation's business, the monitor may decide, in the exercise of his or her discretion, that the allegations need not be reported directly to the Government. IV. DURATION

8. Principle: The duration of the agreement should be tailored to the problems that have been found to exist and the types of remedial measures needed for the monitor to satisfy his or her mandate. Comment: The following criteria should be considered when negotiating duration of the agreement (not necessarily in this order): (1) the nature and seriousness of the underlying misconduct; (2) the pervasiveness and duration of misconduct within the corporation, including the complicity or involvement of senior management; (3) the corporation's history of similar misconduct; (4) the nature of the corporate culture; (5) the scale and complexity of any remedial measures contemplated by the agreement, including the size of the entity or business unit at issue; and (6) the stage of design and implementation of remedial measures when the monitorship commences. It is reasonable to forecast that completing an assessment of more extensive and/or complex remedial measures will require a longer period of time than completing

Memorandum for Heads of Department Components and United States Attorneys Subject: Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations

Page 8

an assessment of less extensive and/or less complex ones. Similarly, it is reasonable to forecast that a monitor who is assigned responsibility to assess a compliance program that has not been designed or implemented may take longer to complete that assignment than one who is assigned responsibility to assess a compliance program that has already been designed and implemented. 9. Principle; In most cases, an agreement should provide for an extension of the monitor provision(s) at the discretion of the Government in the event that the corporation has not successfully satisfied its obligations under the agreement. Conversely, in most cases, an agreement should provide for early termination if the corporation can demonstrate to the Government that there exists a change in circumstances sufficient to eliminate the need for a monitor. Comment: If the corporation has not satisfied its obligations under the terms of the agreement at the time the monitorship ends, the corresponding risk of recidivism will not have been reduced and an extension of the monitor provision(s) may be appropriate. On the other hand, there are a number of changes in circumstances that could justify early termination of an agreement. For example, if a corporation ceased operations in the area that was the subject of the agreement, a monitor may no longer be necessary. Similarly, if a corporation is purchased by or merges with another entity that has an effective ethics and compliance program, it may be prudent to terminate a monitorship.

CLIENT MEMORANDUM

IMPOSITION OF COMPLIANCE MONITORS IN FCPA SETTLEMENTS IS DOWN, BUT RECENT COURT RULING INCREASES THE RISK OF PUBLIC ACCESS TO MONITOR REPORTS The government is imposing compliance monitors less frequently in FCPA settlements, but a recent ruling by a federal court in Washington, D.C. compounds the risks associated with having a monitor. An analysis performed by Willkie Farr & Gallagher LLP indicates that the imposition of independent compliance monitors and consultants as part of Foreign Corrupt Practices Act (FCPA) settlements with the Department of Justice (the DOJ) and the Securities and Exchange Commission (the SEC) has declined markedly since 2010. But companies that do receive monitors must now be concerned that their reports may be publicly disclosed. From 2004 to 2009, every FCPA settlement that resulted in sanctions greater than $3 million included the imposition of an independent compliance monitor or consultant. The burdens associated with such monitors are well known. Companies have long been troubled by the opaque process by which monitors traditionally were selected, the uncertainty or inability to contain the scope of monitors work, the potential to undermine existing compliance systems and personnel, and the virtually unchecked and often excessive cost of monitors. Opposition to monitors galvanized in early 2008, when former U.S. Attorney General John Ashcroft estimated that eighteen months of his work as a monitor would cost between $28 million and $52 million. Congress subsequently convened hearings into potential problems and abuses in the use of monitors, and in March 2008, the DOJ issued guidance called the Memorandum on the Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations, commonly known as the Morford Memo, after then-Acting Deputy Attorney General Craig S. Morford. Although the Morford Memo did not address the circumstances under which a monitor will be imposed, the use of corporate compliance monitors in FCPA settlements has declined markedly. Since 2010, monitors have been imposed in approximately one out of every three FCPA settlements with sanctions greater than $3 million; in 2011, only one of twelve such FCPA settlements included a monitor. This is not to say that enforcement authorities will cease to use monitors altogetherso far in 2012 three of the four corporate FCPA settlements have included a monitorbut it appears that the DOJ and SEC are making more judicious use of monitors as a settlement tool. Regulators will still consider the same factors in assessing whether monitors are appropriate, including the gravity and scope of the misconduct, the involvement or acquiescence by senior management in the misconduct, the nature of any compliance or internal controls deficiencies, and any remedial measures taken by the company of its own accord. However, they appear to be doing so with a more exacting standard.

NEW YORK WASHINGTON PARIS LONDON MILAN ROME FRANKFURT BRUSSELS in alliance with Dickson Minto W.S., London and Edinburgh

Although the use of monitors may be on the decline, a recent ruling by the United States District Court for the District of Columbia has increased the risk that, when a monitor is imposed, his or her reports to the government may be publicly disclosed. On April 16, 2012, in SEC v. Am. Intl Group, Inc., No. 04-2070 (D.D.C. Apr. 16, 2012), U.S. District Judge Gladys Kessler granted the motion of a news reporter and ordered the release of corporate monitor reports concerning transactions entered into by AIG leading up to the financial crisis of 2008.1 AIG agreed to retain an independent compliance consultant as part of its settlement of alleged federal securities law violations in December 2004. The independent compliance consultant was to review certain transactions to determine if any were designed to violate generally accepted accounting principles (GAAP) or SEC rules. The consultant was required to provide reports on his or her findings to the SEC, the DOJ, and AIGs audit committee. In ordering the release of the reports to the public, Judge Kessler held that the public had a common law right of access to the reports. Applying the D.C. Circuits two-step test for the common law right of access to judicial records, Judge Kessler first concluded that the reports constituted judicial records. She then balanced the interests of the SEC and AIG in maintaining the confidentiality of the reports against the publics interest in their disclosure, concluding that the publics interest in favor of disclosure of [the monitor reports] . . . is overwhelming. In reaching this conclusion, Judge Kessler cited: (1) the absence of a confidentiality provision in the SECs original consent order (the consent order was amended after the entry of a final judgment to include a confidentiality provision limiting dissemination of the monitors reports to the entities designated in the consent order); and (2) the prominence of AIG in the financial crisis of 2008. Notably, Judge Kessler rejected the reporters argument that the First Amendment right of access to judicial proceedings mandated disclosure of the monitors reports. In doing so, she noted that the D.C. Circuit has limited the First Amendment right of access to judicial proceedings to criminal proceedingsnot civil proceedings such as the SECs action against AIGthereby leaving the door open for an additional argument that the First Amendment would mandate public disclosure of corporate monitor reports in the context of a criminal settlement. The decline in the use of monitors in FCPA settlements is good news for companies that may face investigations or enforcement actions brought by the DOJ and SEC. But companies will want to take steps to ensure that, should a monitor be imposed as part of a settlement, the monitors reports will remain confidential. At a minimum, companies should seek to include confidentiality provisions to this effect in settlement documents. The failure to keep such sensitive reports confidential could expose companies to follow-on civil litigation as well as additional potential commercial and reputational damage.

The opinion is available online at: http://pdfserver.amlaw.com/cc/KesslerFOI_opinion.pdf.

-2-

*************** If you have any questions concerning the foregoing or would like additional information, please contact Martin J. Weinstein (202-303-1122, mweinstein@willkie.com), Robert J. Meyer (202303-1123, rmeyer@willkie.com), Jeffrey D. Clark (202-303-1139, jdclark@willkie.com), or the Willkie attorney with whom you regularly work. Willkie Farr & Gallagher LLP is headquartered at 787 Seventh Avenue, New York, NY 100196099 and has an office located at 1875 K Street, NW, Washington, DC 20006-1238. Our New York telephone number is (212) 728-8000 and our facsimile number is (212) 728-8111. Our Washington, DC telephone number is (202) 303-1000 and our facsimile number is (202) 3032000. Our website is located at www.willkie.com. April 20, 2012
Copyright 2012 by Willkie Farr & Gallagher LLP. All Rights Reserved. This memorandum may not be reproduced or disseminated in any form without the express permission of Willkie Farr & Gallagher LLP. This memorandum is provided for news and information purposes only and does not constitute legal advice or an invitation to an attorney-client relationship. While every effort has been made to ensure the accuracy of the information contained herein, Willkie Farr & Gallagher LLP does not guarantee such accuracy and cannot be held liable for any errors in or any reliance upon this information. Under New Yorks Code of Professional Responsibility, this material may constitute attorney advertising. Prior results do not guarantee a similar outcome.

-3-

Has Anybody Got It Right? Key Trends and Developments in Ethics & Compliance
Findings from LRNs 2012/2013 E&C Leadership Survey Report

March 20, 2013

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

Developing LRNs Program Effectiveness Index (PEI)


Five survey questions speak to impact on employees:

How do you perceive the effectiveness of the E&C program as an


Overseer (e.g., focusing on controls, risk management and investigations)?

How do you perceive the effectiveness of the E&C program as a


Business Enabler (e.g., providing advice/counsel, enabling better decision making)?

How do you perceive the effectiveness of the E&C program as a


Corporate Conscience (e.g., promoting an ethical culture through education and addressing employee concerns)?

To what extent do you believe your employees apply their understanding


of the Code of Conduct on the job?

What impact does your current E&C education have on employee


behavior and decision-making?

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

Responses to all five questions were consolidated into a single index score for each respondent
25

20

15

RESPONSES

10

0 0.22 0.24 0.26 0.28 0.32 0.34 0.36 0.38 0.42 0.44 0.46 0.48 0.52 0.54 0.56 0.58 0.62 0.64 0.66 0.68 0.72 0.74 0.76 0.78 0.82 0.84 0.86 0.88 0.92 0.94 0.96 0.98 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 8

-5

PEI
CONFIDENTIAL 2013 LRN Corporation. All Rights Reserved.

How Much and How Many Dont Seem to Matter: Size Doesnt Matter

Company Size
6

More than 50,000 employees 15,000 - 50,000 employees 7,500 - 15,000 employees 2,500 - 7,500 employees Under 2,500 employees

0 0.2 0.4 0.6 PEI 0.8 1 1.2

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

Spend Doesn't Matter

E&C Budget per Thousand Employees


$350,000 $300,000 $250,000 $200,000 $150,000 $100,000 $50,000 $0 0 0.2 0.4 0.6 PEI 0.8 1 1.2

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

10

Headcount Doesn't Matter

Dedicated E&C Headcount Per Thousand Employees


5.00 4.50 4.00 Headcount/Thousand 3.50 3.00 2.50 2.00 1.50 1.00 0.50 0.00 0.2 0.3 0.4 0.5 0.6 PEI 0.7 0.8 0.9 1 1.1

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

11

What Does Matter? How Matters


The orientation and purpose of the program The orientation and purpose of the code of conduct Whether the company formally evaluates behavior The use of blended learning Theme-based E&C campaigns Measuring organizational impact More spending on education; less on consultants

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

12

Program Mandate
Two-thirds of E&C programs see as their primary mandate ensuring ethical behavior and alignment of decision making and conduct with core values

Average PEI score of .74


One-third of E&C programs see their primary mandate as ensuring compliance with rules and regulations

Average PEI score of .63

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

13

Looking at Value vs. Rules, and at Behaviors vs. Outcomes: Synchronicity Appears to Be the Key

Code of Conduct Orientation


0.760

Emphasis in Performance Evaluations


0.75
0.740 0.720 0.700

Orientation Values only Values, supported by rules Values and rules equally Rules, supported by values Rules only

PEI 0.71 0.71 0.72 0.69 0.56

Percentage 4% 44% 24% 24% 4%

0.70 0.67

0.680 0.660 0.640 0.620

Behaviors > Business Outcomes

Behaviors = Business Outcomes

Behaviors < Business Outcomes

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

14

Blended Learning Makes a Difference

Virtually everyone uses online learning average PEI score .71 Most do classroom teaching as well PEI .72, but those who don't have an average PEI of .65 More than half use experiential techniques PEI .74, while those who don't average .66 Trendsetters (14%) using mobile devices average .76 compared to .69 for those who do not.
0.62

Methods of Learning
0.76 0.74 0.71 0.72 0.69 0.66

0.65

Yes

No

Yes

No

Yes

No

Yes

No

Online

Classroom

Experiential Learning

Mobile Devices

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

15

More Effective Programs Go Beyond Annual Campaigns

Programs implementing theme-based campaigns at least quarterly sport average PEI scores of .76 Those which do not roll out theme-based campaigns at all average .59

Theme-based Campaign Rollout 0.76

0.59

Quarterly

Never

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

16

More Impactful Programs Focus Their Resources Differently Than Do Less Impactful Programs

29.1 24.3 19.9


Percentage Allocated

15.2 7.8

14.4 10.9 5.2 10.7 6.3

Highly Less Highly Less Highly Less Highly Less Highly Less Effective Effective Effective Effective Effective Effective Effective Effective Effective Effective Education & Communications Administration Consultants Budget Item Risk Management Investigations

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

17

How Programs Measure Their Effectivenes Makes a Difference

Most programs measure completion rates, test results, and employee feedback without more, they hover around average PEI scores. However, programs not tracking employee feedback seem to underperform (PEI score .67)

PEI vs. Effectiveness Measures


0.75 0.73 0.73

0.69 0.67

0.69

Excellent programs also track employee behaviors (PEI .73) and organizational impact (PEI .75)

Yes

No

Yes

No

Yes

No

Employee feedback

Employee behaviors

Organizational Impact

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

18

What Else Matters?

PEI scores are higher, on average, for those programs which include a relatively broader range than other programs of:

Training goals Risk inputs Communication channels

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

19

Starting with Defense then Focusing on Offense in 2013


KEY INSIGHTS Playing Defense

The top 2013 priority is


69% meeting 69%

all regulatory requirements for effective E&C programs. indicates the growing importance of for improving risk management capabilities.

A 3-year increasing trend

Playing Offense

Four of the top five E&C


15% 9%

program goals strive for a more sustained impact on culture.

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

24

Data Privacy is the Most Critical Ethics & Compliance Risk


KEY INSIGHTS

74% of E&C leaders indicate


69%

that Data Privacy is the most critical E&C risk 69% Social Media as a top risk, a year-to-year increase in importance starting in 2010

41% of E&C leaders indicate

The top 2012 E&C risks were: - Conflicts of Interest (67%) - Bribery and Corruption (65%) - Gifts and Entertainment (65%)
15% 9%

- Data Privacy (63%) - Data Protection (62%)

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

25

Understanding Our Risk Blind Spots


KEY INSIGHTS

Looking in the rearview mirror:


most E&C leaders seem to rely mostly on backward looking data in their risk analysis.

Only a minority of respondents


considers the dynamic nature of business and connects directly with relevant populations, such as local management, suppliers and customers, to learn about emerging risks.

15% 9%

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

26

Losing Your Audience


KEY INSIGHTS

E&C leaders continue to


struggle with making education applicable to daily work and online education fatigue, similar to challenges from the previous two years.

Only 4% of E&C leaders believe


that their education programs have a high impact on employee behaviors.

Moreover, on average they have


a very small window to affect employee awareness, as 46% of companies only deliver 2-3 hours of online E&C education per year.

15% 9%

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

27

Reinforce, Remind and Frame


KEY INSIGHTS

The Intranet continues to


be the top channel.

Web-enabled Codes are


replacing the static version (e.g., PDF) with celerity, in use by only 7% of respondents in 2010, 22% in 2011, and 33% last year.

One out of 10 E&C leaders


used social media as a communication medium in 2012, compared to just 6% the year before and almost no one in 2010.
9%

15%

Also dramatically on the


upswing is the use of team meetings, a tool used by 38% of respondents in 2010, 46% in 2011, and 54% last year.

CONFIDENTIAL

2013 LRN Corporation. All Rights Reserved.

28

Boeing Ethics Advisors Career Description


Ethics Advisors Ethics Advisors are Boeing employees who serve as independent counselors. They have access to top management and are well versed in Boeing values and the Boeing Ethical Business Conduct policy and related procedures. They are responsible for advising Boeing employees on matters of ethical concern and for helping them to resolve ethical dilemmas. Names and telephone numbers of Ethics Advisors are listed on the internal Boeing Web.

Ethics Advisor 3 Security Clearance Required? No Security Clearance Required Position Description Takes a proactive approach in coaching and educating business partners to ensure all ethics sponsored initiatives and strategies are implemented within the business. Drives individual responsibility and accountability for ethical decision making to mitigate business risks through the use and promotion of ethical decision making models, processes and tools. Identifies issues arising within the local business and assists in developing valued processes and procedures applicable for conducting business in their location. Manages the application of company ethics and business conduct policy to reported issues. Determines the ethics component, researches and interprets applicable company policies or values and identifies established precedents and international issues, if applicable. Provides advice and counsel for appropriate solutions to the concerned parties. Initiates and coordinates investigations, as required, by identifying appropriate investigative agency (e.g., Audit, Human Resources, Legal, Management, Security, etc.). Monitors progress and provides status and feedback to concerned parties. Coordinates with appropriate organization(s) to determine corrective action, if warranted. Documents all reported inquiries, conflict of interest (COI) determinations and formal cases into the ethics database in accordance with established protocol. Maintains objectivity and professional distance. Uses a variety of multimedia resources to teach, coach and share information about ethics and business conduct guidelines internally. Confronts and addresses difficult issues with appropriate levels of management for remedial action. Provides advice, counsel and interpretation of ethics and business conduct guidelines in order to promote an ethical culture. Influences leadership to take ownership for integrating ethics into their organization while leading by example. Researches best practices in ethics and recommends incorporating them into company operations. Develops an internal and external learning network with subject matter experts to enhance ethics programs and initiatives. Develops and presents ethics metrics to assist business unit leaders in managing the business. Assists in analyzing trend data and conducting root-cause analysis to identify areas of risk. Participates in the development of ethics training programs and materials that are effective in domestic and international business environments. Benchmarks effective training programs for the development of world class programs. Coordinates and delivers training as appropriate. Competencies General Adaptability Understands changes in own and others' work and situations; may be asked to explain the logic or basis for change to less experienced employees; actively seeks information about changes affecting own and fellow employees' jobs. Treats changes and new situations as opportunities for learning or growth; focuses on the beneficial aspects of change; speaks positively about the change to fellow interorganizational employees and occasionally to external customers. Quickly modifies behavior to deal effectively with changes in the work environment; readily tries new approaches appropriate for new or changed situations; does not persist with ineffective behaviors.

Building Trust Demonstrates honesty; keeps commitments; behaves in a consistent manner. Shares thoughts, feelings, and rationale so that fellow work group members, other internal employees and customers understand personal positions. Listens to others and objectively considers others' ideas and opinions, even when they conflict with one's own. Treats people with dignity, respect, and fairness; gives proper credit to others; stands up for deserving others and their ideas even in the face of resistance or challenge. Communication Clarifies purpose and importance; stresses major points; follows a logical sequence. Keeps the audience engaged through use of techniques such as analogies, illustrations, humor, an appealing style, body language, and voice inflection. Frames the message in line with audience experience, background, and expectations; uses terms, examples, and analogies that are meaningful to the audience. Seeks input from audience; checks understanding; presents message in different ways to enhance understanding. Uses syntax, pace, volume, diction, and mechanics appropriate to the media being used. Accurately interprets messages from others and responds appropriately. Customer Focus Makes customers and their needs a primary focus of one's actions; develops and sustains productive customer relationships; uses information to understand customers' circumstances, problems, expectations, and needs; periodically becomes involved in sharing information with customers to build their understanding of issues and capabilities; considers how actions or plans will affect customers; responds quickly to meet customer needs and resolve problems; assists higher graded employees and/or project team leaders in implementing ways to monitor and evaluate customer concerns, issues, and satisfaction and to anticipate customer needs. Technical Analytical Skills Skill and ability to: collect, organize, synthesize, and analyze data; summarize findings; develop conclusions and recommendations from appropriate data sources at the department level. Basic Qualifications for Consideration Do you have experience bringing recommendations forward to senior management? Do you have investigative interviewing experience? Typical Education/Experience Bachelor's and typically 6 or more years' related work experience, a Master's degree and typically 4 or more years' related work experience or an equivalent combination of education and experience. Other Job related information Certified Compliance and Ethics Professional (CCEP) preferred.

UNDERSTANDING THE FOREIGN CORRUPT PRACTICES ACT


INTRODUCTION
The United States has long frowned on the use of bribery to obtain international business. Aside from the fact that bribery is generally considered immoral, U.S. policy against international bribery is based on a belief that it undermines fair competition and tends to frustrate international commerce and development. Before 1977, the United States Department of Justice (DOJ) attempted to combat international bribery by enforcing laws such as federal mail and wire fraud statutes, false claims statutes, and currency control laws. Although these laws touched on activities related to foreign bribery, they were not specifically designed to address the problem. In the late 1970s following the Watergate scandal, the Securities and Exchange Commission (SEC) learned that an increasing number of U.S. companies maintained "slush funds" used to bribe foreign officials. As a result, Congress passed the Foreign Corrupt Practices Act (FCPA), which has two primary parts -- (1) antibribery provisions -and (2) accounting provisions that support the antibribery provisions by making it illegal to obscure improper payments. The FCPA became effective December 19, 1977. From the outset, compliance with the FCPA presented two distinct challenges for U.S. companies. First, the FCPA is complex and sometimes ambiguous. In response, Congress amended the FCPA in 1988 to make the law clearer, although not all gray areas were eliminated. The second challenge has taken longer to address. As originally enacted, the FCPA placed U.S. companies at a competitive disadvantage with respect to some of their foreign competitors. This is because the law governed the conduct of U.S. companies and individuals, but for the most part did not cover foreign companies and individuals. Most foreign countries did not have laws against foreign bribery, even if they had laws prohibiting bribes at home. To make matters worse, certain countries seemed to encourage foreign bribes by making them tax deductible. For many years, the United States attempted to persuade its allies to enact legislation similar to the FCPA. In December 1997, the Organization for Economic Cooperation and Development (OECD), which includes 29 of the world's largest industrialized countries, agreed to a treaty outlawing the bribery of foreign government officials. In essence, the OECD treaty requires member countries to enact antibribery laws similar to the FCPA. On November 10, 1998, Congress enacted the International Anti-Bribery and Fair Competition Act, amending the FCPA to implement the OECD treaty and to broaden the reach of the law. The FCPA now prohibits foreign bribery by companies and individuals previously covered by the act even if all the bribery-related activity takes place outside the United States. The old requirement that there be use of the mails or some other form of interstate commerce (like telephones or wire transfers) has been abolished. The FCPA now also applies to the acts of foreign companies and individuals if any of their acts in furtherance of foreign bribery take place in the United States or use a form of interstate commerce. The penalties for violating the FCPA are severe, and the importance of complying with the FCPA is correspondingly great. For each violation, a company can be fined up to

$2,000,000 or twice the gross gain from the violation, whichever is greater. An individual can be fined up to $250,000 or twice the gross gain from the violation, whichever is greater, and imprisoned for up to five years. An individual's company may not directly or indirectly pay or reimburse the individual's fine. This Handbook focuses primarily on the antibribery provisions of the FCPA, as amended by the International Anti-Bribery and Fair Competition Act, although we will also address the accounting provisions briefly. This Handbook gives special attention to the issues surrounding the use of foreign sales representatives. You should note that the FCPA is complex and involves a number of complicated issues that cannot be fully addressed in a brief treatment of this kind. This Handbook provides only a general overview of some of the basic concepts of the Foreign Corrupt Practices Act. It is not intended to provide advice or guidance regarding how you should act in a particular situation involving potential corrupt practices issues. You should always consult your company's law department with respect to any such situation. You should also be aware that many foreign countries have their own laws prohibiting bribery of government officials and other corrupt practices. Therefore, even if the FCPA does not apply to a particular transaction, foreign law may prohibit it. Consult your company's law department and policies if you have any questions regarding the applicability or effect of such laws. In addition, many companies have their own policies regarding dealings with foreign officials that are even stricter than the law. You should be sure to read and comply with any such policies put in place by your company.

THE FCPA ANTIBRIBERY PROVISIONS


I.

What Does The FCPA Prohibit?


The FCPA makes it illegal to bribe a foreign government official or political party to gain a business advantage. This prohibition applies not only to corrupt payments made to obtain or retain business, but to secure any improper business advantage from a foreign government official. A.

Corrupt payments or offers


For purposes of the FCPA, to make or offer to make a payment "corruptly" means that the offer, payment, promise, or gift is intended to induce the person who receives it to misuse his official position to wrongfully benefit the payer or his client or employer - for example, by directing business to them. A payment can be corrupt even if it is intended to induce the person who receives it to make a sound business decision. An offer or payment is corrupt under the FCPA if it is intended to influence an official's act or decision in order to secure any improper advantage, including payments to induce an official to do something he should not do or to induce an official not to do something he should do. Example 1: A company pays money to a foreign procurement official so the official will award the company a contract. This is a corrupt payment within the meaning of the FCPA because it is intended to influence the official to do something in order to direct business to the company wrongfully.

Example 2: A company has a one-year contract for aircraft spare parts with a foreign procuring agency. The company pays money to a foreign procurement official to induce the official not to solicit bids for the next year, as required by the country's procurement regulations. If bids are not solicited on time, the company will receive orders beyond the period called for under the existing contract. This is a corrupt payment within the meaning of the FCPA because it is intended to direct business to the company wrongfully by influencing the official not to do something he should do. Example 3: A company is in the third year of a five-year contract to supply aircraft maintenance services. The contract is going well and the company is confident that the customer is satisfied. The company invites the head of the foreign procurement agency and his family to use the company CEO's timeshare in Aspen for a one-week vacation, at no cost. The CEO understands that in two years the maintenance services contract will be rebid. The head of the procurement agency will not personally conduct the competition but act as the immediate supervisor of the procurement official who will conduct the competion. This is probably a corrupt payment within the meaning of the FCPA. Although it is not clear that the gift was offered in order to induce a foreign official to do (or not to do) something specific, it appears that the gift was offered to secure an improper advantage in connection with the award of future business. Example 4: Global Corporation produces spare parts for its contract with a foreign government at a manufacturing plant in a foreign country. Under the local law, Global is entitled to a 20% tax rebate on certain products produced for export. Global believes the total amount currently owed by the government is $2 million. Global has filed the required application with the foreign government tax authority but nothing is happening. A local official promises to get this taken care of if Global will give him a 10% "facilitation" commission. If Global were to pay the local official, it would be making a "corrupt" payment under the FCPA. Under the FCPA, a payment that is intended to secure business or any other improper advantage is a "corrupt" payment. Even though Global has a legal right to the tax rebate, it still has to follow proper legal procedures. Corrupt payments and offers include a variety of things in addition to what we might ordinarily think of as a "payment." Here are just a few examples of conduct that can get companies into trouble under the FCPA - A payment or offer to pay money Providing or offering to provide gifts of any value Providing or offering entertainment beyond what would ordinarily be provided to a customer Providing or offering personal discounts on products or services not available to the public generally Providing or offering company stock Providing or offering employment or consulting positions Providing payments for bogus "services" Providing free access to company or company-employee property when such access is not normally provided for free (for example, the company president's vacation home)

Making charitable contributions at the request or on behalf of a government official Paying foreign officials to obtain construction permits and other similar regulatory approvals Paying foreign officials to change business regulations or to expedite payment of a tax rebate, even when there is a legal right to the rebate

B.

To foreign officials and foreign political parties


The FCPA prohibits payments or offers to a foreign official or foreign political party in order to obtain or retain business or to secure any other improper business advantage. The term "foreign official" includes any officer or employee of a foreign government, department, or agency; a government-owned entity; or a public international organization such as NATO. It also includes any other person acting on behalf of such an entity. Examples might include a procurement officer who works for a foreign defense ministry or a doctor who evaluates medical equipment for a foreign health ministry or government-owned hospital. Example 5: A company seeking a contract to sell jet fuel to NATO pays money to the NATO procurement official who will make the award decision. The NATO procurement official is a U.S. citizen. Because NATO is a public international organization within the meaning of the FCPA and the procurement official is a NATO employee, the procurement official is a "foreign official" within the meaning of the FCPA, notwithstanding her U.S. citizenship. The FCPA prohibits corrupt payments to foreign political parties, foreign political party officials, and candidates for foreign political office. Thus, a payment for an improper purpose made to a private foreign citizen running for foreign political office would violate the FCPA. Example 6: A company seeks a contract to sell aircraft parts to a foreign private aircraft manufacturer. The company considers making a payment to the CEO of the foreign manufacturer, who is also, as it happens, running for mayor of the foreign city in which he lives. Such a payment could violate the FCPA.

C.

Payments and offers made directly or indirectly


The FCPA prohibits corrupt payments whether they are made directly or indirectly. The basic principle is that a U.S. company cannot avoid FCPA's antibribery prohibitions simply because it did not directly make an improper payment. Indirect payments are payments made through another person acting on behalf of the company - for example, a foreign affiliate, sales agent, or joint venture partner. This is a particular concern when a company works through a foreign sales representative, but the prohibition applies to any individual or entity acting on the company's behalf. The FCPA's antibribery provisions are not limited to bribes that a company knows will be made, but is an issue any time a company has good reason to suspect that a bribe may occur. You as an individual, as well as your company, can be held responsible for an agent's bribes -

even if the agent, as a foreign national, is not covered by the law or has ignored your company's explicit instructions. Example 7: A company retains a sales representative to market its products in a country that is known to have a corrupt business climate. The company typically pays its sales representatives commissions of five percent for the products being sold, but the company agrees to pay this sales representative a commission of ten percent. Company employees are aware that the sales representative intends to pay a foreign government employee, who works in the acquisition office and is responsible for purchasing cash amounts equal to approximately onehalf of the total commissions. The company is then awarded a contract to sell its products to the foreign government. Despite the fact that the only payments actually made by the company are made to the sales representative, this situation likely violates the FCPA's ban on "indirect" bribes. The FCPA requires that companies take special steps to ensure that their foreign sales representatives do not do anything that the company itself cannot do directly. D.

Actual knowledge of payment of a bribe is not required


A person can be liable for violating the FCPA not only if he actually knows what is going on, but also if the person has a firm belief that a particular circumstance exists or that a particular result is substantially likely to occur. It is enough for liability under the FCPA if a person is aware of a high probability that money will be used to bribe a foreign official, yet disregards it. An individual or a company can violate the FCPA even without knowing for sure that a bribe has actually been offered or paid. This concept has been defined in different ways, such as conscious disregard, willful blindness, and deliberate ignorance. However the standard is worded, it is not safe for a person who becomes aware of suspicious circumstances to "keep his head in the sand." Example 8: A company retains a sales representative to market its products to a country that is known to have a corrupt business climate. The industry is also one that is known to have a history of corruption. Although the company typically pays its sales representatives commissions of five percent for these particular products, the company agrees to pay this sales representative a commission of ten percent. The company pays the higher commission rate based on the representative's claims that the foreign country's market is difficult to break into, therefore warranting higher commissions. Although no company employee is actually aware of it, the sales representative pays a foreign government employee, who works in the acquisition office and is responsible for purchasing the products, cash amounts equal to approximately one-half of the total commissions. The company is then awarded a contract to sell its products to the foreign government. Assuming the sales representative is a person covered by the FCPA, clearly the sales representative has violated the law. Also, the company can be prosecuted under the FCPA even if it has no actual knowledge that the foreign sales representative will pay a bribe. These facts are enough to have put the company on notice that corrupt payments might be made and appropriate precautions should be taken.

In short, it is important that you be sensitive to suspicious situations. "I'd rather not know the details" is not an appropriate response under the FCPA. E.

A payment may be anything of value


The FCPA prohibits payments and offers to pay not only money, but anything of value. Example 9: A company retains a sales representative to market its products to a country that is known to have a corrupt business climate. The industry is also one that is known to have a history of corruption. The company agrees to give the sales representative an expense account twice as large as the company typically gives sales representatives for this product. The company agrees to the larger expense account based on the representative's claims that the foreign country's market is difficult to break into, therefore requiring greater upfront expenditures. The sales representative arranges for the foreign official who is responsible for procurement to spend a holiday weekend with his family at a fancy island resort. The sales representative tells the procurement official that the company knows how to take care of its friends and that the weekend is a sample of what he can expect if the company is awarded the contract. The company is then awarded a contract to sell its products to the foreign government. The result here is no different than in the prior example. The vacation is a thing of value and covered by the FCPA just like a cash payment. There is no minimum value that an item must have to trigger a violation. Although it is unlikely that the provision of a truly nominal item, such as a baseball cap with the company's logo, would trigger an investigation, gifts of relatively low value may be unlawful, depending on the overall circumstances.

F.

Employment of friends and relatives of government officials


Employment or the offer of employment to a foreign official or foreign official's relative or friend is something of value. Even if the official, relative, or friend is otherwise qualified for the job, an offer of employment made in a context where a company is seeking business looks suspicious and could violate the FCPA. Although having some relationship to a foreign official is not necessarily disqualifying, it is a "red flag" (discussed later) and will always warrant a very close look at the facts. It is best to be cautious and seek the advice of legal counsel before hiring such a person, regardless of her qualifications. Example 10: A U.S. company has bid on a contract to install tollbooths on a foreign highway system. The U.S. company's director of contracts learns from an employee of the foreign highway administration that the U.S. company is the low bidder and will receive the contract, but there is one wrinkle. The foreign administrator's son is very interested in a summer job with a U.S. company before starting college. The foreign administrator would appreciate any assistance that the U.S. company can provide - a job at the U.S. company would be perfect. The director of contracts checks into the possibilities and learns that there is no money

in the budget for summer employees, but that an unpaid internship could be arranged. She contacts the foreign administrator directly and informs him of the availability of the internship. The U.S. company gets the contract. The U.S. company has made a "payment" under the FCPA by offering something of value to a foreign official in order to direct the award of business to the company. The FCPA applies to anything of value given to a foreign official. The gift does not have to involve money, but can be an in-kind benefit - for example, the internship opportunity here. However, determining whether this payment violates the FCPA is fact specific and can be very complex. Therefore, it is always a good idea to discuss activities involving foreign officials or their friends and families with the company's lawyer before engaging in them. G.

Employment of government officials as sales representatives


It is always risky to hire a foreign official to be a sales representative. Hiring such a person involves paying a foreign official to help secure business or other benefits for your company - which is exactly what the FCPA targets. In some rare cases, there may be a legitimate business reason for using a foreign official to advance a company's interests. If the official abuses or misuses her official authority, however, a violation of the FCPA almost always will be found. Example 11: Global Corporation wants to sell its telephone systems to a foreign government and begins looking for a foreign sales representative. Global hears about Pierre, who works at the Ministry of Communications but is interested in working as a sales representative on the side. Global, believing that Pierre must have terrific connections, offers to use him as Global's sales representative while he is still working at the Ministry. Global's in danger of getting into trouble under the FCPA. Retaining a current foreign official like Pierre as a sales representative would be very risky. Global almost certainly would be held accountable if, during Pierre's remaining time in government, he used his official authority to make it easier for Global to get a contract (for example, by altering the project specifications to match Global's product better). In addition, offering to employ Pierre after he retired from the Ministry could also raise problems under the FCPA if the offer was made while he was still a Ministry employee. One exception to this rule has been recognized when written foreign law requires a vendor to hire a "consultant" who happens to be a foreign official. As a practical matter, the safest course is not to hire a current foreign official. The FCPA does not prohibit hiring a former foreign official. However, the FCPA does prohibit making a job offer to a current foreign official contingent upon his leaving his government position to accept the position with the company, if the offer is made to secure business. In any event, you should consult your company's law department before making such an offer to a government official.

H.

DOJ And SEC Red Flags 7

The DOJ and the SEC have identified circumstances they regard as indicating possible FCPA violations, known as "red flags." These are discussed further below. Employees should be made familiar with these "red flags" so they can spot them when they arise. II.

Who Is Covered By The FCPA?


The FCPA antibribery provisions cover virtually everyone who could possibly be involved in foreign business dealings. In a particular situation, individuals, companies, or both may be liable. However, the rules for U.S. citizens, U.S. companies, and companies with securities registered with the SEC (SEC reporting companies) and their employees are slightly different from the rules for foreign companies and foreign individuals who are not connected to any U.S. company or with an SEC reporting company. The FCPA applies to the following categories of persons even if all the acts in question occur outside the United States and no form of interstate commerce is used - U.S. citizens, nationals, and residents; SEC reporting companies, their officers, directors, employees and agents, and stockholders acting on behalf of the company; and corporations, partnerships, and other businesses organized under the laws of the United States or having their principal place of business in the United States, as well as their officers, directors, employees and agents, and stockholders acting on behalf of the company.

Although foreign individuals and companies generally are not covered directly by the FCPA, there are some important points to keep in mind. First, the FCPA's accounting rules apply to foreign companies that are subject to SEC reporting requirements. Second, the FCPA applies to foreign individuals and companies if they act in the United States or use a form of commerce (for example, mail, telephone, and so forth) that puts them in U.S. commerce. Third, U.S. companies may be liable for violations by their foreign employees and agents. Example 12: U.S. Corporation, headquartered in Chicago, has a wholly owned subsidiary, Eurocorp, based in Paris and incorporated under French law. Eurocorp's vice president for marketing is an American citizen living and working in Paris. To obtain business from a government in the Middle East, the vice president hires a sales representative who is a citizen and resident of the Middle Eastern country to serve as the company's sales representative. The sales representative subsequently bribes a local official to obtain a contract for U.S. Corporation. Nothing related to this transaction takes place in the United States, and U.S. Corporation learns nothing of what happened except that Eurocorp won an important contract. Because it is a French company, Eurocorp could not be prosecuted under the FCPA unless there was some activity in some way physically connected to the

United States. However, Eurocorp might have a problem under French law or in the Middle Eastern country. (Although foreign law is not discussed in this handbook, keep in mind that conduct that does not violate the FCPA solely because all acts took place outside the United States may still violate applicable foreign law.) Also, if Eurocorp was separately listed on a U.S. stock exchange, this fact alone would be enough to make it subject to the FCPA's accounting rules. The vice president of marketing, as a U.S. citizen, carries the FCPA with her wherever she goes. She would therefore be subject to prosecution under the FCPA. It does not matter whether she is employed in the United States or abroad, or by a U.S. or foreign company. She might also have a problem under French law. U.S. Corporation may face prosecution as well. The FCPA restrictions apply to all "U.S. persons," which includes U.S. companies wherever located. Global can be prosecuted under the FCPA whether it acts in the United States or abroad, and whether the actions are taken by the company directly or through an affiliate or other agent. In this example, there is no evidence that U.S. Corporation had any involvement in the corrupt payment. Even so, it could be held responsible if the payments were made on its behalf. Finally, the foreign sales representative is not a U.S. national and, on these facts, does not appear to have had any other connection with the United States. Although U.S. Corporation, the vice president of marketing, and possibly Eurocorp could be held responsible under the FCPA for the sales representative's actions, U.S. law would not reach him directly. (Again, he could have a problem under the law in his home country or possibly France.) III.

What Payments Are Permitted By The FCPA? Routine governmental action A.


The FCPA specifically exempts certain payments that are made to a foreign official or foreign political party in order to facilitate or expedite the performance of "routine governmental action." "Routine" has a very specific and narrow meaning in the FCPA. It refers to a limited category of activities such as clearing customs and securing police service where there is a legal right and no real discretion on the part of the foreign official. The purpose of the "facilitation" payment is basically to move a set ministerial process along. If the action sought from a foreign official involves the exercise of any discretion, it is not routine governmental action for purposes of this exemption. You also need to understand that "routine" refers to the governmental action sought, not whether paying a bribe or "facilitating" payment is common. Facilitating payments that are commonly made but involve discretionary action are not covered by this exemption. These so-called "grease" payments are permitted for routine governmental actions such as the following - obtaining permits, licenses, or other official documents to qualify a person to do business in a foreign country; processing governmental papers such as visas and work orders;

providing police protection, mail pickup and delivery, or scheduling inspections associated with contract performance or inspections related to transit of goods across country; or providing phone service, power and water supply, loading and unloading cargo, or protecting perishable products or commodities from deterioration.

Example 13: A U.S. company retains a sales representative to market its products to a foreign country and to provide sales support. The sales representative informs the company that it must pay a processing fee of $200 along with its response to the government's request for quotations. The fee is payable to the government's procurement office and would be tendered to a clerical employee who is responsible for receiving the vendor quotes. The company is planning to submit a $5-million quote. As long as payment of the processing fee is in fact a routine requirement for submitting quotes of this nature, such a payment would likely not violate the FCPA. The relatively modest amount of the fee and the fact that it is tendered to a clerical employee and given to an agency rather than an individual tends to indicate that it is in fact a routine requirement. However, the company should satisfy itself that this is the case. If there are any doubts whatsoever, the company should obtain advice from legal counsel. Example 14: Same facts as in Example 13, except that the processing fee is $20,000 and the quote is $1 million. When the company asks the sales representative who will receive the payment and to provide the rules or regulations that supposedly require the payment, the sales representative says, "Don't worry about that, just send me the money and I will take care of it." This is far more problematic. The amount of the payment and the representative's inability or unwillingness to provide specific information to show its legitimacy suggest that the "routine governmental action" exemption would not apply and that a payment might well violate the FCPA. A sales representative's characterization of a payment as a "processing fee" will not protect a company if the circumstances suggest that the requested payment is really something else. Example 15: A company has a contract to supply the government of a foreign country with all of its requirements for computer workstations for the current year. The government holds an option to extend the contract for an additional year. The government contracting officer who signed the contract advises the company that he is planning to exercise the option for the additional year rather than solicit new bids, but that he needs the company to pay an "option fee" of $10,000 in order for him to do so. The contract does not say anything about "option fees," but the company believes that the $10,000 fee is a "drop in the bucket" compared to the profits it could make during the additional year. The company is relieved and somewhat surprised that the government decides to exercise the option, since computer prices have dropped and the government could probably save money by putting a new contract out for bid. The company should not be relieved, but rather should be concerned that the payment would violate the FCPA. There are several reasons

10

why the payment would probably not fall within the "routine governmental action" exemption. First, payment is being solicited by a foreign government official who has discretion to determine whether, or on what terms the government will continue to do business with the company. This factor alone negates the routine governmental action exemption. Second, there does not appear to be any indication that the "option fee" is a routinely required payment. Third, although the amount is relatively small in comparison to the revenues that the company can earn if the option is exercised, the amount is not insignificant. Finally, the totality of the circumstances clearly suggests that the payment would be a bribe. The contracting officer is requesting a payment to do something that does not seem to make good business sense for his employer. Why would the contracting officer not wish to solicit new bids or at least negotiate lower prices than are contained in the option, if market prices have dropped significantly? Although this last factor would strengthen a prosecutor's FCPA case against the company, it would not be necessary for a finding of FCPA liability. Even if a business decision otherwise seems to make sense for all parties, the payment of something of value to a foreign official who has the discretion to direct business to a company as a condition for the official doing so, violates the FCPA. B.

Payments expressly permitted by foreign law


A payment to a foreign official that might otherwise violate the FCPA will not be a violation if the payment is lawful under the written laws of the foreign official's country. This requirement is rarely satisfied. First, most countries have laws that prohibit bribery of government officials, even if those laws have not always been rigorously enforced. Second, the country's laws or regulations must affirmatively permit, in writing, the type of payment in question. The absence of written laws expressly prohibiting the payment is not enough. It is also not enough to get a legal opinion from a local lawyer in the country. Although U.S. enforcement authorities would look at the opinion, they would decide for themselves whether a payment is in fact expressly authorized by the foreign law. Example 16: A company plans to sell products to the government of a foreign country. That country has a written statute requiring sellers of products to the government to pay an assessment of one percent of total sales to the local government procurement office within 30 days after the sales contract is signed. The company pays the assessment. The payment in all likelihood is covered by the FCPA's "written law" exception because it is lawful and, in fact, required under applicable written foreign law. However, this kind of situation is extremely rare. Example 17: A company plans to sell products to the government of a foreign country. A foreign government procurement official requests the company to pay an assessment of one percent of total sales. No written foreign law addresses such assessments.

11

Such a payment would be very risky. The payment is not exempt under the foreign law exemption because it is not expressly permitted by the country's laws or regulations, and the absence of a prohibition against such payments is not enough. It is possible that the payment may fall within the "routine governmental action" exemption discussed above, but more facts would be needed to determine this. No payments should be made or agreed to in these circumstances without the advice of legal counsel. Example 18: A company plans to do business for the first time in a thirdworld country that is developing a free-market economy after years of Communist rule. The country has no written laws prohibiting bribery of its government officials, and it is well known that it is difficult to conduct business in the country without providing "favors" to government officials. The company pays a 20% commission to its sales representative to obtain a $10-million sale, which is a substantially higher rate than the company has paid sales representatives to market the same product to other international customers. Although these facts alone may not establish a violation of the FCPA, the company is certainly in danger of having violated the statute. The fact that the foreign country has no written laws prohibiting bribery will not be enough to insure that the company has not violated the FCPA. In fact, the lack of a written foreign antibribery statute in the context of a business culture of corruption should alert the company to be especially careful to avoid improper payments. C.

Certain reasonable expenditures


Certain reasonable expenditures are also exempt under the FCPA. These include reasonable travel or lodging expenses, incurred by or on behalf of a foreign official and directly related to - the promotion, demonstration, or explanation of products or services, or the execution or performance of a contract with a foreign government.

Example 19: A company has previously sold automobiles to a foreign government's defense department. The company knows that the customer was not fully satisfied with the reliability of the automobiles. However, the company has recently improved its quality control and believes that it can retain the customer by demonstrating these new procedures to it. The company convinces the customer to visit its U.S. plant, pays for the customer's airfare and hotel, and treats the customer to dinner at a nice restaurant after the plant tour. The customer's airfare, hotel, and dinner appear to be "reasonable expenditures" by the company in connection with the in-plant demonstration of the company's product. The facts do not seem likely to give rise to a violation of the FCPA. However, reliance upon FCPA exemptions when making any payments to or on behalf of foreign officials is a very tricky area -- even slight factual variations can make all the difference in determining whether a violation has occurred. For this

12

reason, it is important to obtain legal advice before making such payments. Example 20: Same facts as Example 19, except the company invites the customer to bring his spouse on the trip and pays for the spouse's airfare and hotel. Following the plant tour, the couple spends a long weekend in the United States at a resort, paid for by the company. In this situation, it is not at all clear that these are reasonable expenditures exempt from the FCPA. The expenses for the spouse and the resort do not appear to be directly related to demonstration of the company's product. If the payments are not exempt, there may be a violation of the FCPA. Advice of legal counsel is important before making such payments to determine whether they are lawful. Example 21: Same facts as in Example 19. Two months after the visit, the company wins the contract for the next fiscal year's requirements. The company was second low bidder. Its competitor, another U.S. automobile manufacturer, was the low bidder. The circumstances surrounding the contract award increase the likelihood that an enforcement official would view the trip reimbursement as a violation of the FCPA. It should be noted that DOJ is more likely to prosecute possible FCPA violations when it believes that the violation may have directly prejudiced another U.S. company, as in this situation. However, there still may be a violation of the FCPA even without commercial harm to another U.S. company. IV.

Penalties For Violating The Antibribery Provisions


The penalties for violation of the FCPA antibribery provisions are severe. For each violation, a company can be forced to pay a criminal fine of up to $2,000,000 or twice the gross gain from the violation, whichever is greater. An individual can be fined up to $250,000 or twice the gross gain from the violation, whichever is greater, and imprisoned for up to five years. The court can also impose a civil penalty of up to $10,000 per violation. The FCPA expressly provides that when an individual is fined for violating the FCPA antibribery provisions, the company with which the individual is affiliated as an officer, director, employee, agent, or stockholder may not pay the fine on behalf of the individual -- or reimburse the individual for the fine -- directly or indirectly. This rule is designed to provide leverage to prosecutors who conduct FCPA investigations against companies suspected of violating the act. DOJ believes that company employees are more likely to cooperate with prosecutors if they personally have more at stake and therefore have more reason to seek immunity from prosecution.

THE FCPA ACCOUNTING PROVISIONS


In addition to the explicit antibribery provisions, the FCPA includes accounting provisions that apply to all SEC reporting companies. The accounting provisions apply independently of the antibribery provisions. In fact, they do not even mention bribes or foreign payments. However, the accounting provisions supplement the antibribery

13

provisions to ensure that any bribes or other improper payments are not concealed in the company's books. There are substantial criminal and civil fines for violating the FCPA accounting provisions. The FCPA does not require that a company use any particular accounting system or controls. However, the FCPA does require public companies to maintain accurate books and records that fairly reflect transactions in reasonable detail and to maintain an adequate system of internal accounting controls sufficient to ensure that financial statements are prepared in conformity with generally accepted accounting principles. Specifically, the FCPA requires public companies to -o o o o o o make and keep books, records, and accounts that accurately reflect the company's transactions and disposition of assets, and maintain accounting controls to ensure that -transactions are executed in accordance with management's authorization; transactions are properly recorded; access to assets is permitted only in accordance with management's authorization; and accounting records are checked against existing assets at reasonable intervals, and appropriate action is taken to resolve any discrepancies.

One significant purpose of the FCPA accounting provisions is to make it extremely difficult to "get away" with foreign bribery by concealing questionable transactions in the company books. In fact, the FCPA accounting provisions make it virtually impossible for a company covered by the provisions to do so lawfully. These cases also are much easier for enforcement authorities to prosecute. The FCPA accounting provisions not only require SEC reporting companies to maintain accurate books and adequate controls, but also to ensure that their U.S. and foreign subsidiaries do so as well. This rule applies whenever the SEC reporting company owns more than 50% of another company. If the SEC reporting company owns a minority interest in another company, the SEC reporting company is required to make a good-faith effort to ensure that the company complies with the FCPA accounting provisions. Example 22: U.S. Corporation, headquartered in Chicago, has a wholly owned subsidiary, Eurocorp, based in Paris and incorporated under French law. Eurocorp's vice president of marketing is an American citizen living and working in Paris. To obtain business from a government in the Middle East, she hires a foreign sales representative who is a citizen and resident of the Middle Eastern country. The sales representative subsequently bribes a local official to obtain a contract for U.S. Corporation. The vice president of marketing learns about the payment after it happens and that the foreign sales representative made the payment from his commission fee for making the sale. Eurocorp records list the payment to the foreign sales representative as a commission, with no reference to the bribe payment. The FCPA requires U.S. Corporation to maintain accurate accounting records and also to make sure that Eurocorp maintains accurate accounting records. Because Eurocorp has deliberately falsified its books, it has caused U.S. Corporation to violate the FCPA accounting provisions, even though U.S. Corporation has not violated the antibribery provisions. If the inaccuracy in Eurocorp's books caused U.S. Corporation's own accounting records to be inaccurate, this would be a separate basis for concluding that U.S. Corporation violated the FCPA accounting provisions.

U.S. DEPARTMENT OF JUSTICE BUSINESS REVIEW PROCEDURE

14

According to the DOJ, to avoid being found liable for a violation of the FCPA, companies are encouraged to exercise "due diligence" and to take all necessary precautions to ensure that they have formed a business relationship with reputable and qualified partners and representatives. The DOJ generally expects such due diligence to include, at a minimum, investigating potential foreign representatives and joint venture partners to determine if they are in fact qualified for the position; whether they have professional or personal ties to the government; the number and reputation of their clientele; and their reputation with the U.S. Embassy or Consulate and with local bankers, clients, and other business associates. The DOJ recommends that companies seek the advice of counsel and consider utilizing the DOJ business review procedure just described if there is any doubt regarding whether a particular transaction might violate the FCPA. The DOJ has established a procedure for pre-transaction business reviews addressing FCPA compliance. Although in most situations it will be appropriate and sufficient for a company planning a particular transaction to resolve any FCPA issues by consulting with in-house or outside legal counsel, DOJ business reviews can be helpful in ensuring compliance with the FCPA. The review procedure permits companies to obtain an opinion from the attorney general -- in advance -- as to whether certain actions, if taken, will comply with or violate the FCPA. Although the opinion procedure is limited to proposed conduct, the DOJ will not review purely hypothetical or incidental inquiries. Under this procedure, a company covered by the FCPA may submit the details of a proposed transaction to the DOJ. Within 30 days of receiving a request, the DOJ sends the party an opinion letter stating whether or not the specified conduct violates the FCPA under its present enforcement policy. Absent a perceived FCPA violation, the DOJ will indicate that no enforcement action is intended. If the DOJ later brings an action against a party based on conduct alleged to violate the FCPA, and the party has an opinion letter from DOJ stating that the action would not violate the FCPA, the party will not be liable, unless the actual facts of the transaction differ from what was stated to the DOJ. (The opinion letter does not bind or obligate another agency, or create rights for parties other than those who submitted the request.) Any opinion as to DOJ's likely enforcement conduct is limited to the specific facts presented. Therefore, it is critical that the conduct in question be fully disclosed to DOJ in the opinion request. Although no precise form or language is required in a DOJ opinion request letter, the letter must meet certain requirements -o o The request must be in writing. The request must be signed by a senior officer who has operational responsibility for the proposed conduct and who has been designated by the chief executive officer to sign the opinion request. The officer who signs the request must certify that the request contains a timely, correct, and complete disclosure regarding the proposed conduct. The request must contain "all relevant and material information bearing on the conduct for which review is requested and on the circumstances of the proposed conduct."

o o

15

The last requirement is absolutely crucial. The requesting party may rely upon a written FCPA opinion letter only to the extent that the disclosure in the request letter was complete and accurate. Even if the disclosure was complete and accurate when made, the requesting party will not be able to rely on a DOJ opinion if the facts change. Example 23: A U.S. company wishes to sell night-vision goggles to the army of a foreign country. That country's procurement regulations require successful bidders to pay the head of the procurement office a "vendor fee" of two percent of the contract amount upon contract award. The U.S. company plans to submit a bid for $3 million and wants to ensure that it can lawfully pay the $60,000 fee if it gets the award. At the suggestion of its counsel, the company requests a DOJ business review opinion to make sure that the "foreign written law" exemption applies. The company sends a properly signed and certified opinion request letter to DOJ, which explains all these facts and includes a copy of the foreign country's regulation. The company receives a DOJ opinion letter stating that under current enforcement standards, no enforcement action is intended. Three months later, the U.S. company wins the contract. When reviewing the award package containing the full contract document, the U.S. company's contract administrator notices that in the index of applicable regulations, the entry for "Vendor Fee Requirements" has been crossed out, and the notation "REPEALED" has been stamped next to where it appeared. The contract administrator then gets a call from the chief procurement officer of the foreign country's army, who explains that the regulation was indeed repealed one week before the contract award. However, the army official requests that the U.S. company pay him $60,000, notwithstanding the change in regulations. The U.S. company, having already budgeted the $60,000, makes the payment. When the DOJ begins an enforcement investigation, the U.S. company's attempt to use the DOJ letter to prove that the transaction complied with the FCPA will be rejected, because the actual transaction turned out to be different from what was represented in the opinion request letter. Even though the request letter was completely accurate when provided to the DOJ, the U.S. company could no longer rely on the DOJ opinion because the foreign army's vendor fee regulation changed. DOJ opinion requests are considered exempt from disclosure under the Freedom of Information Act. However, DOJ does publish redacted versions of its responses.

COMPLIANCE WITH THE FCPA


According to the DOJ, to avoid being found liable for a violation of the FCPA, companies are encouraged to exercise "due diligence" and to take all necessary precautions to ensure that they have formed a business relationship with reputable and qualified partners and representatives. The DOJ has suggested that such due diligence may include investigating potential foreign representatives and joint venture partners to determine if they are in fact qualified for the position, whether they have professional or personal ties to the government, the number and reputation of their clientele, and their reputation with the U.S. Embassy or Consulate and with local bankers, clients and other business associates. The DOJ recommends that companies seek the advice of counsel and consider utilizing the DOJ Business Review Procedure described above if there is any doubt regarding whether a particular transaction might violate the FCPA. I.

DOJ And SEC Red Flags

16

The DOJ has chief enforcement responsibility for the antibribery provisions of the FCPA, while the SEC has chief enforcement responsibility for the accounting provisions. These agencies have identified circumstances they regard as indicating possible FCPA violations. Some of the circumstances are very general and do not in themselves mean that a violation has occurred or will occur, but that special precautions should be taken. The company is selling to a country known to have had widespread corruption. The industry is known to have a history of corruption. The company has recently been audited for improper payments.

Other circumstances more obviously signal a problem that, if not investigated, could lead a prosecutor to conclude that a company is willfully disregarding signs of bribery. The sales representative refuses to sign a written agreement promising to comply with the FCPA. The sales representative has family or business ties with government officials. The sales representative has a bad reputation or is new to the business so that his reputation cannot be verified. The sales representative asks that his identity not be disclosed. The potential foreign customer recommends the sales representative. The sales representative lacks the facilities and/or staff necessary to perform the required marketing activities. The sales representative makes odd or irregular requests, such as alteration of invoices, over-invoicing, checks to be made out to "cash" or "bearer," payments to be made in cash, unusually large credit lines or advance payments, and so forth. The sales representative requests payment of a commission that seems too high for the particular product and country. The sales representative requests payment through convoluted means or in a third country that has no apparent legitimate connection with the transaction.

Example 24: U.S. Corporation is interested in selling police bikes in a foreign country where bribery is known to be prevalent and where it has not previously conducted business. U.S. Corporation interviews prospective in-country sales representatives. In negotiations with a prospective Sales Rep who claims to have excellent contacts with the chief of police, U.S. Corporation informs Rep that he will need to agree to a provision that requires him to comply with the FCPA. Rep initially states that he is unwilling to agree to such a provision, because the FCPA is an American law that does not cover foreign citizens. U.S. Corporation responds that the law was amended in 1998 and does apply to foreign citizens. Rep says that he will agree to the provision, but he still thinks that it does not apply to him and that U.S. Corporation should "get real" about what is necessary to obtain sales in this country. U.S. Corporation believes that Rep will be effective and retains him, notwithstanding his initial unwillingness to agree to the FCPA compliance provision and his casual attitude toward the FCPA. U.S. Corporation obtains sales, and Rep requests that his first commission installment be wired to a bank account in Geneva, rather than to his office in the foreign country. U.S. Corporation complies with this request. The funds wired to Geneva are eventually paid to the chief of police, who is responsible for the purchase.

17

U.S. Corporation has ignored several red flags that should have signaled an FCPA compliance problem. First, this country is one where bribery is known to be prevalent. Although this alone should not keep a company from doing business there, care should be taken. Rep's initial refusal to agree to the FCPA compliance provision and his ambivalent attitude once he did agree were obvious signs of trouble. Aside from the fact that the FCPA would cover Rep in many circumstances, the very fact that he was unwilling to agree to an FCPA compliance provision, as well as his comments about what it takes to make sales, were serious danger signals. Finally, the request for payment to be made in a third country with no apparent connection to the sale made it apparent that there was more than a potential problem here -- there was a clear signal that bribery would take place. U.S. enforcement authorities would likely conclude that the company "knew" about the bribe within the meaning of the FCPA. As explained above, actual knowledge of a bribe has never been a prerequisite for FCPA liability. II.

Selection Of Foreign Sales Representatives


As noted above, one way that a company might seek to avoid trouble is to take steps to ensure that its foreign sales representatives are competent and reputable. If the process is conducted and documented effectively, the chances of engaging a sales representative who will violate the FCPA may be reduced. You should consult your company's law department and any company policies if you have any questions regarding your company's procedures for selecting and screening its foreign representatives.

III.

Foreign Sales Representative Agreements


One possible way to prevent misunderstandings with foreign sales representatives is through a written representative's agreement. An agreement of this kind can be used to define the company's relationship with the representative and spell out the type of conduct that is and is not authorized by the company. This can increase the chances of avoiding trouble by encouraging the sales representative to act properly, or by helping the company to screen out potential problems if a prospective sales representative takes issue with certain terms. Again, you should consult your company's law department and any company polices regarding when and how sales representative agreements should be used and what they should contain.

18

Coordinating UK Bribery Act & FCPA Compliance

Coordinating UK Bribery Act & FCPA Compliance

An Analysis by Michael Fine1 April 2011 The UK Bribery Act will take effect 1 July 2011, putting into place a new and expanded scheme of bribery offenses for domestic and international business activities.2 Although broadly comparable to the US Foreign Corrupt Practices Act (FCPA), there are important differences that may require changes to some corporate compliance programs. This white paper is designed to help organizations subject to both laws better align their compliance policies and practices.3

OVERVIEW
The Bribery Act represents a significant change in UK law, replacing a patchwork of common law and statutory offenses widely seen as antiquated. The new law, which applies to any commercial organization that is registered or otherwise conducts business in the United Kingdom, prohibits bribery of government officials or in commercial dealings anywhere in the world. Bribery is broadly defined, and there are no express exceptions or defenses (as under the FCPA) for legitimate promotional expenditures or small facilitation payments to expedite routine government actions. The Bribery Act replaces previous offenses with four new ones. Sections 1 and 2 of the Act contain general offenses that prohibit the giving and taking of bribes in the public and private sectors. Section 6 creates an additional discrete offense relating to bribery of foreign government officials. And Section 7 establishes a new corporate offense for failing to prevent
1

Michael Fine is the Principal of NXG Global Law & Compliance. He has extensive experience working with international businesses to design and implement comprehensive legal compliance programs, with a particular focus on the U.S. Foreign Corrupt Practices Act and global counterparts. Mr. Fine is the author of a comprehensive study on program design practices at major multinational firms. He also provided legal and drafting support to the World Economic Forum task force that developed the PACI Principles for Countering Bribery, and has been an expert consultant to Transparency International. The Bribery Act received Royal Assent, the final step before a bill can become law, on April 8, 2010, and will enter into force on 1 July 2011. Full text of the Act and Explanatory Notes are available on the UK Ministry of Justice website (http://www.legislation.gov.uk/ukpga/2010/23/contents). This white paper focuses on UK and US foreign bribery laws, but similar laws also are in place elsewhere and may warrant program adjustments. In addition to the UK and US, 36 countries have enacted comprehensive foreign bribery laws in line with the 1997 OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. The OECD website lists signatory countries, along with monitoring reports on country implementation and other related information.

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

Coordinating UK Bribery Act & FCPA Compliance

The Bribery Act replaces previous offenses with four new ones, including a novel corporate offense of failing to prevent bribery by employees or others on a companys behalf.

bribery committed on a companys behalf, unless the company can show it had adequate procedures in place to prevent it. Another provision extends liability to an organizations senior officers if the bribery occurred with their consent or connivance. Jurisdiction under the Bribery Act is far-reaching. The general and discrete offenses apply to acts that occur in whole or part in the United Kingdom or that occur elsewhere if undertaken by a UK nationalembodying the same territorial and nationality concepts found in the FCPA. In addition, the corporate offense of failing to prevent bribery would apply to any company that carries on a business or part of a business in the UK irrespective of whether the acts or omissions which form part of the offense take place in the United Kingdom or elsewhere. Although it is not yet clear how this jurisdictional provision will be interpreted, its extraterritorial reach may be even broader than under the FCPA. Most early attention has focused on novel aspects of the Bribery Actin particular, its expansive extraterritorial reach, express prohibition of commercial bribery, and different treatment of liability exceptions. For many companies, though, the compliance challenges will not be that different than under the FCPA. Both laws contain expansive territorial and nationality jurisdiction, define prohibited conduct broadly, and hold companies accountable for bribery by an employee or agent. And although the Bribery Act does not track the FCPA exceptions for promotional expenses and facilitation payments, actual practice in most respects may not greatly differ. Conversely, while US law does not expressly require companies to have a reasonable compliance program, such programs are strongly encouraged through the Federal Sentencing Guidelines framework and are a significant factor in prosecutorial decisions. FCPA books and records requirements also are a control on commercial bribery, as are commercial bribery prohibitions under state law. To be sure, global compliance programs must take into account several important differences between the UK and US laws. But companies with substantial anti-bribery policies and compliance practices considered effective in one jurisdiction should be able to rely on these with relatively minor adjustments in the other.4 For program design purposes, the most significant differences relate to: Scope. The Bribery Act combines in a single statute prohibitions found in multiple US laws and traditionally addressed separately in compliance programs. Separate treatment for ordinary commercial practice and dealings with governments will still make sense for most companies, but may require closer alignment. Legal standards. The Bribery Act has its own legal standards for finding an offense, which although broadly comparable to the FCPA differ in form and some applications. Adjustments may be necessary, for example, to reflect differences in approach to criminal intent and coverage terms such as who is an agent or associated person.
4

Although some early commentators speculated that the Bribery Act might set a new standard for foreign bribery laws, surpassing the FCPA model and requiring wholesale revisions to FCPA-oriented compliance programs, other assessments have been more reserved. The chair of the OECD working group responsible for assessing Bribery Act conformity to OECD convention standards, for example, has described the Act as middle of the road and comparable to what most other OECD states have put in place. As will be seen below, US and UK anti-bribery legal prohibitions are broadly comparable in most areas if US legal authority beyond the FCPA is taken into account and are also already part of most comprehensive global compliance programs.

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

Coordinating UK Bribery Act & FCPA Compliance


Corporate liability. Both laws hold corporates liable for bribery by an employee or agent, but in different ways. FCPA liability is direct based on the legal doctrine of respondeat superior, while in most cases Bribery Act exposure would be primarily through the new corporate offense of failing to prevent bribery. Defenses and exceptions. Statutory limits on liability are comparable, with two important exceptions. First, the Bribery Act provides a defense to corporate liability not found in the FCPA for companies that can show adequate procedures were in place to prevent bribery.5 Second, the Bribery Act does not recognize a facilitation payments exception and programs that include this FCPA exception may not qualify for the adequate procedures defense. Responsibility for affiliates. Another key difference is in the treatment of bribery by subsidiaries and other related companies. Liability under the Bribery Act is limited to conduct by others for an organizations benefit, but under the FCPA can also reach selfserving bribery by affiliates. Enforcement tools. The FCPA contains separate books and records requirements not found in the Bribery Act, although other UK laws may be used to fill this gap. US prosecutors also have lesser civil penalty options not available under the Bribery Act. Adequate procedures. Standards for an effective anti-bribery program are comparable, but with differences in some areas that may require adjustments. For example, US guidelines for high-level responsibility and board reporting are more detailed and prescriptive but do not address external communications practices highlighted by UK authorities. Jurisdiction. Finally, although both statutes contain extremely broad grants of extraterritorial jurisdiction, differences on the margins could be important to some companies. For example, listing on a public exchange would trigger jurisdiction under the FCPA but not the Bribery Act. On the other hand, depending on how it is interpreted conducting business jurisdiction under the Bribery Acts corporate offense could reach more foreign companies than the comparable FCPA coverage.

COMPARISON OF KEY PROVISIONS


In the discussion that follows, we compare and contrast key provisions of the Bribery Act and FCPA with an eye toward changes that may be needed to align FCPA-oriented compliance programs with the new UK bribery law.6 We use the FCPA as a baseline because most
As we explain below, the corporate offense of failing to prevent bribery was added in response to past difficulties holding corporates directly accountable for bribery by an employee. This legal constraint has not changed, so that in most cases the practical effect of the adequate procedures defense would be to insulate an organization entirely from Bribery Act liability. Interpretative sources used for this report include, in addition to the Bribery Act and Explanatory Notes, guidance issued 30 March 2011 by the Ministry of Justice for commercial organizations on the adequate procedures defense (MOJ Adequate Procedures Guidance) and guidelines for Bribery Act prosecutions also dated 30 March issued by the Directors of Public Prosecution and the Serious Fraud Office (Joint Guidance for Prosecutors). The MOJ Adequate Procedures Guidance and Joint Guidance for Prosecutors are available, respectively, at http://www.justice.gov.uk/guidance/making-and-reviewing-the-law/bribery.htm and http://www.sfo. gov.uk/media/167348/bribery act joint prosecution guidance.pdf.

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

Coordinating UK Bribery Act & FCPA Compliance

Although broadly comparable, the Bribery Act and FCPA reflect the different historical circumstances in which they were enacted. Reviews to align global compliance need to reach the full range of related US and UK laws.

companies with global programs are familiar with the Act and have structured policies and practices to comport with US requirements. However, the analysis can easily be adapted for companies with Bribery Act-based programs to bring them into alignment with the FCPA. 1. Differences in scope and structure The UK Bribery Act covers a much broader range of conduct than the FCPA, making point-by-point comparison difficult in some areas. While the FCPA is largely (although not entirely) limited to bribery of foreign public officials, the Bribery Act also targets bribery between companies and both public and commercial bribery in the UK itself. These additional areas are also addressed under US law, but not through the FCPA bribery prohibition and for this reason tend to be covered in separate categories in compliance programs. The FCPA and Bribery Act reflect the historical circumstances in which they were enacted. The FCPA was part of a broader set of reforms adopted in the 1970s in the wake of the Watergate political scandal, designed to close a specific gap in the federal criminal law involving illicit corporate contributions made from secret slush funds. Other laws were already in place for corrupt payments to government officials at home, covering both active (giving) and passive (receiving) forms of bribery, and these have continued to evolve separately from the FCPA. The UK Bribery Act, by contrast, represents a single comprehensive overhaul of the countrys anti-bribery laws, both domestic and foreign. Accordingly, companies with FCPA-oriented programs will need to determine whether corporate policies on commercial bribery and for operations in the UK also meet Bribery Act requirements. Conversely, those with programs based on the Bribery Act will need to consider the FCPAs additional accounting requirements as well as antibribery restrictions under other US laws. In addition, gap reviews should not overlook other rules and requirements (such as for money laundering or various forms of political activity) that although not mentioned in either the Bribery Act or FCPA are part of any comprehensive compliance program. Take-Away: Program reviews to align Bribery Act and FCPA compliance should be broad enough to cover the full range of prohibitions and requirements under these and related UK and US laws. 2. Bribery of foreign public officials The FCPA and Bribery Act prohibitions on foreign public bribery provide a useful starting point for comparison. Both criminalize bribery of a foreign public official for business advantage. a. Prohibited conduct The FCPA makes it a crime for any US company and its employees or agents to offer, promise, pay or authorize the payment of anything of value to any foreign official in order to help the company obtain or keep business or secure some other improper business advantage. An improper business advantage may involve efforts to obtain or retain business, as in the awarding of a government contract, but can also involve regulatory actions such as licensing or approvals.

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

Coordinating UK Bribery Act & FCPA Compliance


The FCPA prohibition applies whether an improper payment is actually made or only offered or promised, and whether or not it achieves the desired result. It also does not matter whether the bribe was voluntarily offered or was suggested or demanded by an official.

Bribery Act provision


The Bribery Act discrete offense largely parallels the FCPA, criminalizing bribery of a foreign public official with intent to obtain or retain business, or an advantage in the conduct of business.7 Business advantage is not defined, but as under the FCPA appears to encompass licensing and other regulatory advantages as well as securing business.8 The prohibition likewise covers payments made directly or through a third party, and whether an advantage benefits the official or another person at the officials request or with his or her assent or acquiescence. The Bribery Act general offenses are even broader, prohibiting bribery of any person (not limited to a public official) with intent to induce improper performance of a relevant duty. Although the general offenses collapse the distinction between foreign public and commercial bribery, heightened attention to public corruption for training and other compliance activities will still make sense for most companies because of the enforcement priority in this area. Take-Away: FCPA and Bribery Act prohibitions on foreign public bribery are comparable, but with differences in language and some details that may warrant program adjustments. As in the Bribery Act itself, separate treatment of public sector corruption risks and prophylactic measures will still make sense for most companies. b. Covered officials A foreign official under the FCPA can be essentially anyone who exercises governmental authority. Foreign official is broadly defined to include any officer or employee of a foreign government department or agency, whether in the executive, legislative or judicial branch of government, and whether at the national, state or local level. Officials and employees of government-owned or controlled enterprises also are covered, as are private citizens who act in an official governmental capacity. The FCPA prohibition also applies to political parties, party officials and candidates, and to officials and employees of public international organizations such as the United Nations.

Bribery Act provision


The Bribery Act contains a similarly expansive definition for foreign public official, covering any individual, whether elected or appointed, who holds a legislative,
7 8

UK Bribery Act 6(2). Notes accompanying the Act prepared by the government explain that the discrete offense closely follows the OECD anti-bribery convention, which defines prohibited bribery to include payments to induce an official to act or refrain from acting in relation to the performance of official duties. See Explanatory Notes, supra note 1 at 34; OECD Convention Art. 1(1). Elsewhere in the Act, bribery is defined expansively to include attempting to induce improper performance of any function of a public nature, which would include licensing and other regulatory functions. Bribery Act 3(2)(a); see also Joint Prosecution Guidance, supra n. 6 at 4.

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

Coordinating UK Bribery Act & FCPA Compliance

The Bribery Act discrete offense closely parallels the FCPA, prohibiting bribery in any form (not just cash payments) involving essentially any foreign public official.

administrative or judicial position of any kind of a country or territory outside the United Kingdom, including any subdivision thereof.9 The statutory definition also includes anyone who is an official or agent of a public international organization or who exercises a public function for or on behalf of a foreign government, public agency or public enterprise. As under the FCPA, coverage would extend to professionals working for public health agencies and officers exercising public functions in state-owned enterprises.10 This coverage appears essentially comparable to the FCPAs, although differences could surface in a few areas. For example, while the FCPA definition explicitly includes political parties and candidates, their status as public officials under the Bribery Act is less certain. (US efforts over the years to make this coverage explicit in the OECD Convention have not been successful.) Similarly, UK authorities may not be as quick to apply foreign official status to personnel at state-owned commercial enterprisesif only because such bribery would still be subject to the Bribery Act prohibition on commercial bribery.11 Take-Away: Foreign official coverage is essentially similar. Programs should make clear that bribery is not acceptable under any circumstances, whether involving a public official or between companies. c. Form of payment Bribery under the FCPA can take any form. The statute makes it a crime to offer, promise or give anything of value to a foreign official to gain an improper business advantage. This would include, among other things of value, cash payments, gifts and entertainment, offers of employment, political or charitable contributions, and equity interests or other business opportunities.

Bribery Act provision


The Bribery Act contains similar language, proscribing the offer, promise or giving of any financial or other advantage to a foreign public official for business advantage. While most things of value barred by the FCPA are likely to be covered, this has not yet been spelled out by UK authorities and may require further guidance in the future.12 Again, some differences could surface on the marginsfor example, in the treatment of political and charitable contributions or some promotional activities. Take-Away: Programs should explain that bribery can take many forms and is not limited to cash payments. FCPA practice can offer useful guidance pending further direction from UK authorities.
9 10 11

UK Bribery Act 6(5). MOJ Adequate Procedures Guidance, supra n. 6 22. Application of foreign official status to officials and employees of state-owned commercial enterprises (such as public hospitals and national extractive or manufacturing companies) has been controversial under the FCPA, generating a recent legislative proposal to more narrowly define coverage of public instrumentalities. This coverage distinction, however, would be less meaningful under the Bribery Act because of the added prohibition on commercial bribery. See Joint Prosecution Guidance, supra n. 6 at 5 (explaining that advantage is to be determined as a matter of common sense by the courts, based on its normal, everyday meaning).

12

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

Coordinating UK Bribery Act & FCPA Compliance


d. Corrupt intent Only offers or payments made with corrupt intent violate the FCPA bribery prohibition. Prosecutors must be able to show that a person making or authorizing payment to a foreign official had a corrupt intent and meant to induce the official to misuse his or her official position for business advantage.13 Illustrative examples include payments intended to influence an official act or decision, induce a public official to violate a lawful duty, or otherwise gain an improper business advantage. An explicit quid pro quo typically is involved, but not always. Corrupt intent is not a requirement, however, for enforcement action taken pursuant to the FCPAs civil accounting provisions, addressed separately below (at 17). These provisions make a company strictly liable for accounting and control failures.

Bribery Act provision


The Bribery Act contains two separate intent requirements, both potentially broader than the FCPA but in different ways. The discrete offense conditions prosecution on an intent to influence a foreign official with respect to a business advantage, but without explicitly requiring (as in the FCPA) a corrupt motive. According to the Joint Parliamentary Committee that considered the bill, this limiting term was left out to give prosecutors more discretion in dealing with defenses based on asserted cultural norms.14 At the same time, the government has made clear that there is no intention to prosecute individuals or companies for legitimate business expenditures.15 (We discuss this interpretative guidance in more detail below, in the section on statutory exceptions and defenses.) The Acts general offense sets a more explicit fault standard, conditioning prosecution on an intention to induce improper performance of anothers duties. Improper performance is performance which amounts to a breach of an expectation that a person will act in good faith, impartially, or in a position of trust.16 Requisite intent would be present if, by paying a bribe, the recipient would be expected to act contrary to these expectations. This second standard is similar to the FCPA intent requirement, but potentially broader in several respects. First, the general offense does not have an explicit business nexus requirement, as under the FCPA and also Bribery Act discrete
13

This requirement is summarized in a Lay Persons Guide to the FCPA at 3, available on the US Department of Justice website. Corrupt intent is not defined in the statute, but was described in report language accompanying the FCPA as connot[ing] an evil motive or purpose, an intent to wrongfully influence the recipient. S. Rep. No. 95114, at 10 (1977). Joint Committee on the Draft Bribery Bill, First Report, 2008-09, 146-47 (available at http://www.publications. parliament.uk/pa/jt200809/jtselect/jtbribe/115/11510.htm#a27). MOJ Adequate Procedures Guidance, supra n. 6 at 23 (explaining that Section 6 violations are likely to involve conduct which amounts to improper performance and that it is not the Governments intention to criminalise behaviour where no such mischief occurs). MOJ Adequate Procedures Guidance, supra n. 6 at 18.

14

15

16

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

Coordinating UK Bribery Act & FCPA Compliance

Bribery Act jurisdiction over corporates is potentially broader than the FCPA in some respects but narrower in others.

offense, and so in theory could reach a broader range of conduct.17 Second, improper performance may be a less burdensome standard for the government to meet in some cases. For example, it is doubtful that US authorities could base a successful bribery prosecution solely on a breach of general expectations of good faith performance. 18 Take-Away: Differences in this area may be significant in the event of litigation but should not affect prophylactic compliance measures. e. Jurisdiction FCPA jurisdiction is far-reaching, embodying both territorial and nationality principles. The FCPA applies to issuers and domestic concerns, terms from US securities law that include anyone who is a US citizen or resident, all US companies, and any foreign company listed on a US stock exchange.19 Issuers and domestic concerns can be prosecuted for bribery anywhere in the world, whether or not any part of an offense takes place in the US. In addition, foreign companies not listed on a US exchange can be prosecuted for foreign bribery that has a connection to the US. The threshold for this territorial jurisdiction is very low, requiring in some recent cases as little as a wire transfer or email communication with a US nexus. Foreign subsidiaries of US companies are considered foreign nationals, subject only to the FCPAs territorial jurisdiction. However, parent companies (including foreign issuers) can be held responsible for a foreign subsidiarys conduct if it was authorized, directed or controlled. They may also be liable for an affiliates accounting violations.20

Bribery Act provision


Jurisdiction under the Bribery Acts general and discrete offenses closely parallels the FCPA, providing both territorial and nationality coverage. The offenses apply to any conduct that occurs in whole or part in the UK, or elsewhere if undertaken by a person who has a close connection with the United Kingdom.21 Those with a close connection include, among others, UK citizens, ordinary residents and incorporated companies.
17

Improper performance may be found with respect to any function of a public nature. Bribery Act 3(2)(A). By contrast, the FCPA and Bribery Act discrete offense explicitly require an intent to gain improper business advantage. Whether this distinction would have practical significance is less clear, in part because business advantage would still be a factor under the Section 7 corporate offense. US prosecutors for many years relied on an analogous honest services doctrine in domestic public corruption cases, but in a widely reported decision last year, the US Supreme Court found this standard too vague to support criminal prosecution. (The case is Skilling v. United States, 561 U.S. __ (2010), discussed in an enforcement alert available on the ECA website.) It is not yet clear how good faith and other performance expectations listed in the Bribery Act will be applied, but given the broad range of functions and activities covered by the Act similar vagueness concerns could arise. 15 USC 78dd-1, 78dd-2. Domestic concern is defined to mean anyone who is a citizen, national or resident of the US, and any corporation, partnership or other entity organized under US law or with its principal place of business in the US. An issuer is any entity (domestic or foreign) with securities registered in the US or otherwise required to file reports with the Securities and Exchange Commission. Issuers are responsible for recordkeeping practices at majority-owned subsidiaries and affiliates, and for making a good faith effort to encourage appropriate practices at minority-owned affiliates. Bribery Act 12.

18

19

20

21

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

Coordinating UK Bribery Act & FCPA Compliance


In addition, commercial organizations can be prosecuted under the separate Section 7 corporate offense of failing to prevent bribery by others. Jurisdiction under this provision is even broader, extending coverage to any company that carries on a business, or part of a business in the United Kingdom.22 In effect, a foreign company with only limited UK business ties could be liable for any corruption it carries out anywhere else in the world.23 As written, the corporate offense could reach even more extraterritorial conduct than the FCPAalthough at present the extent of this jurisdiction remains a matter of speculation. The Bribery Act does not say what it means to carry on a business, or part of a business in the UK, leaving to government and ultimately judicial interpretation whether jurisdiction could be based on such limited contacts as a subsidiary, agent or even distributor relationship. The comparable FCPA jurisdiction is keyed to issuer status, limiting action against foreign companies for wholly extraterritorial bribery to those listed on a US stock exchange or otherwise subject to SEC disclosure requirements. The government has said that it will apply a common sense approach to Section 7 and does not intend to assert jurisdiction over foreign companies based solely on incidental contactssuch as stock listing or ownership of a UK subsidiary.24 On the other hand, the minimum threshold for foreign company coverage is still not clear and officials have repeatedly expressed their intention to exercise Bribery Act jurisdiction aggressively to ensure that ethical UK corporates are not placed at a competitive disadvantage by the activities of unethical corporates wherever.25 Pending further guidance, a comparison of the outer limits of Bribery Act and FCPA extraterritorial jurisdiction is premature. All that can be said at this point is that stock listing in itself would not be enough under the Bribery Act to trigger jurisdiction over a foreign company but would under the FCPA. In two other respects, corporate coverage under the Bribery Act would appear to fall short of the FCPA. Corporates are less likely to be prosecuted directly for bribery under the general and discrete offenses, and under the corporate offense will have an adequate procedures defense not available under the FCPA.26 Parent company responsibility for bribery by a subsidiary also is more limited.

22

The Section 7 corporate offense is discussed separately below. It extends liability for failure to prevent bribery by an associated person to relevant commercial organizations, broadly defined to include a body which is incorporated under [UK law] and which carries on a business (whether there or elsewhere), and any other body corporate (wherever located) which carries on a business, or part of a business, in any part of the United Kingdom. Bribery Act 7(5). The offense applies to bribery irrespective of whether the acts or omissions which form part of the offense take place in the United Kingdom or elsewhere. Id. 12(5). Interview with Richard Alderman, Director of Serious Fraud Office, Compliance Week (Jan. 19, 2011). MOJ Adequate Procedures Guidance, supra n. 6 36. R. Alderman, Speech at 28th Cambridge International Symposium on Economic Crime (Sept. 6, 2010). The Guidance explains that a common sense approach would mean that organisations that do not have a demonstrable business presence in the United Kingdom would not be caught. MOJ Adequate Procedures Guidance, supra n. 6 at 36. Thus, for example, the mere fact of securities listing or ownership of a UK company would not in itself qualify a company as carrying on business in the UK. Demonstrable presence, however, is not defined, leaving unanswered the type or magnitude of contactor combination of contactsthat would trigger Section 7 extraterritorial jurisdiction over a foreign company. The practical limits on direct prosecution are addressed separately below. See infra note 31 and accompanying text.

23 24 25

26

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

10

Coordinating UK Bribery Act & FCPA Compliance

The UK and US both target commercial bribery, but in different ways. This also is the case for domestic and passive bribery and books & records requirements.

The Bribery Act makes corporates responsible for affiliate actions taken on their behalf, but would not appear to reach bribery by an affiliate on its own account. This distinction has been highlighted by the Ministry of Justice in recent revisions to its adequate procedures guidance on associated persons liability.27 Foreign affiliates would still, of course, be subject to direct prosecution, provided the requisite territorial connection exists. Take-Away: Both laws contain expansive jurisdictional provisions authorizing criminal prosecution of individuals and companies for a wide range of conduct. As a practical matter, however, potential corporate exposure may be significantly greater under the FCPA. 3. Other bribery offenses The Bribery Act contains additional features that go beyond the FCPA and may require changes to some global compliance programs. UK-oriented programs also will need to take into account FCPA books and records requirements not found in the Bribery Act. a. Commercial bribery As can be seen from the preceding discussion, the FCPA and Bribery Act prohibitions on bribing foreign government officials are broadly comparable. However, the Bribery Act also bans commercial bribery, from one business to another. The prohibition on commercial bribery is in the Section 1 general offense, which has much wider scope than the discrete offense of bribing a foreign public official. The general offense makes it a crime to bribe any personwithout regard to official statuswith intent to induce improper performance of a relevant function or activity.28 This would include a bribe offered or paid in connection with purely commercial activities, such as securing a supply or other business contract. The ban on commercial bribery is exceptionally broad, extending to any activity connected with business, performed in the course of a persons employment or performed on behalf of a company for which performance is expected to be undertaken in good faith, impartially or from a position of trust. As the government explained in notes prepared for the Parliamentary debate on the Act, the reason for this expansive coverage is to ensure that the law of bribery applies equally to public and to selected private functions without discriminating between the two.29

FCPA provision
Although commercial bribery is not prohibited by the FCPA, it is by other US laws. The US does not have a general federal statute prohibiting bribery in commercial
27

MOJ Adequate Procedures Guidance, supra n. 6 42. In this analysis, a parent company may be held accountable for acts on its behalf by a subsidiary or other affiliate subject to the same limitations applicable to other associated persons, including that a bribe was intended to benefit the parent directly. However, liability ordinarily will not accrue through simple corporate ownership or investment even though a parent company may benefit indirectly from the bribe. Bribery Act 1(2); MOJ Adequate Procedures Guidance supra n. 6 at 18. Bribery Act Explanatory Notes 28. Section 3 of the Bribery Act lists relevant functions and activities subject to the improper performance standard, together with relevant performance expectations.

28 29

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

11

Coordinating UK Bribery Act & FCPA Compliance


settings. However, most states do and violations of state law that involve interstate commerce can be prosecuted federally under the Travel Act.30 Commercial bribery also is subject to FCPA accounting requirements and can trigger enforcement action if not properly recorded and disclosed. Take-Away: Programs should make clear that bribery of any kind is strictly prohibited. Most companies already have a general prohibition on unethical conduct, but may not relate this specifically to international business. b. Passive bribery The Bribery Act also expressly prohibits passive bribery. The Section 2 general offense makes it a crime to receive or solicit a bribe in connection with improper performance of a public or commercial function or activity.31 The offense applies to any person subject to UK jurisdiction, whether the bribery in question is commercial or public. As with active bribery, a violation can be found whether a payment or other advantage is received directly or benefits another person and whether or not it achieves the desired result.

FCPA provision
There is no comparable provision for foreign bribery in the FCPA. However, passive bribery may violate state commercial bribery prohibitions and be prosecuted federally under the Travel Act or related statutes. Take-Away: Most programs already prohibit passive bribery, but may wish to emphasize Bribery Act criminal sanctions in training and related compliance materials. c. Domestic bribery Another difference is in the treatment of domestic bribery, which is covered by the Bribery Act but not the FCPA prohibition. The Bribery Act general offenses apply to bribery in the United Kingdom as well as abroad, in both active and passive forms and for commercial bribery as well as public bribery. Bribery is broadly defined, and the same jurisdictional and intent requirements described earlier for foreign public bribery apply.

FCPA provision
Domestic bribery is not addressed by the FCPA, but is prohibited by other US laws. The US criminal code (18 USC 201) makes it a crime to bribe a federal official and for an official to invite or accept a bribe. Similar prohibitions have been established
30

The Travel Act (18 U.S.C. 1952) makes it a federal crime to use the mail or any facility in interstate or foreign commerce (such as a telephone line or wire transfer) with intent to facilitate the promotion, management, establishment or carrying on of an unlawful activity, including bribery. See, e.g., US v. Welch, 327 F.3d 1081 (10th Cir. 2003) (Travel Act prosecution based on Utah bribery statute); US v. Young & Rubicam, 741 F. Supp 334 (D. Conn. 1990) (Travel Act prosecution based on New York commercial statute). For an illustrative state law prohibition on commercial bribery, see California Penal Code 641(3)(a) (defining prohibited commercial bribery). Bribery Act 2(2).

31

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

12

Coordinating UK Bribery Act & FCPA Compliance

Although the FCPA does not have a standalong corporate offense, similar legal responsibility for bribery by employees or agents is established by other means. The more significant difference is in the treatment of proactive compliance efforts.

under state law for state and local officials, and additional rules apply to contract transparency, lobbying disclosure, political contributions and other interactions with or involving government officials. In addition, domestic commercial bribery may be prosecuted under the same authority described above. Take-Away: The Bribery Acts broader scope offers a useful reminder of the relationship between domestic and foreign compliance and opportunities to coordinate relevant standards and activities. Reviews should consider the full range of relevant domestic regulation, which in some areas may be more extensive than for analogous international activities. d. Failure to prevent bribery The Bribery Act establishes an additional corporate offense for failing to prevent bribery, designed to overcome past difficulties prosecuting companies directly for employee violations.32 The corporate offense is in Section 7 of the Act. It makes commercial organizations liable to prosecution for bribes paid or promised by an associated person to gain a business advantage. The offense applies to commercial as well as public bribery, regardless of where the underlying act occurred, and can be used to reach not only UK companies but also others that carry on business in the United Kingdom.33 An associated person is any individual or entity that performs services for or on behalf of the company, such as an employee, agent or subsidiary.34 The MOJ Adequate Procedures Guidance includes a detailed discussion of associated person status.35 As explained there, this coverage is to be determined based on overall circumstances (and not just formal relationships), and is intended to give Section 7 broad scope so as to embrace the whole range of persons connected to an organisation who might be capable of committing bribery on the organisations behalf. Section 7 is a strict liability offensethat is, prosecutors would not have to show criminal intent or negligence by a corporate, only that an associated person had engaged in prohibited bribery. Such persons need not have been convicted in advance, and the law assumes that conduct by an employee was on an employers
32

Bribery Act 7(1). Under the common law identification principle, companies could be prosecuted directly for bribery only if an offense was committed by a natural person who was the directing mind and will of the company (i.e., a board member or senior executive). MOJ Adequate Procedures Guidance, supra n. 6 14 n. 3 (citing Tesco Supermarkets v. Nattrass [1972] AC 153.) This was a hard standard for the government to meet, resulting in very few successful corporate prosecutions. See OECD Working Group Report at 63-66 (2005) (describing this limitation in UK law), available at http://www.oecd.org/dataoecd/62/32/34599062.pdf. The new corporate offense avoids this difficulty by making corporates strictly liable for failing to prevent bribery by an employee or other associated person. As explained earlier in the discussion on Bribery Act jurisdiction, Section 7 in effect extends nationality coverage to any non-UK company that carries on a business, or part of a business, in the UKallowing the Government to prosecute companies for bribery anywhere in the world whether or not there is a territorial connection to the United Kingdom. Bribery Act 8. MOJ Adequate Procedures Guidance, supra n. 6 37-43.

33

34 35

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

13

Coordinating UK Bribery Act & FCPA Compliance


behalf. However, a company would have a defense to liability under this provision if it could show that adequate procedures were in place to prevent the bribery. (We discuss this defense separately below.)

FCPA provision
Although the FCPA does not have a stand-alone corporate offense, comparable legal responsibility for bribery by an organizations employees or agents is established by other means. The Bribery Act corporate offense addresses an evidentiary challenge US prosecutors have not faced. Under the FCPA, companies are regularly prosecuted for bribery by employees or other agents. Corrupt intent and other required elements of the crime are imputed based on the common law principle of respondeat superior, which makes an employer organization responsible for criminal conduct by an employee or agent taken on its behalf. In operation, respondeat superior closely parallels strict liability under the Bribery Act corporate offense. Both legal standards hold corporates accountable for bribery offenses by an associated person (employee or other agent under the FCPA) intended to benefit an organization commercially. Although commonly described as a strict liability offense, Section 7 liability under the Bribery Act is still contingent on criminal intent in the predicate general or discrete offense by an employee or other associated person.36 Also, agency is a broad concept under US law, comparable in scope to Bribery Act associated person coverage. The more significant difference between the UK and US models is in the treatment of proactive compliance efforts. Both laws encourage good compliance practice, but only the Bribery Act makes this a complete defense to liability. The adequate procedures defense is meant to heighten the priority given to front-end prophylactic measures, and this effect can already be seen at many companies. At the same time, questions have begun to surface about how the defense will be applied in practice as well as possible unintended consequences from breaking the liability link between employer and employee.37 Companies with UK-oriented programs should be aware that an adequate procedures defense under the Bribery Act would not shield a company from FCPA prosecution. Take-Away: Although both laws encourage proactive compliance, being able to demonstrate adequate procedures has much greater significance under the Bribery Act.

36 37

See MOJ Adequate Procedures Guidance 42. Although the Ministry of Justice has done an admirable job detailing basic guidelines for an effective compliance program (discussed below), it is far from clear how adequacy will be judged in specific circumstances. Qualitative assessments of actual practicein contrast to how a program looks on paperare notoriously difficult, with good models and practical experience still at a formative stage. (This partly explains past US reluctance to establish a program-based safe harbor or defense for the FCPA.)

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

14

Coordinating UK Bribery Act & FCPA Compliance


e. Prosecution of senior officers A further Bribery Act provision extends criminal liability to culpable senior officers. Under Section 14 of the Act, a commercial organizations senior officers may be prosecuted for general or discrete offenses by the organization if the bribery occurred with their consent or connivance.38 Senior officer is defined to mean a director, manager, secretary or other similar officer, and would include officers who are foreign as well as UK nationals. However, foreign nationals would only be liable under this provision for offenses with a territorial connection to the UK. 39 Despite its apparent breadth, prosecution of senior officers under this provision is unlikely to be very common. Section 14 replicates consent and connivance provisions in prior law that were only rarely used because of the difficulty prosecuting companies directly for bribery violations.40 This will not change under the Bribery Act, and although corporates will now be subject to the separate offense of failing to prevent bribery these corporate violations are outside the Section 14 offense.

FCPA provision
Senior officers and directors are liable to prosecution for corporate offenses under the FCPA, and this has been a priority focus for US enforcement in recent years.41 Individuals may be prosecuted not only for consent or connivance in bribery by a subordinate, but also potentially for oversight failures. Under federal securities law, a corporate officer in a position of control who fails adequately to supervise the conduct of others may be held responsible for their actions.42 Take-Away: Both laws highlight management responsibility and authorize prosecution of individual officers in appropriate cases, although with broader apparent scope under the FCPA. f. Books and records offense Finally, the FCPA contains a books and records offense not found in the Bribery Act. FCPA accounting rules are in addition to the Acts prohibition of foreign public bribery. They require companies listed on US exchanges to keep accurate books

38

Bribery Act 14(2). The Act refers only to violations of the general and discrete offenses, and not the corporate offense of failing to prevent bribery. Section 14 limits liability for offenses that are based on nationality jurisdiction to senior officers with a close connection to the UK. This would include officers who are UK nationals or ordinarily resident in the UK. The term manager is not defined, but presumably would apply only to senior managers and not all managerial personnel. See supra note 32 and accompanying text. Aggressive prosecution of individuals is regularly cited as a cornerstone of FCPA enforcement. See, e.g., Address of Asst. Attorney General Breuer, 22nd National Forum on Foreign Corrupt Practices Act (Nov. 17, 2009) (http:// www.justice.gov/criminal/pr/speeches-testimony/documents/11-17-09aagbreuer-remarks-fcpa.pdf). This type of liabilityknown as control person liabilitywas first applied in an FCPA context in 2009, in the Natures Sunshine settlement (discussed in an alert available on the ECA website).

39

40 41

42

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

15

Coordinating UK Bribery Act & FCPA Compliance

The Bribery Act and FCPA also take a different approach to statutory exceptions and defenses, particularly for facilitation payments.

and records, and maintain an effective system of internal controls.43 Although most commonly associated with slush funds and other deceptive practices used to make foreign public bribes, companies can also be prosecuted for failing properly to record commercial bribes or improper payments in the US itself. In addition, parent companies may be liable for accounting violations by a controlled foreign affiliate. FCPA accounting requirements are administered by the Securities and Exchange Commission (SEC), subject to civil penalty authority and a lower evidentiary burden that has made this a valuable enforcement tool. The SEC need only show that financial records were not properly maintained, not that a bribe was paid with corrupt intent.

Bribery Act provision


There are no comparable provisions under the Bribery Act. However, other UK laws contain similar accounting requirements that may be used to complement Bribery Act criminal enforcement.44 Take-Away: Sound accounting and control practices are central to the FCPA and part of an effective compliance program. Global programs should reflect applicable regulatory requirements and evolving practice in both jurisdictions. 4. Statutory exceptions Programs also may need to be adjusted to reflect differences in Bribery Act and FCPA statutory exceptions and defenses. Only one of three FCPA provisions is in the Bribery Act, while two new ones have been added. a. Local law exception Both statutes contain a limited local law exception for payments or other benefits to foreign public officials allowed by host country law. The FCPA exception is in the form of an affirmative defense, shielding payments or other things of value given or offered to a foreign official when this is permitted under the written laws or regulations of the officials country. The exception is very narrow, and the burden of showing that applicable conditions have been met is on the person or entity claiming the defense.

Bribery Act provision


The Bribery Act has a similar exception, but in a different form. It makes liability under the Acts discrete offense contingent on a financial or other advantage to a
43

FCPA accounting rules apply to all issuers, defined by statute to include any entity (domestic or foreign) with registered securities or otherwise required to report to the US Securities and Exchange Commission. See, e.g., Money Laundering Regulations (2007) and the Companies Act (2006). While the Bribery Act does not specifically address accounting concerns, a UK companys failure to keep adequate accounting records may trigger criminal liability for its officers under Section 387 of the Companies Act. A link also had been drawn between money laundering and corruption, described recently by one senior official as an area with a very great deal of potential [for enforcement]. Corruption and Money Laundering, R. Alderman comments reported on thebriberyact.com (6 March 2011).

44

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

16

Coordinating UK Bribery Act & FCPA Compliance


foreign public official being neither permitted nor required by the written law applicable to that official.45 Although broadly comparable, the Bribery Act exception contains a reference to published judicial opinions not found in the FCPA. The Act defines written law to include not only a host countrys formal laws and regulations, but also any judicial decision evidenced in published written sources.46 What form publication would have to take and whether judicial interpretations of common law as well as statutory or agency rules would be covered is not yet clear. The FCPA defense, by contrast, refers only to payments lawful under the written laws and regulations of the host country, and although local judicial rulings would be taken into account, they would be a guide only and not controlling with respect to the FCPA defense. Take-Away: FCPA and Bribery Act local law exceptions are similar and should not require adjustment to most programs, although differences in form and terminology may be noted. b. Promotional expenditures The FCPA provides a second exception for reasonable and bona fide expenditures directly related to business promotion or contract performance. This exception also is in the form of an affirmative defense, requiring anyone who would rely on it to show that a payment or other benefit met the statutory standard. To qualify, an expenditure must be (a) directly related to legitimate promotional or contract activities, (b) reasonable under the circumstances, and (c) made in good faith. The exception is commonly used to reimburse reasonable travel expenses for educational or promotional programs, such as sponsored training or an educational trip to a business facility. Business hospitality not directly related to promotional or contract activities would not qualify for this statutory defense, but may still be permissible under the FCPA. The analysis would shift to whether required elements of an FCPA offense had been metin particular, whether hospitality was promised or given for a business purpose and with corrupt intent. (Reasonable and customary hospitality, given pursuant to established guidelines, ordinarily would not violate the FCPA.)

Bribery Act provision


The Bribery Act does not have a comparable statutory exception.47 However, the government has made clear that it does not intend to prosecute companies for business hospitality and promotional expenses that are both reasonable and proportionate to the nature of their business. This clarification was recently elaborated in formal guidance from the Ministry
45

Bribery Act 6(3)(B). This condition is part of the statutory offense, rather than a separate affirmative defense. Although different in form, the intent appears consistent with the FCPA provision. It should be noted, however, that this statutory condition is only in the Acts discrete offense and not its broader general offenses. MOJ Adequate Procedures Guidance, supra n. 6 19; Bribery Act 6(7)(c). Language exempting legitimate commercial conduct was considered for the Bribery Act, but rejected out of concern that prosecutors might not have sufficient discretion to differentiate between legitimate and illegitimate corporate hospitality.

46 47

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

17

Coordinating UK Bribery Act & FCPA Compliance

Although different in form, the Bribery Act and FCPA approaches to business hospitality and promotional expenditures are essentially similar.

of Justice.48 The guidance confirms that bona fide hospitality and promotional expenditures are an established and important part of doing business and it is not the intention of the Act to criminalise such behavior. As under the FCPA standard (for general hospitality), whether a particular expenditure is lawful or treated as prohibited bribery would depend on its specific facts and circumstancessuch as the type and level of benefit given, its manner and form, and the recipients influence over awarding of business or other action sought by the company. Expenditures that are reasonable, proportionate and consistent with normal (legitimate) business practice ordinarily will pass muster, while those considered lavish or otherwise unusual would carry higher risk.49 Differences in form notwithstanding, the Bribery Act approach to business hospitality and promotional expenditures is essentially similar to practice under the FCPA. Both laws (as interpreted) recognize a legitimate role for reasonable and proportionate promotional activities, limit enforcement to expenditures made with an illicit purpose, and judge legitimacy based on the overall circumstances. Both governments also have been criticized for providing too little practical guidance in this area. Take-Away: The practical challenge under both laws will be to establish and enforce clear policies that distinguish between legitimate and prohibited hospitality and promotional expenditures. Procedures developed for one jurisdiction should be compatible for use in the other. c. Facilitation payments A third FCPA exception addresses modest payments to facilitate or expedite performance of a routine governmental action. This is a narrow exception, limited to small payments made to secure routine actions such as processing a visa, obtaining phone, power or water service, and securing police or fire protection. The exemption is only from liability under the FCPA (and not other laws), and only available for non-discretionary actions to which a company is already entitled by law.50

Bribery Act provision


There is no comparable exception in the Bribery Act. Facilitation payments are illegal bribes, subject to prosecution under the Acts general and discrete offenses. The Bribery Act adopts a zero tolerance approach to bribery, in line with
48 49

MOJ Adequate Procedures Guidance, supra n. 6 26-32. Incidental provision of routine business courtesy commensurate with the reasonable and proportionate norms for the particular industry ordinarily would not raise an inference of bribery. MOJ Adequate Procedures Guidance, supra n. 6 30. Conversely, expenditures that are lavish, concealed or not clearly connected with legitimate business activity would raise a red flag. Joint Prosecution Guidance, supra n. 6 at 10. In all such cases, the government would have to show that an expenditure was meant to induce improper performance (under the general offense) or secure a business advantage (under the discrete offense). The facilitation payments exception was not in the original statute, but added in 1988 amendments (with the local law and promotional expense defenses) in response to complaints that the FCPA was overbroad and disadvantaged US companies in world markets. At the time, grease payments were considered unavoidable in some markets. However, the statutory exception was drawn narrowly to preclude payments made to win or retain business or to influence other discretionary action such as licensing or other business regulation.

50

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

18

Coordinating UK Bribery Act & FCPA Compliance


recent efforts at the OECD and elsewhere to discourage facilitation payments in international business.51 While not unmindful of the practical challenges from petty corruption in some markets, these are to be addressed through prosecutorial discretion rather than a formal exception.52 The government has issued detailed guidelines for prosecuting facilitation payments.53 Factors favoring prosecution include, in addition to size and frequency, that payments were premeditated or made in contravention of a clear and appropriate policy setting out procedures for responding to facilitation demands. Conversely, prosecution would be less likely for payments that were small and onetime or made under duress,54 or where an organization has clear procedures that were followed and payments came to light through a genuinely proactive approach involving self-reporting and remedial action. It is too early to know how these guidelines will be applied in practice, but two things seem clear. First, the government is serious about eliminating facilitation payments and will prosecute violations aggressively in appropriate circumstances. Second, facilitation payments that are premeditatedthat is, planned for or accepted as part of standard way of conducting businesswill be a particular priority. This would include, by implication, payments made pursuant to a formal policy exemption. Whether in other respects the sharp contrast often drawn between Bribery Act and FCPA practice will prove out is harder to say. The FCPA exception is much narrower than commonly assumed and there has been vigorous prosecution of asserted grease payments outside this range (for example, bribes paid to expedite a tax return). Conversely, recent characterizations of the Bribery Act zero tolerance approach have become more nuanced. The MOJ Adequate Procedures Guidance now recognizes, for example, that eliminating facilitation payments is a long term objective that will require economic and social progress and a sustained commitment to the rule of law elsewhere. 55 An immediate question for companies with traditional FCPA programs is
51

Although the OECD Anti-Bribery Convention does not preclude a statutory exception for facilitation payments, supplemental guidance issued in 2009 recognizes the corrosive effect of facilitation payments and encourages signatory countries to work toward their elimination. 2009 OECD Anti-Bribery Recommendation 6; see OECD Convention Commentaries 9 (recognizing exception). In response to an inquiry about facilitation payments during Parliamentary debate on the Bribery Act, the government representative advised that [w]e recognize that many UK businesses still struggle with petty corruption in some markets, but the answer is to face the challenge head-on, rather than carve out exemptions that draw artificial distinctions, are difficult to enforce, and have the potential to be abused. Providing exemptions for facilitation payments, as the US does, is not a universally accepted practice, and not something that we consider acceptable. Claire Ward, Hansard, 3 March 2010. Column 981. Joint Prosecution Guidance, supra n. 6 at 9. The guidelines list as a factor tending against prosecution that a payer was in a vulnerable position arising from the circumstances in which the payment was demanded. Joint Prosecution Guidance, supra n. 6 at 9. Vulnerability is not defined, but commonly assumed to refer to threats to individual health, safety or liberty rather than adverse consequences for a business (such as from delays clearing goods through customs). See, e.g., MOJ Adequate Procedures Guidance, supra n. 6 48 (discussing payments made in order to protect against loss of life, limb or liberty, and drawing connection to the common law defense of duress). Further guidance on this point, however, may be needed. MOJ Adequate Procedures Guidance, supra n. 6 46. This statement was added to the final version of the guidance in response to business concerns about the practicality of a zero tolerance approach in some markets.

52

53 54

55

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

19

Coordinating UK Bribery Act & FCPA Compliance

The UK has rejected the FCPA approach on facilitation payments, retaining a prohibition on all such payments and warning that corporate practices that allow them may not qualify as adequate procedures.

whether to retain a facilitation payments exception. Although UK authorities have not explicitly said that these contravene the Bribery Act, they clearly will be an enforcement red flag. It has also been suggested (so far only informally) that corporate programs reflecting the FCPA exception may not qualify for the adequate procedures defense.56 Corporate opinion to this point has been divided on the FCPA exception. Although a growing number of companies had already begun voluntarily to drop this from their programs, others have been reluctant to move immediately to zero tolerance policies that would be difficult to enforce. Short of eliminating the formal FCPA exception, steps may be taken to raise awareness of and adherence to the strict limits of the exception. Although this may not shield a company from Bribery Act prosecution, implementing best practices in this area could help to reduce the risk. Take-Away: The UK has rejected the FCPA approach on facilitation payments, retaining a prohibition on all such payments and warning that corporate policies allowing them may not qualify as adequate procedures. Companies that continue to permit facilitation payments should take appropriate measures to ensure strict compliance with FCPA limitations and work to eliminate all payments in the future. d. National security Apart from these differences, the Bribery Act has a narrow statutory exception for certain national security activities not found in the FCPA. Section 13 of the Act provides a defense to liability under the general and discrete offenses for conduct shown to be necessary for the proper exercise of any function of an intelligence service or the armed services when engaged on active service.57 Coverage limitations and conditions are detailed in statute.

FCPA provision
There is no comparable FCPA provision. National security is not a defense to FCPA liability, although it can be a factor in the exercise of prosecutorial discretion. Nor would the Bribery Act defense be a bar to prosecution by US authorities for conduct by a UK company that also violates the FCPA. Take-Away: Conduct shielded by the Bribery Act national security defense may still be subject to prosecution under the FCPA.

56

UK Serious Fraud Office Discusses Details of UK Bribery Act, Gibson Dunn (Sept. 7, 2010) (summarizing informal briefing by senior officials of UK Serious Fraud Office). This warning is not found in official guidance, which instead appears to link adequacy to the particular facts and circumstances in a given case. MOJ Adequate Procedures Guidance, supra n. 6 4. The implication from such statements is that corporates will be judged based on procedures relevant to a particular offense onlyso that, for example, the government would ask in a case involving procurement bribery whether a corporate had procedures in place to prevent that bribery and not whether unrelated facilitation payments were permitted. (On the other hand, retaining a facilitation exception could combine with other factors to lower the governments general estimation of an organizations compliance commitment or program quality.) Bribery Act 13(1). Although the precise scope of this defense is not year clear, it would not appear to encompass more general assertions of national security based on diplomatic or related concerns.

57

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

20

Coordinating UK Bribery Act & FCPA Compliance


e. Adequate procedures defense Finally, the Bribery Act provides a new adequate procedures defense to corporate liability not found in the FCPA. As explained earlier, companies are strictly liable for failing to prevent bribery by an associated person unless they can show they had in place adequate procedures designed to prevent the bribery.58 The defense technically is limited to liability under the Section 7 corporate offense, but because of the practical difficulty prosecuting companies directly under the general and discrete offenses in most cases it would effectively shield an organization from all liability under the Act. Adequate procedures are not defined in the Act, but instead illustrated through guidance for commercial organizations developed by the Ministry of Justice.59 The guidance is general in nature, emphasizing broad principles rather than detailed prescriptive standards. Companies are encouraged to use the principles as a guide, but cautioned that whether procedures were adequate in a particular case can only be resolved by the courts taking into account the particular facts and circumstances of the case.60 Six guiding principles have been identified, highlighting general expectations and illustrative practices for: (a) overall program design (i.e., proportionate procedures); (b) tone at the top; (c) risk assessment; (d) due diligence; (e) communication, including training; and (f ) monitoring and review. As many commentators have noted, these are broadly similar to best practices for anticorruption compliance in the US and elsewhere.

FCPA provision
There is no comparable defense under the FCPA. Companies are credited for good practice, but only in the charging and sentencing phases. Corporate compliance programs are evaluated based on standards developed by the US Sentencing Commission, commonly referred to as the Organizational Guidelines.61 First issued in 1991, these standards were substantially revised in 2004 and are reviewed annually for additional adjustments. Although technically voluntary, the Guidelines have become the de facto baseline for US programs. They inform not only sentencing decisions, but also government judgments about whether to prosecute a case and on what grounds.
58 59 60

Bribery Act 7(2). MOJ Adequate Procedures Guidance, supra n. 6. MOJ Adequate Procedures Guidance, supra n. 6 4. Although dispositive judgments can only be made by the courts, the perceived quality of organizations compliance efforts will be an important factor in the exercise of prosecutorial discretion. The Organizational Guidelines and related explanatory materials are available at (http://www.ussc.gov/Guidelines/ Organizational_Guidelines/index.cfm).

61

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

21

Coordinating UK Bribery Act & FCPA Compliance

UK and US guidelines for effective compliance practice are broadly comparable, but with differences that may require adjustment to some programs.

The Organizational Guidelines are broadly comparable to the MOJs adequate procedures guidance, but with differences in emphasis and detail in some areas. For example, the US standards for program management and reporting channels are more detailed and prescriptive. Conversely, the MOJ Guidance contains elements not found in the Organizational Guidelinesfor example, on external reporting and verification. Take-Away: UK and US guidelines for effective compliance practice are broadly comparable, but with difference that may require adjustments to some programs.

The UK Bribery Act coming into force presents an opportunity, and a significant incentive, for companies to look closely at their anticorruption efforts. For many companies, the Bribery Act will necessitate few changes to their current compliance programs; for others it may be a wake-up call to reinforce and bolster existing efforts. It is always a good time for a clear-eyed assessment of anticorruption compliance, but never more so than now.

About LRN: Inspiring Principled Performance Since 1994, LRN has helped 15 million people at 700 companies worldwide simultaneously navigate complex legal and regulatory environments and foster ethical cultures. LRNs combination of practical tools, education and strategic advice helps companies translate their values into concrete corporate practices and leadership behaviors that create sustainable competitive advantage. In partnership with LRN, companies need not choose between living principles and maximizing profits, or between enhancing reputation and growing revenue: both are a product of principled performance. In 2008, LRN acquired green strategy firm GreenOrder. LRN works with organizations in more than 100 countries, and has offices in Los Angeles, New York, London and Mumbai. For more information, visit www.lrn.com, follow @LRNinc on Twitter, or call: 800-529-6366 or +1-646-862-2040.

2011 LRN Corporation. All Rights Reserved. Not for Redistribution.

22

INTERNATIONAL BRIBERY AND CORRUPTION


INTRODUCTION
The use of bribery to obtain business has long been condemned in Europe. This handbook sets forth the legal landscape affecting companies who seek European business, particularly government business. It should be noted that bribery is always, by its very nature, a two-way process. All acts of bribery involve at least two parties: "active" bribery refers to the party who offers the bribe, and "passive" bribery refers to the party who demands or accepts the bribe. This handbook considers the laws prohibiting bribery in the European Union (EU) and among member states of the organization for Economic Co-operation and Development (OECD), as well as laws in the three largest member states of the EU: the United Kingdom, Germany, and France. You should note that the rules against bribery in the various member states of the EU are not harmonized. All member states criminalize bribery of public officials, but not necessarily in the same way. Therefore, one needs to look at the national laws independently. This treatment provides only a general overview of the basic concepts and differences between international laws addressing bribery. It's not intended to provide legal advice or guidance regarding how you should act in a particular situation or country.

ANTIBRIBERY LAWS FOR EU OFFICIALS


In 1997, the EU adopted the Convention on the fight against corruption involving officials of the European Communities or officials of member states of the European Union (EU Convention). The EU Convention tackles bribery of EU and national officials. The penalties for violating the EU Convention differ from one member state to the next. However, in general, those committing an offense pursuant to the EU Convention may receive a fine and, in serious or repeated cases, prison time. I.

What Does the EU Convention Prohibit? A. Making or receiving bribes or offers of bribes
The EU Convention prohibits both active and passive bribery. It makes it illegal for any individual to bribe or attempt to bribe an EU or national official to gain an advantage of any kind (active bribery). This prohibition applies to bribes made not only to obtain or retain business from an EU or national official, but also to influence an EU or national official to act or refrain from acting in accordance with his duty. Example 1: A UK company is bidding for a contract to provide services to the EU. The company pays money to a European Commission official in charge of procurement in return for being awarded the contract. This is clearly a bribe designed to make the official act in a manner contrary to his duty by directing the business to the company. Example 2: GlobalDry, an EU company, sells hand dryers. It learns that the EU is preparing a report on whether such hand dryers are hygienic. GlobalDry has firm evidence that the dryers are perfectly hygienic, and it pays the official drafting the report to place a lot of emphasis on that evidence. This is a bribe, because even though GlobalDry's evidence

may be perfectly accurate, the official is being paid to emphasize the company's position. In addition, the EU Convention makes it illegal for an EU or national official to directly or indirectly request or receive advantages of any kind whatsoever for himself or a third party in order to act or refrain from acting in accordance with his duty (passive bribery). The EU Convention doesn't apply to the bribery of private company employees. Example 3: SeedCo is researching a highly controversial new form of seed production. The European Commission is investigating the environmental impact of such seeds. Several SeedCo executives meet with Tom, one of the officials in charge of putting together a report on the issue. During the meeting, Tom makes it clear that the Commission will be more likely to take a favorable approach if the company pays a sum of money to meet the "usual administrative expenses." The SeedCo executives know that Tom is requesting a bribe. Tom provides details for a bank account in Switzerland, and the company pays the sum into that account. Although Tom requested the bribe, SeedCo is liable for bribery for paying (or even promising to pay) the sum. The company would be blameless only if it had clearly refused Tom's request. The EU Convention prohibits bribes made either directly or through an intermediary. This means that payment through agents and payments to companies belonging to relatives or business associates of the foreign public official will also amount to an offense. Example 4: Global Corporation retains Susan, a sales representative, in Belgium. Susan secures a contract with the European Commission as a result of paying the official in charge of procurement. Susan then requests a higher commission than usual from Global for additional expenses. This would amount to a bribe, even though the company isn't directly involved, as the payment is made through Global's intermediary. The fact that Susan is requesting additional commission without providing a reason for it should alert the company that an improper payment might have been made. B.

What constitutes a bribe?


A bribe is an offer, promise, or advantage (such as a gift) that is intended to induce the recipient to misuse his position as an EU or national official to wrongfully benefit the payers by, for example, directing business toward them. A promise or payment is corrupt if it influences the official's decision or induces the official not to do something he ought to. Officials of EU institutions are required to be independent at all times, free of political or corporate affiliations of any kind, and above any acts of bribery. Most particularly, the conduct of EU officials is strictly regulated by the Community Staff Regulations, which state that EU officials may not take any "instruction," nor accept any "honor, decoration, favor, gift, or payment of any kind whatsoever except for services rendered either before their appointment or during special leave for military or other national service."

The EU Convention prohibits not just money payments but also anything that can be construed as an advantage of any kind. There is no minimum value of what violates the EU Convention, though it is unlikely to be violated if the item is of nominal value. "Facilitation payments" represent payments made to officials in order to "speed up" the administrative process. Such payments are illegal if paid to an EU or national official and, moreover, are illegal in every country in the EU and in Europe generally. Any of the following are likely to be considered payments: A payment or promise to pay money Facilitation payments Providing or promising to give gifts of any value Providing more than modest entertainment Providing or promising accommodation (for example, a holiday home/hotel) Providing or promising personal discounts Providing or promising shares in the company Providing or promising payments for spurious consulting services Example 5: The EU is considering investigating the sports industry. Concerned that investigation may affect the way it sells its sporting rights, the Sports Council, an industry association, invites Roger, the EU official in charge of the investigation, to meetings with people in the organization. Roger is also invited to one of the organization's sporting events, on the grounds that only by knowing the industry can the official make a reasoned assessment of the expenses and costs involved in the sport. Roger informs his superiors, who allow him to accept, as long as the EU pays his expenses. Roger goes to meetings, watches the event, and is given a modest restaurant meal. This probably doesn't infringe the EU Convention, as the official has met all his own expenses, and the meal, as long as it is modest, would not amount to a gift. Example 6: The EU is investigating mobile phone rates. Worldwide Telephones is concerned that the investigation will force it to lower tariffs for mobile phone calls. Worldwide is also the sponsor of a Premier League football team and invites Margaret, the official in charge of the investigation, to meetings at its head office. Margaret informs her superiors, and the EU pays her traveling expenses. After the meetings, Margaret is invited to watch a football match involving the sponsored team from the corporate box, and is given a meal in a nice restaurant. This could amount to a bribe within the meaning of the EU Convention. Although the gift may not have been offered with the intent of inducing the official to do anything irregular, it may be seen as an attempt to secure an improper advantage in connection with the Commission's investigation. Example 7: XYZ Company is interested in the developments in EU legislation. XYZ representatives attend a meeting with a member of the European Parliament (MEP) to discuss matters of concern. At the end of the meeting, the XYZ representatives give the MEP a baseball cap and a t-shirt with the XYZ logo. The baseball cap and t-shirt are unlikely to be construed as a bribe or as an object of value.

Example 8: Beta Manufacturing is trying to get the Commission to amend its current draft of a directive. Beta invites the official in charge to spend his holidays with the company's CEO in the south of France. The official is then given an all-expenses-paid holiday with his family at a hotel in Nice. This would clearly amount to a bribe within the meaning of the EU Convention, regardless of whether or not it finally influenced the official's behavior. C.

EU and national officials


The following are considered officials within the EU Convention: Employees of the EU (this includes officials in the Commission, European Court of Justice, European Parliament, Council, European Central Bank, European Court of Auditors, etc.) Persons temporarily assigned to the EU from either a public or private body National officials in an EU member state (as defined by the national law) Under the EU Convention, it is also an offense if the bribe is given not to the official but to a third party. Example 9: Music Monolith Incorporated has an interest in the findings of a European Parliament report into piracy on the Internet. The company comes into contact with a trainee from a consulting firm who has been temporarily assigned to work in the European Parliament. The trainee is involved in the preliminary drafting of the report. Music Monolith pays the trainee a sum of money to place a heavy emphasis on the company's arguments. The trainee, although not a permanent official in the European Parliament, is considered to be an official under the EU Convention. The payment is therefore a bribe. Example 10: A Belgian company wants to enter the French market for supplying road signs. The official working in the Ministry for Transport says that he will grant them the contract if a large sum of money is paid to his wife's bank account. The Belgian company agrees and is awarded the contract. This is a bribe, as the EU Convention covers not only EU officials but also national officials and any third party who carries out the corrupt act.

II.

Who Is Covered by the EU Convention?


The EU Convention places liability on the person who gave or received an offer or bribe. The EU Convention also places clear responsibility on the head of the company that employs the offender. This is to be determined in line with the national law in question when applying the EU Convention. For example, during the summer of 2003, the EU's official statistics-gathering body was accused of impropriety. The statistics gathered by this institution determine how much everyone pays into the annual budget and ensure that the European member states are obeying the single-currency rules. Accusations emerged that "unacceptable and irregular practices" had been taking place over the award of contracts. Investigators suspected that the value of some contracts was artificially inflated, with the money possibly siphoned off into secret bank

accounts. The Commission launched a full-scale investigation and suspended a number of officials. Suspicion fell on a French company that had been awarded 40 million in contracts between 1992 and 2002. All existing contracts with the company were suspended, and details were given to a Paris prosecutor. This case demonstrates the seriousness with which the Commission is now tackling allegations of bribery, and how the penal laws in member states such as France can be used to prosecute those suspected of improper action. III.

Jurisdiction
The EU Convention grants member states jurisdiction to deal with bribery among EU and national officials. The EU Convention states that a national court can claim jurisdiction if the offense took place on its territory or if the offender is a national of that member state. If an EU or national official is bribed while out of the jurisdiction of an EU member state, then determining who has jurisdiction falls under the laws of the member states concerned. According to the EU Convention, jurisdiction can be established based on the nationality of either the company or the official in question. The member state where the offense took place could also claim jurisdiction. If the company is not from an EU member state, then it is likely that the official and the company involved would be prosecuted either in the country of the official's nationality or the country where the offense took place. Example 11: A report emerges suggesting that an EU official from Spain, conducting a trade investigation in China, is bribed by one of the Chinese companies subject to the investigation. As the EU official concerned is Spanish, the Spanish courts decide to prosecute him and to launch proceedings in Spain against the Chinese company. In an actual case, in 1999, allegations of bribery were made against the European Commission, including one particularly serious charge leveled against the French commissioner. It was alleged that a friend of the commissioner, appointed and paid handsomely to carry out research into aging and AIDS, produced just 24 pages of worthless notes after 18 months of work. An inquiry found the French commissioner guilty of favoritism. In addition, other commissioners were found guilty of unrelated offenses. The president of the European Parliament drafted a resolution demanding that the commissioners at the center of the allegations resign. With the writing on the wall, the commissioners resigned en masse, spurring reforms within the commission and motivating the member states to put in place serious penalties for bribery of EU officials. In 2003, Belgian prosecutors brought charges of bribery against the French commissioner, and the Commission also launched a parallel investigation.

IV.

Penalties
It is a criminal offense under the EU Convention to bribe an EU or national official. The national laws determine the severity of the sentence. Penalties vary but always include fines--which can be unlimited in some countries--and, in serious cases, imprisonment. A person found guilty of bribery will have a criminal record.

It should also be noted, as an area of particular interest, that in the case of public contracts subject to EU procurement rules on compulsory advertising and bidding, companies may be excluded from participating in bidding procedures in the case of certain known prior misconduct. In other words, acquiring a "record" for misconduct in this area can lead to deliberate exclusion from public sector contracts. It is broadly stated that any company may be excluded from participation in a contract if it has been convicted of an offense concerning its professional conduct it has been guilty of grave professional misconduct proven by any means that the contracting authorities can justify In general, the stigma associated with bribery is such that a company or individual found engaging in such improper activities will not be trusted again, and their reputation and commercial standing will be severely damaged. V.

Lobbying the EU
It is worth noting that bribery and "lobbying" are still seen as two different things. Lobbying is considered a respectable activity under the EU Convention, and the European Commission has put forward a voluntary, self-regulating code of conduct for lobbyists that has been signed by most of the main EU public affairs practitioners. The European Parliament has also taken many steps to finalize a mandatory code of conduct that lobbyists would have to sign and abide by if they are to be listed on the register for recognized lobbyists and if they are to maintain regular access to the European Parliament buildings and facilities. The general view is that attempts to persuade EU officials of a particular viewpoint are not irregular provided they are not accompanied by any improper incentive for the officials concerned to take that point of view. Example 12: A company provides gas to a large market in the United Kingdom. There have recently been many developments at an EU and national level in this sector. The company decides to host a one-day conference in London to discuss the developments. The company invites EU officials, officials from the UK department of trade and industry, prominent lawyers, and experts in the field to speak. It hosts a lunch and, afterwards, a cocktail reception. This event would not be considered corrupt. Example 13: A French company is concerned about proposed amendments to a European directive. The company meets the Commission officials involved and hires a respected lobbyist, who makes representations to MEPs. The company also meets members of Parliament in the United Kingdom and France. The members of Parliament contact the minister concerned in this sector. The final draft of the directive takes some of the company's concerns into account. Again, this lobbying is perfectly acceptable, as there is no suggestion of any payments being made by the company to influence the drafting of the directive.

VI.

Employment of EU Officials
After leaving the service of the EU institutions, officials are "bound still to behave with integrity and discretion as regards the acceptance of certain appointments or benefits." In certain cases, senior officials may be prevented from engaging in certain types of employment for a period of three years after they have left the service. Example 14: A French gas company learns that a Commission official who is an expert in the field is considering leaving the Commission. The company offers the official a position as a consultant. The Commission official retires and informs the necessary bodies in the Commission of his intention to work for the French gas company. As long as the Commission does not raise any issues with this, and the official does not commence work until after leaving the European Commission, this is acceptable.

BRIBERY OF FOREIGN OFFICIALS: THE OECD CONVENTION


The OECD Convention on combating bribery of foreign public officials in international business transactions (the "OECD Convention") provides a degree of standardization of the law in this area. Thirty-eight countries have ratified the OECD Convention: Argentina, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Chile, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Japan, Korea, Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, the Slovak Republic, Slovenia, South Africa, Spain, Sweden, Switzerland, Turkey, the United Kingdom, and the United States. I.

What Does the OECD Convention Prohibit?


The OECD Convention is relatively narrow in scope. It applies only to "active" bribery, not "passive" bribery. Also, it only covers bribery of foreign public officials in relation to the performance of official duties in international business. The OECD Convention doesn't apply to nonbribery forms of corruption; bribery that is purely domestic; or bribery in which the intended recipient of the benefit is not a foreign public official. The bribery of private company employees is also not covered by the OECD Convention. A.

International business
The OECD Convention only covers bribes made for the purpose of obtaining an advantage in international business. It does not cover cases in which the bribe was made for purposes unrelated to the conduct of international business. Therefore, a facilitation payment to a foreign public official unrelated to international business may not be covered by the OECD Convention, but may be illegal in the OECD country or the country where the bribe took place. The OECD Convention covers payments made directly or through intermediaries.

B.

What constitutes a bribe?


Any undue pecuniary or other advantage can constitute a bribe. The OECD Convention doesn't specify how much a payment or gift has to be worth to amount to a bribe. In essence, any sum or gift to a foreign public

official could amount to a bribe if its intention and/or effect is to cause undue influence. C.

Bribery of foreign officials


A foreign public official under the OECD Convention means any person holding a legislative, administrative, or judicial office in a foreign country. The foreign official can be elected or appointed. It includes any person exercising a public function for a foreign country, including a public agency or public enterprise. The OECD Convention also covers any official or agent of a public international organization, such as NATO or the United Nations.

II.

Who Is Covered by the OECD Convention?


The OECD Convention applies to any person who gives a bribe to a foreign public official or promises to bribe a foreign public official in the context of international business.

III.

Jurisdiction
In general, a person can be prosecuted in an OECD country that has ratified the OECD Convention if any part of the offense of bribing a foreign public official took place in that OECD country. That country may also prosecute its nationals for committing the offense of bribing a foreign public official, even if the offense didn't take place in that country. Example 15: Hans, a citizen of a European country that has ratified the OECD convention, is living in a non-OECD country. During the course of his work as a sales agent, he bribes a government civil servant of the non-OECD country to secure a contract involving the importation of vehicles. All the arrangements for the bribe are made in the non-OECD country. This comes to the attention of the authorities in his native OECD country. The bribe was made in the course of international business, and the civil servant would be considered a foreign public official. On his next trip home, Hans is prosecuted in his native OECD country for bribing a foreign official.

IV.

Penalties
The OECD Convention does not specify sanctions except to say that bribery is a criminal offense. The severity of the sentences will depend on the individual country, but in general the penalties are fines (which are sometimes unlimited) and imprisonment. Example 16: Andreas, who is from a European OECD country, is working for a company setting up their operations in a non-OECD country. Andreas bribes an official in the country to get the necessary license to export goods. He pays another bribe to a different official working in the public telephone monopoly to give his company preferential access to scarce telephone services, ahead of other companies that had applied many months before. The payment to the official to obtain a license would fall within the OECD Convention, as it is designed to procure an advantage in international business. The payment to the official to obtain telephone service probably wouldn't amount to an offense under

the OECD Convention, as the payment was not made for international business reasons.

BRIBERY LAW IN THE UNITED KINGDOM


The United Kingdom has long prohibited bribes not just to public bodies but to private bodies, as well. The UK Bribery Act, which came into effect in 2011, is its latest effort in this regard, and indeed is perhaps the most aggressive and far-reaching antibribery statute in the world. I.

What Does the UK Bribery Act Prohibit? A. Making or receiving payments or promises
The UK Act prohibits four types of conduct: Bribing another person Requesting or accepting a bribe Bribing a foreign public official Failure on the part of a company to prevent bribery by its employees and other associated persons The UK Act's ban on bribery includes facilitation payments, and the UK government has indicated its intent to prosecute those who make them, particularly if they are used as a standard way of doing business. 1. Bribing another person The UK Act prohibits the payment of bribes to anyonenot just a public officialto get that person to perform certain kinds of functions improperly. This includes any functions that are public in nature, business-related, employment-related, or performed on behalf of a company or other group of people. The UK Act refers to these as relevant functions. A function is performed improperly if the person performing it shows favoritism, acts in bad faith, or violates a position of trust. For example, paying someone to award a contract, overlook construction defects, or reveal an employer's confidential information would all be considered a bribe in exchange for improper performance, and therefore a violation of the UK Act. Example 17: Soapcom is a company that supplies soap to London offices. While negotiating a contract to stock Megacorp's headquarters with its products, the company agrees to give the Megacorp representative a cut of the contract price. The plan works, and the Megacorp employee appoints Soapcom as Megacorp's supplier. Both Soapcom and the Megacorp employee are guilty of bribery and could get an unlimited fine, and the individuals concerned could receive jail time. Example 18: A company is seeking to build a supermarket in the Birmingham area. In addition to the normal administrative costs, the company tells an official working in the local authority that they will pay a facilitation fee "to speed matters up." The money is paid to an account named by the official. This is a bribe within the meaning of the UK Act.

Whether someone's performance is improper is judged by UK standards, not the local custom or practice of the country or territory where you're doing business. So someone who's doing business in a country where bribery is viewed as normal can't rely on that fact to justify paying a bribe. It could still violate the UK Bribery Act even if local custom would allow it. The only exception is if the practice or custom is permitted or required by written law applicable to the country or territory in question. (But you should never rely on this kind of exception without the specific prior approval of the company's legal department.) Offering a bribe in an effort to get someone to perform a relevant function improperly is enough to violate the UK Act. Actual payment isn't required. And the person initiating the bribe doesn't have to offer or pay it himself. If he has someone else do it for him, it's still illegal under the Bribery Act. Example 19: Sam pays a local judge 50 to dismiss a traffic offense. His sister Charla offers to pay a housing inspector 10,000 to overlook building code violations, but her offer is rejected. And their cousin Tom has his assistant give an expensive watch to an employee of a private construction company in exchange for awarding a supply contract to Tom's company. Each of these is a bribe in exchange for the improper performance of public or business-related functions. The fact that Charla's offer was rejected and Tom's offer was made by his assistant on Tom's behalf doesn't matter. And the fact that Tom's assistant bribed an employee of a private company rather than a public official doesn't matter, either. 2. Requesting or accepting a bribe Requesting or accepting a bribe also violates the UK Act. This is the case whether the request or acceptance is done directly or through someone elseand whether it's done for the benefit of the person requesting or accepting the bribe or someone else. Example 20: Harold, a building inspector, has his assistant, Simon, solicit "expediting payments" of 100 each from various permit applicants to "jump the queue." Harold uses the proceeds to pay off a past-due loan from his brother-in-law. Harold has violated the UK Bribery Act even though the expediting payments were solicited by Simon rather than Harold directly, they were relatively small, and they were intended to benefit Harold's brother-in-law rather than Harold himself. 3. Bribery of foreign public officials Under the UK Act, it's illegal to offer or pay a bribe to foreign (non-UK) public officials to influence their performance of official functions and to gain a business advantage as a resultwhether or not the advantage is actually gained. Bribery of a foreign public official is illegal whether the bribe is offered or paid directly to the public official or to someone else with the official's consent. It's also illegal even if the bribe is aimed at getting the official

10

not to perform a function (like collecting import duties)or to perform a function that the official isn't authorized to perform. A foreign public official is anyone who holds a legislative, administrative, or judicial position outside the United Kingdom. It also includes people who perform public functions for a government agency or enterprise. For example, a member of another country's national assembly, a foreign planning officer, or a doctor working for a foreign public health agency or state-owned hospital could all be considered foreign public officials. Officials of public international organizations, like the United Nations, are also considered foreign public officials. Such bribes are illegal even if there's no improper performance in return. The intent to influence the official and gain a business advantage as a result is enough. Example 21: Jason is bidding on a construction contract with the rural development agency of a foreign country. He sends airfare to the official overseeing the contract, together with tickets to attend the country's national football finals, which have been sold out for months. Jason sincerely believes that his company's bid is more favorable to the development agency than the competition's and is furnishing the airfare and tickets simply to help ensure that the official gives his company's bid full and fair consideration. Jason has violated the UK Bribery Act even though his intent is to influence the official to give his company's bid full and fair consideration, rather than seeking an improper advantage in the bidding. 4. Failure of an organization to prevent bribery Any corporation, partnership, or other commercial entity that's organized or carries on a business in the United Kingdom is strictly liable if someone who's associated with it commits bribery to obtain or retain a business advantage for the organization. The only way an organization can avoid liability for its associated persons' bribery is to show that it had adequate procedures in place to prevent bribery. Any person or entity that performs services on behalf of the organization can be considered an associated person. It's presumed, for example, that an organization's employees are associated with it. But there may be others, as well. Depending on the circumstances, a company may be responsible for bribery by its agents, subsidiaries, joint venture partners, contractors, or other related entities if they intended the company to benefit as a result. A parent company, for example, could be liable if a subsidiary paid a bribe to obtain business for the parent. Example 22: Alicia, a German citizen, works as a tax accountant at a foreign subsidiary of XYZ Company, a German corporation with production facilities in the United Kingdom. She bribes a tax official in the foreign country to give a tax exemption to the subsidiary. She also

11

intends the bribe to result in significant tax savings to its parent, XYZ, for whom she performs tax services as part of her job. XYZ could be liable because it does business in the United Kingdom, Alicia is associated with XYZ, and she paid a bribe intended to benefit XYZ as well as her company. The fact that XYZ is headquartered in Germany doesn't matter, because it does business in the UK. And the fact that XYZ didn't know that Alicia was paying a bribe on its behalf doesn't mean that it's not liable for her conduct. It also doesn't matter that Alicia is not a UK citizen. As noted, the only way for a company to avoid liability for an associated person's bribery is to show that it had adequate procedures in place to prevent bribery. The UK Act doesn't specify what would qualify as adequate procedures for this purpose. The UK's Ministry of Justice (MOJ), however, has provided guidance on this issueand in particular the principles that companies should follow in developing their own preventive measures. These principles include, for example, making sure that the procedures are proportionate to the company's bribery risks the company's top-level management is fully committed to preventing bribery the company does adequate background checks and other due diligence on those who perform services on its behalf B.

What constitutes a bribe?


A bribe can take virtually any form, as long as it has some value or, as the UK Act says, provides a "financial or other advantage." Here are just a few examples of what might be considered a "financial or other advantage": Cash or other gifts Discounts on products or services that aren't available to the general public Charitable contributions made at the request or on behalf of a public official Personal favors that may not have a clear monetary value Job offers Travel and entertainment There may be circumstances in which an inexpensive gift, a modest meal or entertainment, or necessary travel expenses may be provided without violating applicable bribery laws. On the other hand, it's also clear that such expenditures can be used as bribes. The more lavish the hospitality or expensive the travel, the more likely it is to violate the UK Act.

12

Under the UK Act, the ultimate issue is whether there's a connection between the expenditure and an effort to obtain a business advantage in return. The fact that the expenditure is consistent with industry norms doesn't necessarily mean that it's not intended as a bribeparticularly if those norms are lavish. For example, it may well be appropriate under the UK Act for a healthcare company to provide ordinary travel and lodging to a foreign public official so he can visit and assess one of its hospitals. On the other hand, a five-star holiday unrelated to an evaluation of the company's services is more likely to be viewed as a bribe. Example 23: A hotel is going to expand its premises. It offers free membership to its gym and swimming facilities to the local official in charge of construction permits. It doesn't mention its expansion plans, but sends them in shortly afterwards. The membership would be considered a bribe, as the hotel is trying to put itself at an advantage. Example 24: A company is involved in many investment activities. Dwight, one of the company's prominent directors, is a very good friend of Carol, a high-ranking civil servant in the ministry for media. On a sailing trip, Carol complains that her yacht is in very poor repair. Dwight tells her to leave the boat with him. The civil servant is pleasantly surprised when, a few weeks later, the yacht has been completely refurbished and repaired. A short time after that, a radio company being backed financially by Dwight's investment company is awarded a licensing contract to set up a new independent radio station in London. Unless Dwight and Carol could prove to the contrary, Dwight's gift of repairing and refurbishing the boat would be presumed to be a bribe, as his investment company was, through the radio company, seeking a government contract. II.

The UK Act's Jurisdictional Reach


The UK Act can apply to activities that occur within or beyond the borders of the United Kingdom. The act applies if any part of a bribery offense occurs in the United Kingdom. So, for example, if a bribe is wired or mailed from the United Kingdom, the act applies, even if the bribe was arrangedand the improper performance occurredelsewhere. And even if all the elements of the bribe occurred outside the UK, the Bribery Act still applies to anyone who played a role in the bribe and had a close connection to the UK. This could include, for example, British citizens and certain other British subjects, UK residents, UK corporations, and Scottish partnerships. Furthermore, an organization that does business in the United Kingdom could be liable under the UK Act for failing to prevent briberyeven if no part of the bribe occurred in the United Kingdom and none of the participants had a close connection to the UK. Example 25: Pierre, a Frenchman working for a Dutch bank in London, receives a loan request from a Dutch company. He agrees to smooth the figures to allow the loan to be granted, on the condition that a payment is

13

made to a numbered Swiss account, and the Dutch company agrees. Unfortunately for Pierre, his employer has taped the whole transaction, and the UK authorities apprehend him. The payment is a bribe. It doesn't matter that the Dutch company paying the bribe is not in the United Kingdom, or that the people involved are not British and the payment is made to a Swiss account. Once any aspect of the bribe takes place in the United Kingdom, UK law applies. Example 26: A UK company is opening offices in another country, which has a reputation for bribery. The company is attempting to get the necessary licenses from the government, but the officials in charge refuse to grant the licenses unless the company pays a facilitation fee. The company does so reluctantly. Although the facilitation fee paid is nominal, this still qualifies as a bribe under the UK Act. III.

Penalties
Any person found guilty of violating the UK Bribery Act can be subject to imprisonment of up to ten years, a fine (unlimited), or both. Companies that are victims of bribery at the hand of another company can sue to recover any losses incurred as a result of the bribery and for damages.

IV.

Employment After Leaving Civil Service


A civil servant's freedom to embark on alternative employment after having left the service is restricted. A committee exists within the civil service that scrutinizes appointments that civil servants propose to take up in the first two years following their jobs within the civil service. The committee often imposes certain conditions, such as requiring the civil servant to delay, for a set time period, accepting particular employment that may conflict with the former civil service position.

BRIBERY LAW IN FRANCE


French law prohibits active and passive bribery. Bribery is a criminal offense under the French penal code. A bribe can be money, a gift, or any other form of advantage. Facilitation payments are illegal. As with EU Convention rules and UK law, the emphasis is not on the value of the gift but, rather, its purpose.

I.

Public Officials
Under French law, it's illegal to offer or pay a bribe to an elected public official, anyone who holds public authority, or anyone who is responsible for public services (a "public official"), in an effort to get the official to perform or fail to perform official dutiesor reward the official for having done so use his official position to obtain contracts, employment, favorable decisions, or other favors from a public authority or the government (commonly known as "influence peddling")or reward him for having done so

14

French law prohibits all such payments, whether direct or indirect. Therefore, it doesn't allow people to get around the law by using intermediaries. As we've noted, passive bribery is also illegal. Therefore, it's illegal for public officials to solicit or receive bribes for performing or failing to perform official dutiesor for influence peddling. And individuals who aren't public officials also can be prosecuted if they solicit or receive bribes for influence peddling. Anyone who honors a request for a bribe in any of these circumstances is viewed as having engaged in bribery.

II.

Judicial Officials
The same rules apply to individuals involved in the justice system ("judicial officials")such as judges, jurors, registry officials, mediators, arbitrators, and experts appointed by a court or the parties. It's illegal for anyone to offer or pay a bribe to judicial officials for performing or failing to perform their official dutiesor for using their official position to obtain a favorable decision or opinion from a judicial officer. It's also illegal to bribe anyone else to use her influence to obtain a decision or opinion of this kind.

III.

Foreign Officials
The rules are also similar for foreign public officials and foreign judicial officials, such as officials of the European Commission, an EU member state or other foreign country, a public international organization, or a foreign or international court. It's illegal to offer or pay a foreign public or judicial official a bribe in exchange for the performance or nonperformance of official functionsor for influence peddling. And it's illegal for a foreign official to solicit or accept such a bribe. French courts have jurisdiction over the bribery of foreign officials if any part of the offense is committed in France or, in some cases, is committed by a French national outside of France. Example 27: A French company wants to operate trains in the United Kingdom. The British government has opened up one of the rail lines for bids, and it is well known that the current operator is out of favor because of a number of accidents on the line. The French company invites the UK official in charge to France to see its operations. It pays for the UK official to stay at the Ritz, all expenses paid, and agrees to pay a consulting fee to a company owned by the official. The French company is awarded the contract. This stay at the Ritz and the consulting fee would amount to a bribe under French law. It also is an offense under the UK Act, and it would be a matter for the courts to determine which court had jurisdiction over the proceedings. Example 28: A French company is seeking a contract with the European Commission to undertake a tourism survey in France. The company bribes a

15

Commission official during a visit to Paris. The company has engaged in active bribery, and the official is guilty of passive bribery under French law. Example 29: A French company is seeking to obtain an export license from another country. The sales representative of the French company asks for a 10% commission rather than the 5% commission that sales representatives usually receive. The sales representative then bribes the minister for trade in the country in question and is subsequently awarded the export license. Since the minister is an elected public official (and therefore a foreign official for the purposes of French law), the company has violated French bribery law.

IV.

Individuals Other Than Public or Judicial Officials


French bribery law also covers individuals who manage or work for entities in the private sector ("private sector employees"). It prohibits anyone from offering or paying a bribe to a private sector employee in exchange for the performance or nonperformance of an employment-related function, in violation of any legal, contractual, or professional obligation. It also prohibits a private sector employee from soliciting or accepting any such bribe.

V.

Penalties
Generally, the penalties for active bribery include a fine of up to 150,000, up to ten years' imprisonment, or both. The penalties for passive bribery and for the individuals and companies yielding to that request are a fine of up to 75,000 and up to five years' imprisonment. The same penalties apply to the active or passive bribery of private sector employees. Judges are subject to a fine of up to 225,000, 15 years' imprisonment, or both, in some cases. Other penalties also may apply, such as exclusion from business activities and loss of certain other rights; disqualification from public office; confiscation of the bribe itself and any other proceeds of the offense; and public display or dissemination of the court's decision finding guilt.

ANTIBRIBERY LAWS IN GERMANY


German law prohibits active and passive bribery. A bribe includes all advantages of any kind, whether material or not.

I.

Domestic Public Officials


It's illegal under German law to offer or pay a bribe to a public official anyone employed by a public agency or by a private entity that performs services for a public agency ("agency employee") a soldier in the federal armed forces

in exchange for the past or future performance or nonperformance of an official duty.

16

In addition, it's illegal to offer or pay a bribe to a judge or arbitrator for the past or future performance or nonperformance of a judicial act. Bribery aimed at getting any of these individuals to violate their dutyor rewarding them for a past violationis a separate and more serious offense. However, it's still a bribe even if it's merely intended to influence officials in the exercise of their discretion. It's also illegal for public officials, agency employees, judges, or arbitrators to solicit, entertain offers of, or accept bribes in exchange for performing, failing to perform, or violating their official dutiesor for allowing themselves to be influenced in the exercise of their discretion. Active or passive bribery can occur whether or not an official act or judicial act is actually carried out or is legally objectionable in and of itself. The offer, payment, solicitation, or acceptance of a bribe relating to official activity is sufficient. Example 30: A company bribes a judge to find in its favor. It turns out that the judge's decision is in fact legally correct. Nevertheless, the bribe is still illegal.

II.

Members of Parliament and Other Domestic Assemblies


German law forbids the actual or attempted buying or selling of votes for elections or ballots in the European Parliament and in public assemblies of the Federation, member states, municipalities, or municipal associations.

III.

Foreign Public Officials


German law prohibits the active bribery of the following foreign officials in international business transactions: Judge in a foreign state or international court Public official of a foreign state (including an official with a nongovernmental organization, or NGO, implementing a program funded by an international organization and entrusted with carrying out the organization's functions) Person entrusted with a public function, either with or for an authority of a foreign state, for a public enterprise with headquarters abroad, or other public functions for a foreign state Public official or other member of an international organization, or a person entrusted with carrying out its functions (such as, in most cases, EU officials) Soldier of a foreign state who is entrusted to exercise functions of an international organization Example 31: A German medical company is interested in supplying medical equipment to an NGO that is working in a developing country running a United Nations program. The German company bribes the NGO employee responsible for ordering equipment to order medical equipment from them. The German company likely has violated German bribery lawalthough the employee works for an NGO, the NGO is running a U.N. program, and, therefore, the employee could be regarded as a public official under German law.

17

German law also prohibits the active or passive bribery of judges of another EU member state members of a court of the European Communities public officials of another EU member state, whose positions correspond to that of a public official as defined in the German Criminal Code Community officials as defined in the Protocol of September 27, 1966 Members of the Commission and Court of Auditors of the European Communities

IV.

Bribery in the Private Sector


Under German law, it's illegal for an employee or agent of a business to solicit, accept, or entertain an offer for a bribe in a business transaction in exchange for giving someone else an unfair advantage in the competitive purchase of goods or commercial services. It's also illegal for anyone, for competitive purposes, to offer or pay a bribe in exchange for such advantage. These prohibitions apply to foreign as well as domestic transactions.

V.

Jurisdiction
German courts have jurisdiction over acts of bribery committed within Germany or, in some cases, committed outside of Germany by German nationals. Germany may also assert jurisdiction over bribery committed in a foreign country by a non-German permanent resident of Germany. This applies if the permanent resident is not extradited to the foreign country because extradition was not requested, was refused, or cannot be granted. Example 32: A citizen of another country is wanted by the authorities of his home country for bribery of officials there. Despite the overwhelming evidence against him, the German courts refuse extradition, as they cannot guarantee that the death penalty will not be invoked in the country in question. The German authorities may decide to try the person in Germany, even though none of the bribes took place in or involved Germany in any way. Example 33: Lawrence, a U.S. national, is registered as a permanent resident in Germany. German authorities discover that he has bribed a number of officials in another country to secure a monopoly over the sale of farm equipment there. Although the bribes were arranged and paid outside of Germany, he is arrested and tried in Germany as a permanent resident

VI.

Penalties
The penalty for bribery of a public official or foreign official is three months' to five years' imprisonment, a fine, or both. In particularly serious cases, the imprisonment can rise up to ten years. The penalty for bribing a member of Parliament or member of a foreign parliament is imprisonment of between one month and five years, or a fine.

18

BASIC PRINCIPLES FOR EMPLOYEES AND COMPANIES


Large companies acting on an international and pan-European basis are advised to implement an antibribery policy. Employees should refer to their company's policies if they are ever approached for bribes. To avoid violating bribery laws, individuals and companies (referred to below collectively as "enterprises") should follow the basic principles set out below in relation to "business in Europe," which are based on the guidelines drawn up by the International Chamber of Commerce. I.

Bribery and Kickbacks


No enterprise should directly or indirectly offer or give a bribe, and any demands for such a bribe should be rejected. Enterprises should not kick back any portion of a contract to employees of the other contracting party. Enterprises should not use other techniques such as subcontracts, purchase orders, or consulting agreements to channel government-bound payments to employees of the other contracting party, their relatives, or business associates.

II.

Agents
Enterprises should take reasonable steps to ensure that any payment made to an agent represents no more than an appropriate remuneration for legitimate services rendered no part of any such payment is passed on by the agent as a bribe a record of names and terms of employment for all agents in connection with transactions with public bodies or state enterprises is maintained and made available to auditors

III.

Financial Recording and Accounting


All financial transactions should be recorded properly and fairly in appropriate account books available for inspection by boards of directors and auditors. There should be no "off the books" or secret accounts. No documents should be issued that do not fairly record a transaction. A system of independent auditing should be put in place.

IV.

Political Contributions
Contributions to political parties or individuals should only be made in accordance with the applicable law. All contributions should be reported to senior corporate management.

V.

Company Codes
Enterprises should adopt and draw up their own codes of conduct and train their employees in, and inform them of, the rules. The code of conduct should apply to the company's subsidiaries, joint ventures, and agents.

19

TOP TEN THINGS TO REMEMBER ABOUT SARBANES-OXLEY: OVERVIEW


The goal of SOX is to restore investor confidence. After a series of corporate scandals featuring accounting manipulations that cost stockholders billions of dollars, corporate governance reform was needed. There were widespread conflicts of interest and abuses of power. SOX attempts to eliminate such conflicts and abuses and thereby restore investor confidence in the validity of the financial statements of public companies. The audit committee serves as an independent check on management's powers. The audit committee segregates duties to help maintain the independence necessary for an effective review by external auditors. Specifically, the audit committee separates senior management from hiring, paying, and reviewing the work of the external auditors. This way, the auditors feel less threatened by senior management, which should lead to a more independent review. An effective internal controls framework must include all employees. Internal controls are a series of checks and balances that can be as small as receiving authorization on a purchase of office supplies or as important as limiting access to confidential company information. SOX mandates that a reasonable set of controls be established to protect company assets and ensure the validity of the company's financial statements. All company employees need to be involved for these efforts to be successful. SOX provides severe penalties for those who violate it. SOX specifically empowers the SEC to take action against these people. The SEC can bar executives more easily from working as part of senior management or as directors of public companies. It can file civil charges against executives who try to manipulate or threaten external auditors. In addition, people who violate SOX can be fined up to $5 million and imprisoned for up to 20 years, depending on the violation. Internal controls are an extremely valuable tool. SOX requires management to be responsible for the company's internal controls program. Many controls limit the chances of theft and fraud throughout the organization by procedures such as authorizations and asset safeguards. Internal controls also force a company to understand its business and the potential problems it could face. Before SOX, providing nonaudit services that undermined auditor independence was more common. Audit firms used to provide their audit clients with other consulting services that were frequently more lucrative than the audit itself. On some occasions, auditors were unwilling to provide an independent review of the financial statements because they didn't want to upset senior management and risk losing their nonaudit services. Under SOX, auditors can't provide specified nonaudit services to their audit clients, and any nonaudit services they do provide must be preapproved by the audit committee.

www.eca.lrn.com 1

Management has often escaped responsibility for accounting errors by claiming ignorance. One of the reasons SOX requires CEOs and CFOs to certify quarterly and annual reports is because some of them blamed poor internal controls or ignorance of the controls for accounting errors. Under SOX, it's more difficult to use this as an excuse. By certifying the financial statements and internal controls, CEOs and CFOs are forced to take responsibility for their company's financial statements. SOX attacks many conflicts of interest beyond those of senior management and directors. Senior managers and directors aren't the only ones with potential conflicts of interest. For example, some investment bankers issued positive research reports on companies that did business with the bank and issued poor reports on companies that used their competitors. SOX separates the research section of investment banks from their other investment banking services so that each is independent. Control breakdowns don't always start with dishonesty, but rather with pressure. Many individuals who commit accounting fraud aren't thieves, just employees who feel pressure to meet high expectations. Sometimes it's managers trying to protect their employees from layoffs and thinking they can correct their manipulations in future quarters. The important point is to remain vigilant, because pressure combined with poor judgment can lead to breakdowns, and internal controls and an ethical corporate culture are the best tools to prevent these situations. SOX strives to create an ethical corporate culture. This legislation is comprehensive and extensive. From protecting whistleblowers to requiring transparency in accounting practices, SOX stresses honesty, responsibility, and the freedom to communicate, even when the news is bad. To fully meet the requirements of SOX, in both letter and spirit, a company must have an ethical culture.

www.eca.lrn.com 2

FREQUENTLY ASKED QUESTIONS ABOUT SARBANES-OXLEY - OVERVIEW


How did the corporate scandals leading up to SOX justify the need for legislation? Most of the institutions that were designed to provide protection against large-scale fraud were undermined to some degree. Investment bankers, analysts, lawyers, rating agencies, external auditors, senior management, and boards of directors all failed to protect investors. These failures were due in part to perverse incentives and conflicts of interest that should have been avoided. Legislation was needed to address these problems. What do external auditors do? Each public company is required to have an external auditor review its financial statements. The external auditor issues an opinion on whether the statements comply with the required accounting standards. In addition, SOX requires external auditors to review the company's internal controls over financial reporting to make sure they're effective in preventing fraud and providing reasonable assurance on the reliability of the financial statements. How does the PCAOB affect public accounting firms? In effect, there are two classes of public accounting firms in the United States: those that are qualified to audit public companies and those that are not. SOX gives the independent nonprofit board the ability to oversee public auditors and to analyze from an unbiased perspective whether they offer truly independent opinions. What are stock options? Stock options from your employer give you the right to buy a certain number of shares of your company's stock at a future time and price that your employer specifies. Options are widely used as an incentive for employees, and to allow them to share in the company's success. Does SOX address the conflicts of interest of investment bankers? Yes. Senior management and directors weren't the only ones to have serious conflicts of interest. At times, investment bankers issued positive research reports on companies that did business with the investment bank and issued poor reports on companies that used their competitors. SOX separates the research section of investment banks from their other investment banking services so that each is independent, which should lead to unbiased research reports. What is fiduciary responsibility? Fiduciary responsibility is a broad legal term that includes the duties of good faith, loyalty, and care that one must exercise in the management of another's money or property. Company employees who have a fiduciary responsibility must protect the company by putting the company's interests ahead of their own. What are the qualifications to be a financial expert on an audit committee? You must have a thorough understanding of internal controls for financial reporting and accounting standards specifically those dealing with accounting for estimates, accruals, and reserves. You should also have past experience that demonstrates your ability to understand basic financial statements.

www.eca.lrn.com 1

Why are accounting rules flexible? Accounting rules were designed to be widely applicable across many industries and types of companies. Flexibility has been a virtue, for the most part, by allowing companies to determine the best way to portray their finances in their financial statements. What are off-balance sheet liabilities? These are liabilities that companies formerly didn't have to list on their financial statements, so they were essentially deals hidden from stockholders. Some companies, like Enron, used this accounting loophole to distort their financial statements. Through creative deal structuring, the company could avoid classifying certain transactions as liabilities. SOX strives to close this accounting loophole. What types of compensation are available for whistleblowers subjected to retaliation? Compensation for unlawful retaliation includes reinstatement at the same seniority status the employee would have had, back pay with interest, and compensation for any special damages, including legal and witness fees. If you've been threatened in an effort to prevent the disclosure of information, contact your firm's audit committee or law or compliance department. What does it mean to certify financial statements? By certifying financial statements, the CEO and CFO are personally taking responsibility for them. Penalties for inaccurate certifications can be as high as 20 years in prison and a $5 million fine, or both. What does an internal controls framework do? An internal controls framework is a comprehensive process that helps a company operate efficiently and effectively. In this process, a company should create business objectives, determine risks, establish control activities, and define and communicate roles and responsibilities to all employees. Within this process, there are individual controls such as requiring authorizations on large purchases and limiting access to confidential information. Individual controls help to safeguard assets, safeguard ownership interests, and create credible financial reports. What are some examples of individual controls? Examples include authorizations, verifications, account reconciliations, reviews of operating performance, delegation of authority, security of assets, and segregation of duties. They occur throughout the organization, at all levels and in all functions. Why are internal controls important? Poor internal controls lead to the deterioration of virtually everything of value in an organization. Effective controls help ensure the accuracy of data. Inaccurate data can undermine the value of a company's financial statements and lead to poor managerial decisions since senior management uses this same data to make many business decisions. Poor controls also may undermine the relationships the company builds with its shareholders, customers, and suppliers.

www.eca.lrn.com 2

What is the audit partner rotation requirement? In general, audit partners are individuals who have substantial decision-making or other responsibilities in the audit of a public company. SOX requires that audit partners be rotated every five years. In addition, a former company employee can't take a job at the company's current audit firm and work on the company's audit until a one-year "cooling off" period has passed.

www.eca.lrn.com 3

YOUR RESPONSIBILITIES FOR FINANCIAL REPORTING


INTRODUCTION
Every company is accountable to its owners. In the case of a corner grocery store or gas station, the family that runs the operation may be the owners. For a law firm or medical group, the partners are the owners. In a large public company, the shareholders are the owners. As employees of a public companyfrom entry-level staff members to the company presidenteach person within the organization is also accountable to its shareholders. One way to account to a public company's owners is through financial reporting. For companies listed on a U.S. stock exchange (commonly referred to as public companies), financial reporting must be provided to the company's owners and government regulators every three months. Similar requirements and practices are in place for public companies in other countries. For the purposes of this handbook, however, the examples and specific references used will refer to the requirements of U.S. public companies. It should be noted that foreign companies that have their stock traded on U.S. stock markets or that sell bonds in the United States fall under most of the same regulations as do their U.S. counterparts. Over the past decade, the consequences of inaccurate financial reporting have been a regular news item. Various businesses, ranging from energy trading firms to long distance phone companies to public accounting firms, have either been fined, filed for bankruptcy, or gone out of business because of their actions. This is not a problem limited to the United States. Companies in Europe and Asia have also had similar problems, while governments around the world have pursued reforms similar to those in the United States in an effort to promote accurate financial reporting. In response to Enron and other high-profile fraud scandals and business failures, the U.S. Congress in 2002 enacted the Sarbanes-Oxley Act, strengthening existing financial reporting rules and creating new oversight requirements. These requirements have, more than any legislation before, established a broad list of standards surrounding the financial reporting process. This legislation is intended to enforce the notion that the quality of a company's financial reporting is ultimately the responsibility of that company's senior management, but is also dependent on the actions of all the employees in that organization. This handbook provides a general overview of the financial reporting process and the regulatory guidelines associated with the process. It does not provide legal advice or guidance regarding how you should act in a particular situation that involves suspected improprieties in the financial reporting process. Accurate financial reporting is a complex process subject to subtleties that cannot be completely covered in a brief treatment of this kind. Always consult your internal management and law department about any questions or concerns that you may have about the financial reporting process.

THE BASICS OF FINANCIAL REPORTING


I.

Regulatory Requirements

Public companies in the United States are subject to numerous regulatory requirements. A U.S. public company is a company that has offered stock to the investing public through a stock exchange in the United Statestypically either the New York Stock Exchange (NYSE) or the Nasdaq electronic stock exchange. Once a company is public, it has a number of responsibilities to its shareholders, the U.S. government, and the investing public. One of the major responsibilities that a public company must fulfill is to produce financial reports on a quarterly and annual basis. These reports, consisting primarily of an income statement, a balance sheet, and a statement of cash flow, show whether or not the company made money, outline sales and expenses for the period reported on, and list the company's assets and liabilities. Law and regulation dictate in large part the content of the financial reports as well as the methodology for creating them. Public companies are regulated by the Securities and Exchange Commission (SEC). The SEC has established rules for governing a public company and, in conjunction with other organizations, created standards for corporate behavior. Included within these standards is the requirement that financial reports be produced for the owners of the public company. They also specify when and how these reports should be generated. The accuracy of these reports is of paramount importance, as investors rely on them when making decisions to buy or sell company stock, as do banks and other lenders in deciding whether to loan money to the company. The U.S. government also relies on these reports in judging the overall health of the American economy. To ensure the accuracy of public companies' financial reports, the SEC requires that a certified public accounting (CPA) firm audit them annually for accuracy. This audit is intended to assure the investing public that the reports accurately reflect the financial condition of the company. The CPA firm will, at the end of the audit, give an "opinion" regarding whether the financial report is accurate and reliable. In addition to the annual audits that the CPA firms perform, most large public companies have an internal audit department. The role of the internal audit department is to conduct reviews (audits) of the company's operations in more depth and from a different perspective than those that the CPA firms conduct. In addition, it will examine the internal controls that the company has in place to ensure that the financial reports are accurate and the controls are operating effectively. The internal audit department will also look at the efficiency and effectiveness of the company's various operations as well as review other areas in which management may have questions or concerns. Example 1: A large multinational construction company has operations throughout the United States and in all continents around the world. The internal audit department establishes a plan in which all major locations are audited at least once every three years. Included in these audits are reviews to ensure that remote locations follow corporate policies and procedures. Specifically, the audits review all completed construction projects since the last audit to determine that all payments are made according to the construction contracts, payments for labor follow all local laws and are made in agreement with the local union contracts, and payments are made for actual work performed. In addition, the audits review the construction management process to verify that all permits and inspections are obtained and documented correctly. II.

Financial and Accounting Abuses

With all these audit, reporting, and oversight processes, how did the financial and accounting abuses that have been featured prominently in the nation's headlines ever occur? There is no simple answer to this question because there are numerous issues involved. The end result for the investing public is that the financial reporting it relied on turned out to be inaccurate for many companies. However, one thing did become clear: the CPA firms did not catch the inaccurate reporting. Why? In many cases, the CPA firms involved had helped set up the financial transactions at issue and had done so in such a way that investors became confused. In other cases, the CPA firms had not rigorously reviewed the results of the companies' internal audits in-depth or tested the quality of the internal audit work. In some other cases, the CPA firms had actually been the ones who had done the internal audit work for the companies in the first place. In addition, the CPA firms had provided the companies' management with guidance, advice, or work, which the firms were then called on to review during the year-end audit. Whether intentional or not, it's easy to see how a CPA firm conducting an audit of a company's financial reports would tend to refrain from criticizing the very work it had previously performed. Combine this with the fact that the CPA firms performed other services that often generated fees well in excess of those they earned for auditing financial reports, and it is easy to see how things could either intentionally or accidentally get overlooked. Example 2: A large multinational energy-trading firm filed for bankruptcy after an investigation revealed that its audited annual financial reports were inaccurate and had overstated its financial health. The investigation also found that the CPA firm that audited the company's financial reports had helped design the business structure that allowed the company to hide its financial risks and problems. In addition, it was learned that the CPA firm also performed the internal audit activities for the company. Given that the company paid the CPA firm fees totaling more than $52 millionmore than half of which was for consulting services and internal audit activitiesit appeared that the CPA firm was more concerned with earning the large consulting fees than conducting complete audits of the company's annual financial reports.

THE SARBANES-OXLEY ACT


On July 30, 2002, the Sarbanes-Oxley legislation became law as the Public Accounting Reform and Investor Protection Act. This legislation was enacted as a direct result of the many financial scandals that had affected the American investing public and financial markets. It creates greater accountability for accurate financial reporting, prescribes penalties for failing to comply with its provisions, and establishes a framework for corporate behavior in financial reporting and oversight of CPA firms with the objective of eliminating real or perceived conflicts of interest. It also established the Public Company Accounting Oversight Board as the policy-making body for regulating the provision of accounting services to public companies. I.

What the Act Includes


The major specifications of the act include the following: Code of ethics. All public companies are required to either establish a code of ethics for their senior financial management or disclose to the

government and investors why they did not establish one. The code must specify that the company will operate in an ethical and honest manner, disclose its financial and other significant matters in a timely and understandable manner, and comply with all governmental rules and regulations. Audit committee. All public companies are required to create an audit committee that is established by the company's board of directors. The audit committee is responsible for overseeing the financial reporting for the company, the annual audit conducted by the company's CPA firm, and the internal audit department's activities. The audit committee must be composed of members with specified levels of financial reporting expertise and independence from other aspects of the company's operations. Usually, some board members also serve on that company's audit committee, but they can only do so if they are not employees of the company. Whistleblowing. All public companies are required to establish a whistleblowing process to receive and review claims of inappropriate financial activities. Management report on internal control. The company must file an annual management report with the SEC on the company's internal controls for financial reporting, together with an attestation by the companys independent auditor. Management certifications. Management must certify that the financial reports are accurate and fairly present the company's financial condition; internal controls are in place to ensure that the reports are accurate; and the internal controls have been evaluated and are working. Management also needs to disclose if the internal controls are not working or if it, or others involved with the company's internal controls, has committed any fraud. Public disclosure. All public companies need to disclose any significant changes in their operation or financial condition. Auditing of internal controls. The CPA firm must audit a public company's internal controls as part of the year-end audit of the financial reports and determine if the internal controls are operating correctly. CPA firm conflicts of interest. A number of activities that CPA firms previously performed for public companies are now prohibited if the CPA firm performs the annual audit of the company's financial reports. These include: bookkeeping or preparing the company's financial reports designing or installing a company's computerized accounting systems internal audit services acting as management for the company other various activities where the CPA firm may have to evaluate its own work during the year-end audit of the financial reports

Penalties for fraud. Jail time and fines will be imposed if investors are defrauded. The act covers a wide variety of subjects that focus on one major objective: the accuracy of a company's financial reporting. This is accomplished through establishing accountability, eliminating conflicts of interest, and instituting internal controls.

Example 3: A large multinational company's audit committee receives a proposal from a CPA firm to perform the company's year-end audit. The proposal includes a schedule of the audit work to be done, the amount of hours to be spent, the areas to be audited, and total costs. Based on the audit committee's knowledge of the company's operations and financial structure, and its knowledge of general financial reporting practices, the committee will determine if the proposal meets the company's needs and is fairly priced. If the committee is satisfied, it will accept the proposal. If not, it will ask for clarifications and possibly changes. The audit committee may also contact other CPA firms to obtain alternative proposals before making a final decision.

UNDERSTANDING INTERNAL CONTROLS


I.

Internal Control Defined


In the simplest terms, an internal control is a process or procedure that provides reasonable assurance that the right thing to do gets done. Most companies further describe internal control as methods and procedures to provide reasonable assurance that management's objectives are met. Examples of management's objectives include accurate financial reports preservation of company assets compliance with all applicable laws and regulations, as well as the company's policies and procedures effective and efficient company operations

In the past, internal control was often looked at as an isolated subject. If a process, such as issuing a check, had controls in place, like review and approval by a manager, the process was viewed as controlled. Today, as a result of both Sarbanes-Oxley and the natural evolution of sound business practice, internal control is viewed in the bigger picture and as encompassing the entire organization. This broader concept of internal control has been accepted as the appropriate way to view control in an organization. II.

Core Elements of Internal Control


The five core elements of internal control are control environment risk assessment control activities information and communication monitoring

Each of these elements interrelates with the others, and all are necessary for an organization to have effective internal control. With the advent of SarbanesOxley, which requires that an appropriate framework for internal control be implemented, organizations have spent increasing amounts of time, money, and attention ensuring that these elements are in place and effective. B.

Control environment

The control environment sets the tone for the organization. Management needs to operate in an ethical and forthright manner and set forth its corresponding expectations of integrity and ethical behavior from its employees. Management, at all levels, needs to lead by example. It should model itself in a manner that encourages ethical behavior, fosters appropriate values, and allows for the identification and correction of behavior that does not meet these standards. For this reason, the establishment of a control environment is the foundation for the other elements of effective internal control. C.

Risk assessment
The risk assessment process is an aspect of internal control that occurs at all levels of an organization and is an ongoing process. Senior management constantly evaluates risks to the organization at a global level, such as the impact of current world events on a steady supply of energy, or the safety of staff in remote locations. Operating management assesses risk involved in more day-to-day activities, such as the security of work in process or finished goods inventory. At the same time, staff is also constantly assessing risk, although often in an informal manner, as employees perform assigned responsibilities and identify and address areas of potential error or problems on a daily basis. For a strong internal control system to work, the management and operating levels need to have a formal process to ensure that risks are evaluated on a regular basis and that plans are made to address those risks. For risks that employees identify, they need to have a process in which they can report those risks to management and have them addressed as necessary. Management needs to provide training on how to identify risks and must develop procedures outlining the steps for employees to follow. In some companies, all employees are empowered to resolve risks within set cost limits to correct problems that they identify. Other companies have established incentive programs for employees to identify risks and propose solutions.

D.

Control activities
Control activities are the major component of an internal control system and, in many organizations, are referred to as internal controls. Control activities occur in many forms. Some of the more common forms include: Policies and procedures. The best way to ensure that the right thing to do gets done is to have written, understandable guidelines that provide employees with directions on how to accomplish their duties. These policies and procedures can be broad, such as how to request approval to purchase equipment, or detailed, such as how to fill out an expense report. The guiding principal is that everyone works better if the rules are consistent and explained so that all employees know what is expected of them and how to perform their duties.

Example 4: For one large multinational company, business travel between locations and to clients and prospects is a large expense. The company has established a policy that outlines what travel expenses it will pay and provides limits as to how much it will pay for specific items such as hotels and rental cars. For example, according to the policy, hotel rooms in the continental United States must not cost more than $200 per night in major cities and $100 per night in other cities. The policy also states that an employee must purchase all air travel tickets through the corporate travel agency, or the company will not reimburse the employee. A set of procedures supporting this policy leads the employee step by step through the details of how to comply with it. For instance, the air travel procedure has phone numbers, names, and forms to use when ordering airline tickets, as well as instructions detailing who approves a request for tickets. Job descriptions. These go hand in hand with policies and procedures, as they define for all employees what is specifically expected of them and give both the employees and their managers yardsticks by which to guide and measure employee performance. Authorizations. Certain individuals within an organization have authority to do things. Purchasing officers are usually designated as the only authorized buyers for a company. Managers at certain levels are usually authorized to hire and fire employees. By having a defined framework of who is authorized to act in what capacity, employees, suppliers, customers, and the public can determine if they are dealing with the appropriate individuals within an organization.

Example 5: The purchasing department of a large electronics production company establishes various levels of authorization regarding who in the purchasing department is authorized to purchase on the company's behalf. These levels of authorization are listed on the company's purchase order, and indicate that a buyer may commit on orders up to $100,000. Above that limit, the vice president of purchasing must sign the purchase order for it to be binding. Approvals. Aligned with authorization is approval of an action. Individuals within an organization have the responsibility to approve certain actions. This can range from the audit committee approving the use of a CPA firm, to a manager approving an employee's expense report. The approval process is one of the key internal control principles as it helps ensure that actions are carefully reviewed. The more significant the impact an action may have on an organization, the greater the number of approvals it may require, or the more senior the management level it may require to approve the action.

Example 6: The human resources department for a large automotive parts manufacturer establishes various levels of approval for hiring new staff members. Managers can approve the hiring of assembly line workers for any open assembly job requisition. Hiring an assembly line worker without an open job requisition must be approved by the director of the human resources department for the assembly plant wanting to hire that worker. The director of human resources for the plant where a

manager will be assigned must always approve the hiring of the manager. Verifications. Many actions, particularly those involving large amounts of money, will require verification, an after-the-fact approval, before a requested action takes place. This control is necessary when a mistake or fraudulent action may not be caught, or the error corrected, if not immediately identified.

Example 7: A national insurance company receives payments at a number of locations across the United States on a daily basis. All the monies are deposited into one bank account for all locations at the end of each business day. The following morning, the corporate treasurer determines how much money can be invested and faxes instructions to the bank, instructing it to transfer certain amounts of money to a number of different investment companies. Before the bank will transfer the money, a bank staff member calls the insurance company and verifies with the controller in the accounting department that the instructions received are from the treasurer and are correct. Reconciliations. Just as individuals balance their personal checkbooks, an organization needs to balance or reconcile many of its activities on a regular basis. This control is essential in most accounting areas, where the need to verify figures in the accounting system against supporting information, such as cash or inventory, is essential to accurate financial reporting. Many areas of operations also are reconciled on a regular basis to ensure that what is expected to be in place is actually there.

Example 8: A national insurance company has a large number of bank accounts that serve specific functions, such as payroll, accounts payable, and accounts receivable. These accounts must be reconciled to the company financial records each month to properly account for all funds. The reconciliation process includes confirming that the bank has received all deposits and that all payments made by check or bank transfer agree with the company's financial records. This process must be completed each month to help ensure that no errors are posted to the accounting records. A failure to reconcile the bank accounts promptly could allow for errors to go undetected or become compounded over periods of time. Budgets. Just as reconciliations are performed to verify that what is recorded is what has occurred, budgets are needed to project what will occur in the future. Budgets form the basis for determining how many people to hire, what supplies and equipment to buy, how quickly to expand, and many other aspects of running a business. Comparing actual results with the budget then gives management the ability to assess actual and planned business volume and investigate areas where results were not as anticipated. This control then allows management to focus its attention on the areas that most need it. Reviews of performance. All employees are accustomed to receiving periodic performance reviews. They are one means of determining how well one has performed, identifying ways to improve, and recognizing strengths and successes. They also

help form the basis for possible raises or promotions. In the same manner, companies should conduct performance reviews of business activities, such as a sales campaign, a new product launch, or even the losing proposal to build a product for a potential buyer. The benefits for a company are the same as for an individual: strengths and weaknesses are identified, and alternate plans for the future can be developed. Example 9: A large electronics manufacturer is a major supplier to the automobile production industry. Every time a new car model is planned, the company submits proposals for the inclusion of electronic entertainment systems. Only one-third of its proposals are accepted. Because proposals are costly to prepare, the company establishes a process to review how they are developed and learn why they are accepted or rejected. Based on the results of these reviews, the company revises the proposal process to ensure that better communication occurs between the auto manufacturer and the company engineers. This will help the company to better understand and address specific requirements in future proposals. Documentation. All control activities should be documented and not left to recollection or conversation. It is especially important to document approvals, reconciliations, and other types of evidence of a control activity to confirm that the actions took place.

Example 10: A new receiving clerk for an electronics company does not fully understand the requirements for retaining documents when new materials arrive. After verifying that the goods have been delivered, the clerk usually keeps the packing slips for a week and then throws them away. Later, when materials are lost between the receiving dock and production, the clerk cannot prove that the amounts claimed to have been received and sent to production were actually received and forwarded. Security over assets. In addition to the various procedural controls described above, physical control needs to be maintained over all company assets, which includes supplies, inventory, facilities, and electronic or physical information, as well as employees themselves. Processes and procedures need to be in place to protect assets from accidental or intentional loss or damage.

Example 11: At a large production facility, portable tools are held in a secured tool crib and only distributed to authorized employees. To obtain the tools, the employee must have his supervisor's written authorization and a valid employee identification. Tool distribution is strictly controlled based on the authorizations, and the tools are inventoried after every shift. Managers are responsible for resolving issues regarding the return of tools at the end of every shift. Segregation of duties. Segregation of duties is a foundation of internal control. This principle describes the assignment of activities so that no one person has complete control over a key function or activity. With segregation of duties, both intentional

and accidental errors can be identified and corrected, as a second set of eyes will always be involved in the process. Example 12: At a large department store chain, responsibilities for payroll processing have been segregated so that accidental or intentional errors can be caught and corrected. Only the personnel department can create a file for a new employee and create or change a salary rate for an employee. Only the payroll department staff is able to process the payment for an existing employee. In addition, the payroll department staff cannot approve an employee's time card but can only process time cards that authorized managers have approved. Lastly, only the employee should enter time on the time card. At this company, the responsibilities for paying an employee are divided among four different individuals. These are just some examples of an organization's control activities. A company may develop other practices, depending on the nature of its business, what it does, and where it operates. It is extremely important to recognize that control activities acceptable in one country, for example the United States, may be culturally offensive in other countries and actually counterproductive. For this reason, the actual execution of some control activities may look very different from country to country, though they all are rooted in the same primary objective of ensuring that management's objectives are met. E.

Information and communication


For the control activities to function effectively, information and communication is critical. Financial reporting of actual performance as well as comparison against budgets; distribution of new policies and procedures; and reports on errors noted and corrective actions taken are some examples of information and communication crucial to the effectiveness of internal controls. Information, whether from automated systems or manually compiled, needs to be produced in a timely manner and in a format useful for managing and controlling the business. It also needs to be distributed throughout the organization, so that all parties affected by or responsible for the reported operations have the necessary data to carry out their responsibilities.

F.

Monitoring
Monitoring is a key feedback process in maintaining an effective internal control system. It is not, however, the same as the ongoing control or communication of activities. Monitoring is a separate, independent evaluation and oversight of internal control activities that is management's responsibility and is often assigned to the organization's internal audit department. The individuals responsible for the controls or the monitored activities do not perform management's monitoring function, but they should be alert to problems with such controls and activities and report them to the appropriate people in their company. Other monitoring roles may include compliance officers, ethics officers, or peer review committees.

Example 13: A large consumer electronics chain uses a sophisticated computer system to track inventory from receipt to point of sale. In addition, the store staff does a monthly physical inventory of actual stock on hand. As a monitoring function, the company's internal audit department annually conducts random physical inventories at half the company's stores to verify that they follow the inventory practices and that the practices work as designed.

WHAT YOU CAN DO TO HELP


Internal control is everyone's job. Organizations are all structured to have varying degrees of internal control, with management responsible for that structure as well as maintaining an environment where ethics and integrity are stressed and nurtured. Good internal controls should help employees meet their responsibilities. Policies and procedures should instruct, and personnel policies and job descriptions should guide, employee development. Control functions should help minimize errors, and information reporting and monitoring should help the business run efficiently and produce accurate financial reports for the owners. A strong internal control system will allow a company to comply with the regulatory and reporting requirements that the Sarbanes-Oxley legislation and the public stock exchanges mandate, both in the United States and throughout the world. All employees can support their company's internal control environment by complying with those policies and procedures and other control activities that affect their duties. If employees see ways to improve control or correct errors, they should bring them to the appropriate manager's attention. If employees notice weaknesses in internal control or outright violations of control activities, they should immediately report these observations to the appropriate manager. The manager can then deal with performance issues as appropriate. The manager can also review structural issues concerning how a task is controlled, or create a process improvement team to make necessary changes to improve control. Example 14: In a business management company's payroll department, the payroll manager accidentally processes a paymentwhich happens to be to herselftwice. When she learns of the mistake, she has an obligation to report the process error as well as refund the overpayment. The wrong thing to do would be to keep the payment and cover her tracks. Example 15: A teacher's aide at a university accidentally submits a health insurance claim that her physician also submits. Later, both the physician and the teacher's aide are paid for the billed service. The correct thing to do is for the teacher's aide to refund the duplicate payment and contact the human resources department to notify it of the claim processing error. The wrong thing to do is to keep the duplicate payment and submit more duplicates if it seems that no one is catching the error. Employees who are responsible for actually producing financial information should follow the accuracy controls for that data even if deadlines create a burden. Producing incorrect information quickly does not benefit anyone. Example 16: The accountant at a large insurance company, who is responsible for reconciling the company's bank accounts each month, falls behind because of other duties. Her supervisor pressures her to complete the reconciliations. To appear caught up, the accountant enters information in the reconciliations and makes her records look as if all bank activity is proper. As it turns out, fraudulent checks have been written on the

company's bank accounts, and more than $200,000 has been stolen. Because the fraud is not caught due to the intentionally overlooked bank activity, the company is not able to recover the money and has to correct the financial reports in future months once it finally identifies the previously undetected loss. In most organizations, internal control is part of the business culture, as are ethics and integrity. Complying with internal controls is part of doing one's job, and the corrective and verification control activities are taken for granted as one's responsibilities. The problem occurs when there is a breakdown of either personal or corporate ethics or integrity. An employee faced with such a situation needs to act in a much different manner, as this is no longer "business as usual." For example, frequent breakdowns in organizations' integrity and ethics have occurred in the area of recording sales. The pressure to match investors' expectations of sales, or a manager's expectations of an individual salesperson, has led to a number of frequently repeated scams in reporting sales: o Sales of nonexistent products or services. Particularly in the high-technology field, companies record sales for products or services not yet fully developed. Although it is acceptable to record a deposit for payment on a future product or service, a company should not show a sale on its books for products or services until all conditions for the booking of revenue under applicable accounting rules have been met. Consult your company's accounting or law department if you have any questions. Changing contract dates. In order to meet monthly or quarterly sales targets, companies often change contract dates from the first few days of a new month or quarter to reflect the previous period. In addition to reporting incorrect financial data, this practice can cause commissions to be overpaid to sales people if they have targets that are met because of it. Sales to related parties. To meet sales targets, sales contracts and other supporting documents are created for sales to related parties with the agreement that the goods or services will either never be delivered or performed, or that any goods delivered will be returned in the following period. Refunding or crediting back the sale occurs in the following month, and the individuals involved look for other ways to offset this "lost" sale when the next period closes.

In any of these cases, if an employee suspects that sales information is being incorrectly reported, he must report these observations to management.

HOW TO RESPOND WHEN SOMETHING DOES NOT LOOK RIGHT


I.

Reporting Violations
When an employee observes or becomes aware of a potential violation of policy or procedure, established internal controls, or the law, the employee is obligated to take appropriate action. Depending on the nature of the actions observed, the potential severity, and the position of those involved, the employee can take one of several courses of action: Report the matter to your immediate supervisor. If the matter appears to be a localized issue, and the employee feels comfortable, reporting the matter to her immediate supervisor is always the preferred course of action. Employees can address most matters at this level as a departmental operating issue.

Example 17: A data entry clerk at a large company learns that her coworkers are sharing passwords. If passwords are shared, individuals may be able to perform tasks that they are not authorized to perform, or they may be blamed for actions that they have not taken. The clerk reports the password sharing to her supervisor because she knows that control over computer hardware and software is necessary, since businesses rely heavily on these systems and the data they contain. Example 18: A manufacturing company uses a computer system that shows the time and date of the last activity by the user every time the user logs on to the system. A data entry clerk logs on to his computer system and notices that the time shown for his last usage is a time when he was at his doctor's office. The clerk knows that this indicates that someone has used his password and has accessed the system as him. He reports this to his supervisor immediately so the matter can be investigated. Report the matter to your supervisor's manager. If the matter appears to be more significant, or her immediate supervisor is a part of the problem, then the employee should report the matter to the manager above her supervisor.

Example 19: On a business trip, a supervisor asks his administrative assistant to pay for a dinner attended by the supervisor, the assistant, and a number of staff members. The supervisor explains that he will then be able to approve the expense report and won't have to explain the dinner to his boss. The company policy states that the highest level employee attending any business meal must pay and submit an expense report. In this case, the employee cannot report to her immediate supervisor regarding the matter, as he is part of the problem. The correct thing for the assistant to do is to report the matter to her supervisor's manager or go through one of the other reporting processes available to employees. Report the matter to your company's ethics officer, compliance officer, internal audit department, or human resources department. Most issuessuch as those recently seen in the mediashould, at a minimum, be reported through one of these channels. Generally, the senior company managers are charged with investigating claims of inappropriate behavior and can have matters investigated in a timely manner.

Example 20: A graphic designer for a major advertising agency notes that most supplies, equipment, and consultants used at her location seem to be from substandard vendors and that there are a lot of complaints about the quality of goods and services received. After looking into the matter more closely, she learns that the buyer responsible for supporting her location is sending a large amount of business to friends and relatives rather than to reputable suppliers. She should refer this significant matter to an ethics or compliance person within the company, the internal audit department, the human resources department, or to the whistleblower hotline, if there is one established by the company. Utilize your company's employee whistleblower hotline or audit committee reporting process. These are the processes to follow if the employee either identifies an ethical issue or feels the need to report the situation in a confidential manner. All whistleblower and audit committee reporting programs can maintain the confidentiality of the reporting

party's identity if confidentiality is desired. These processes also guarantee that impartial and independent reviews of the matter reported will take place. Example 21: The accountant for a computer company notices that a large amount of sales are booked each quarter to a customer that also sells a large amount of goods to his company. As he investigates these transactions, he learns that the goods his company sold have never been shipped and that the goods purchased by his company have never been received. In fact, the two companies have agreed to simply swap sales transactions to inflate the amount of sales on their books. Since this appears to be fraudulent financial reporting, the accountant refers the matter to the company's whistleblower hotline with sufficient detail to allow for a prompt review of the matter. II.

What to Include in Your Report


No matter which process the employee uses to report a matter of concern, he should be sure that any report of suspected inappropriate activity includes the following: Specifics. Include as much detail as possible, such as copies of documents, if appropriate, to support the concern. Facts. Include as much factual information as possible. However, do not make assumptions or speculate as to motives, decisions, or other possible actions that are not known firsthand. Honesty. The processes for reporting suspicious matters are tools to be used appropriately. They should not be used as a means of getting even with a coworker or manager or for making a labor-related point. An employee's ethical behavior in reporting a matter needs to be of the same high standard as the processes that are established to promote sound business practices.

CONCLUSION
Accurate financial reporting is critical in a free market economy with public ownership of large businesses. While the responsibility of actually preparing the financial reports belongs to a limited number of employees, the responsibility for the accuracy of the information contained in the reports belongs to all employees. By ensuring that the policies, procedures, and controls in place within an organization are followed, all employees can contribute to the accuracy of the financial reports. Conversely, intentional disregard of the established controls within an organization can lead to financial loss for the company as well as the potential for inaccurate financial reporting. Lastly, with the current focus on corporate ethics, all employees have the obligation to identify and report areas of concern when they suspect that intentional actions are taking place to defraud the organization, the investing public, or government regulators. As evidenced by recent news, the consequences of not doing so can have far-reaching and drastic effects.

FEDERAL SENTENCING GUIDELINES: THE RULES OF THE ROAD


INTRODUCTION
Generally speaking, corporations and other business entities may be criminally liable for actions taken by their employees in the course of their employment. Even the bestintentioned employees, doing only what they are told, can expose their company to severe criminal penalties. At least where federal crimes are concerned, the extent of those penalties depends largely on what are known as the Federal Sentencing Guidelines. These Guidelines establish standards for determining the appropriate range of sentences in a particular case. Among other things, they provide for reduced sentences if the convicted organization has made certain efforts to detect and prevent criminal activity before it occurs. Some states have also adopted sentencing guidelines that are similar in approach, if not in detail, to the federal standards. Because federal law governs so many aspects of modern business, it is important for corporate employees -- particularly executives and managers -- to have some understanding of the Sentencing Guidelines -- where they came from, how they work, and what can be done beforehand to help reduce criminal penalties if the company is later convicted of a crime. That is the purpose of this Handbook. It is designed to give you a brief overview of some basic concepts underlying the Sentencing Guidelines, including the need for an "effective compliance program" as a basis for sentence reduction. This Handbook is very general in nature, and is not designed to provide advice regarding the steps any particular company should take in order to reduce its exposure in the event of a criminal conviction. Any such steps should be taken only in conjunction with the advice of legal counsel. We will begin with some general background regarding the fundamental concepts of criminal law.

BASIC CONCEPTS
I.

What Is a "Crime"?
The U.S. Congress and the state legislatures of every state have passed statutes prohibiting conduct that is considered so harmful to society that it should be prosecuted and punished by the government. A "crime" is the conduct prohibited by these statutes. The punishment for commission of a crime may include such things as imprisonment, fines, probation and community service. An individual charged with a crime is entitled to certain rights or protections under the U.S. Constitution and the constitutions of individual states. Some of these rights are familiar to moviegoers and television watchers, such as the right to remain silent, the right to refuse to testify and the right to counsel. These rights are available to those accused of crimes because they face punishment by the government, which may include loss of their liberty or in some cases even death.

Most crimes involve some type of intentional act. The conduct must be done willfully or knowingly. Generally, those terms mean more than knowing what one is doing. Knowing that one is signing a check is not enough to prove the crime of forgery. However, knowing that one is signing a check with someone else's name, without that person's permission, is sufficient "knowledge" to prove the crime of forgery. Sometimes, of course, the situation is more complicated. For example, if someone honestly but mistakenly believes he is authorized to sign someone else's name, then the person probably would not be viewed as having the required knowledge for criminal liability, at least in some jurisdictions. On the other hand, a few crimes require no particular intent. For instance, some conduct will violate the environmental laws no matter what the degree of knowledge or lack of knowledge. II.

How Is a Criminal Prosecution Different from a Civil Lawsuit?


A criminal prosecution differs from a civil lawsuit in several respects. A criminal prosecution is initiated by the government, on behalf of all the people. Even though some criminal offenses involve harm done to individual victims, it is the government that charges the accused and is responsible for assembling all the witnesses, testimony, and evidence necessary to prove that the accused committed the crime. A civil lawsuit, by contrast, does not result in punishment by the government. It usually involves a dispute about money, and is usually between private parties, although the government can and does sue individuals and entities. Even if the lawsuit is based on an injury caused by negligence, the injured party sues to get monetary damages. Although the court in a civil suit can order a party to do or stop doing something, a civil suit is not primarily aimed at punishing the sued party. Another difference between criminal and civil cases is how hard they are to prove. The degree of difficulty in proving a case is called the "burden of proof." The government in a criminal case has to prove beyond a reasonable doubt that the crime was committed and the accused is the one who committed it. Beyond a reasonable doubt is a very high burden of proof. On the other hand, to win in a civil case, the person bringing the lawsuit (known as the plaintiff) has to prove the bad conduct and damages only by a preponderance of the evidence. This means that the evidence is weighted just slightly more in favor of the plaintiff. The bottom line is that the government in a criminal case has to have very strong evidence of the defendants guilt in order for the jury to return a verdict of guilty, whereas the plaintiff in a civil case has a much easier time of it. The reason for the higher burden of proof in a criminal case is the same as the reason why our Constitution gives persons accused of crimes certain additional rights -- a person found guilty of a crime will be punished by the government and the punishment may include the loss of liberty or in some cases even death.

III.

Can Corporate Entities Commit Crimes?


Corporations and other entities can be punished for criminal violations. Theoretically and legally, a corporation or other entity acts through its executives and employees, and is liable for criminal acts committed by them in the course of

their employment. Because entities cant be sent to prison, punishment for such acts is usually limited to fines. IV.

What Is a Criminal Conviction?


An individual or entity accused of a crime usually has a choice of plea bargaining with the prosecutor, often for a lesser charge, or going to trial and taking the risk that the judge or jury might render a guilty verdict. In either event, a guilty plea and a guilty verdict both result in a final decision of guilt, called a conviction. In sentencing a convicted individual or entity, the judge can impose a variety of penalties, including imprisonment for an individual, probation, fine, restitution, forfeiture, assessment of costs, and remedial orders such as mandatory community service.

V.

Federal Versus State Crimes


Under our federal system of government, both the federal government and the states are authorized to enact laws prohibiting criminal activity. The main difference is that state criminal laws generally involve local conduct -- for example, a robbery or homicide occurring within a certain states borders, whereas federal criminal laws must, under the Constitution, involve conduct affecting interstate commerce. As a practical matter, however, the interstate commerce requirement is fairly easy to meet, and as a result, there is a vast body of federal criminal law prohibiting everything from mail fraud, to robbery of federally-insured banks, to drug dealing, to assaults on federal officers. There is also a great deal of overlap between federal and state crimes. For example, securities fraud may violate both federal and state criminal law and may be prosecuted at both the federal and state levels. For our purposes, we will focus on federal law, and particularly the Federal Sentencing Guidelines. But you should be aware that states may have their own sentencing policies, which may resemble or differ from the federal guidelines in important ways.

FEDERAL SENTENCING GUIDELINES -- BACKGROUND


I.

Sentencing Practices Prior to the Guidelines


Until 1987, federal court judges had a great deal of leeway in deciding what punishment to impose on a person or entity convicted of a federal crime. All criminal statutes established maximum penalties, and a growing number set minimum penalties, but in between it was left to the judge to decide. The judge typically would consider the nature of the crime, the defendants criminal background and any other information the government or the defendant presented. This information included character references, information about other crimes or arrests, medical or mental illness, personal history, family circumstances, educational background and anything else the judge thought was important. The judge then weighed the information and imposed the sentence he felt was appropriate. As a result, persons and entities convicted of similar crimes, with similar backgrounds, often received widely different sentences.

II.

Creation of the Federal Sentencing Guidelines


Congress reacted to complaints regarding these sentencing disparities by passing the Sentencing Reform Act of 1984. The Act created the United States Sentencing Commission and directed it to develop guidelines reflecting the four basic purposes of criminal punishment -- deterrence, incapacitation, just punishment and rehabilitation. The Act further specified that the guidelines were to include categories, or levels of offenses, and offender characteristics, and sentencing ranges based on those levels. For example, an employee who embezzled $5,000 would be in a different category from an armed bank robber who has two prior convictions for bank robbery. The Act required federal judges to stay within these ranges when sentencing individuals or entities convicted of federal crimes. The Act also abolished parole so that now, a person sentenced for a federal crime will serve the entire term of imprisonment reduced only by a limited amount of "good behavior" credit. The Sentencing Commission was also given the authority to review the sentencing process and to make changes in the Guidelines as courts gained experience with them. The initial Guidelines went into effect November 1, 1987 and apply to all offenses committed by individuals after that date. The Guidelines for organizations were added and became effective November 1, 1991.

III.

The United States Sentencing Commission A. Composition of the Commission


The Sentencing Commission is an independent agency of the judicial branch of government. It consists of seven voting and two nonvoting members. The president of the United States appoints the seven voting members of the Commission, after consultation with judges, prosecutors, defense attorneys, law enforcement officials, victims of crime and others with an interest in the judicial process. The appointments are made with the advice and consent of the Senate. One member of the Commission is appointed by the president as the Chair and three are designated as Vice Chairs. Of the seven members, at least three must be federal judges. No more than four members may be members of the same political party. The Attorney General, or his or her designee, is a nonvoting member of the Commission. The voting members are appointed for six-year staggered terms. B.

Authority of the Commission


The Commission is responsible for issuing the Sentencing Guidelines as well as policy statements regarding their application. Congress set some limits on the Commissions powers and also made clear that it expected certain crimes to carry sentences at or near the maximum authorized, and offenders with particularly unsavory criminal histories to serve substantial prison terms. Congress also gave the Commission the power to review and revise the Guidelines.

C.

Amendments to the Guidelines


The Commission receives comments and recommendations from a variety of sources regarding the fairness and operation of the Guidelines.

Some of these sources include probation officers, the Bureau of Prisons, federal judges, the U.S. Department of Justice and the Federal Public Defenders. The Commission reviews and considers these comments and, from time to time, submits proposed amendments to the Guidelines to Congress with a statement of the reasons for each amendment. IV.

How the Guidelines Affect Individuals


The Guidelines generally limit the discretion of sentencing judges. As a result, individuals can no longer count on using their individual circumstances to sway the judge. Age, physical condition, family ties and responsibilities, level of education, employment record, community ties, and even mental condition are not ordinarily relevant in determining whether a lighter sentence, outside the applicable guideline range, would be appropriate. However, all these considerations may be relevant in setting conditions of probation. For example, a single parent who is the sole support for young children will not be eligible for a lighter sentence on that basis alone; however, continued support of the children may become a condition of probation. Likewise, a responsible job will not mean a lighter sentence, but may affect the appropriateness of home detention. In rare, extraordinary cases an individuals particular circumstances may be relevant to the sentence imposed. For instance, an elderly, infirm defendant may be sentenced to home detention instead of prison, if home detention would be an equally effective but less costly alternative to imprisonment.

V.

How the Guidelines Affect Organizations


Organizations, of course, cannot be sent to prison; however, substantial fines can put an organization out of business quickly. Like individuals, organizations can no longer use considerations such as "good corporate citizenship," or the harm to their employees and local community if they go out of business, to lower their sentences. All these considerations are viewed as having been taken into account by the Commission and are no longer a valid basis for receiving a lighter sentence. Consequently, an organization that gives substantial gifts to charity or community events, or that provides a large number of jobs to local citizens, can expect only marginal consideration for such activities at sentencing. In addition, many organizations that do business with the government may be barred from government business once they are convicted of certain types of crimes.

APPLICATION OF THE GUIDELINES TO INDIVIDUALS


Although our primary concern is with corporations and other entities, it is helpful to understand first how the Guidelines apply to individuals. I.

Determining the Base Offense Level


The first step in determining an individuals sentence is to determine the Guideline most applicable to the particular offense. An appendix to the Guidelines provides a useful cross-index from the numerous federal criminal statutes to the offense Guidelines. Once the appropriate Guideline is established, the second step is to determine the base offense level for the offense under this Guideline, and any adjustment to that base level due to the defendants specific conduct. For example, a minor

assault carries a base offense level of either 6 or 3, depending on whether the defendant had and threatened to use a firearm or other dangerous weapon. If the crime resulted in serious bodily harm to a person under the age of 16, the Guideline adds another 4 points. II.

Adjusting the Base Offense Level


The base offense level for the particular offense is then further adjusted by general adjustments not necessarily tied to any specific offense. The base offense level is increased, for example, if the victim is particularly vulnerable because of age or physical or mental condition, if the convicted person played a leadership role in the offense, if the defendant obstructed justice, or if the conviction was for multiple violations. For example, if the victim was physically restrained during commission of the offense, the level is increased by 2 points. The base offense level is decreased if the convicted person played a minimal role in the offense and has accepted responsibility for the offense by either reporting the offense, admitting the conduct, voluntarily paying restitution, voluntarily assisting the authorities or pleading guilty. For example, an individual convicted of fraud will receive a lower sentence if he was just a minor participant in the illegal conduct rather than an instigator.

III.

Determining the Individuals Criminal History


One of the premises of the Guidelines is that a convicted persons prior criminal behavior is relevant to sentencing for the current conviction, and that a person with a prior record of criminal conduct is more culpable than a first offender. Consequently, the Guidelines are structured to ensure that the lengthier and more serious the prior criminal conduct, the heavier the sentence for the new criminal conviction. For example, each prior imprisonment of more than 60 days adds 2 points, and each prior sentence of imprisonment for more than one year adds 3 points. Two points are added if the current offense occurred while the person was on probation, parole or the like, or if it was committed within two years after release from imprisonment. The number of points then determines which criminal history category the person falls into. Category I includes persons with zero or one criminal history points, Category II includes persons with two or three criminal history points, and so on up to Category VI, which includes persons with 13 or more criminal history points.

IV.

Determining the Sentence for Individuals A. Imprisonment


Once the offense level and criminal history category are determined, the range of possible terms of imprisonment is established by Guidelines sentencing table. On the right are listed the base offense levels from 1 to 43. Across the top are listed the criminal history categories, from I to VI. The applicable Guideline is determined by tracing the base offense level across the grid to the appropriate criminal history category. For example, lets take a person who is convicted of a complex fraud or embezzlement in an amount between $200,000 and $350,000. This carries a base offense level of 6, plus an additional 8 levels based on the amount. If the offense involved more than minimal planning, 2 points

would be added. Another two points would be added if the offender played a leadership role in the offense, but 3 points would be subtracted if the offender accepted responsibility by pleading guilty. The net result in that situation would be an offense level of 15. Assuming this was the offenders first conviction, the chart would dictate a sentence of 18 to 24 months in prison. B.

Probation
Some convicted individuals may be eligible for probation, or a relatively short sentence followed by probation, if their offense level and criminal history points are low. Alternatively, the judge may order a period of community confinement (a half-way house), home detention, or intermittent confinement, such as week-ends in jail, followed by probation. But both probation and these alternative sentences are discretionary -- the judge can still sentence the individual to the maximum prison term called for by the Guidelines. If probation is ordered, the term must be between one and three years. Persons on probation are subject to the supervision of the court, through the Probation Office, and are subject to conditions tailored to their specific circumstances, such as paying restitution and/or a fine, residing in a particular place, staying away from a specified place or area, attending a rehabilitation program, performing community service, periodic drug testing, and refraining from further criminal conduct.

C.

Restitution and forfeiture


Restitution means repaying the victim for the victims loss. It is not intended primarily to punish the convicted person, but rather to compensate the victim for the harm or loss. Restitution is frequently ordered as part of the sentence. The amount of restitution is determined by the judge, based on the victims loss. If the judge determines that a convicted person is unable to pay full restitution, the person may be ordered to make nominal periodic payments. In addition, certain criminal statutes provide for forfeiture of certain property by the convicted person, such as the proceeds of the crime.

D.

Fines
All convicted individuals are required to pay a fine, except when the person can show that he is unable to pay and is not likely to become able to pay. The fine is determined by referring to a table set out in the Guidelines establishing a minimum and maximum fine for each offense level. For instance, in the fraud example given above, an offense level of 15 would yield a minimum fine of $4,000 and a maximum fine of $40,000. The sentencing judge determines the fine within the range given in the table, based on factors such as the seriousness of the offense, the defendants ability to pay, any restitution that has been made and any other pertinent considerations. The maximum fine under the fine table is $250,000 for offense levels of 38 and above. However, some federal statutes authorize fines greater than $250,000, and in

those instances the judge must follow the statute and impose the higher fine. V.

Application of the Guidelines to Organizations A. General principles


Under federal (and state) criminal law organizations are liable for offenses committed by their employees and agents in the course of their employment. Therefore, illegal conduct by an employee may result in prosecution of both the employee and the organization. Because organizations can commit crimes only through their employees, the Sentencing Guidelines provide incentives for organizations to establish internal mechanisms for preventing, detecting and reporting criminal conduct. These goals are in addition to the traditional goals of sentencing -- just punishment, deterrence and rehabilitation. Generally speaking, the Sentencing Guidelines are structured so that the fine imposed on an organization reflects (1) the seriousness of the offense and (2) the level of the organizations culpability. For these purposes, the seriousness of the offense is normally determined by the victims loss. Culpability is generally determined by examining the organizations efforts to prevent and detect criminal conduct, the degree of involvement in the criminal conduct by high level personnel, and the actions of the organization after the discovery of the offense. This general structure, however, does not apply to organizations operated primarily for a criminal purpose or by criminal means. In their case, fines are set at amounts high enough to strip them of all their assets. B.

Remedying the harm


The judges first step in sentencing a corporation is to determine the appropriate restitution and remedial orders. Restitution will be ordered unless the court finds that the organization is unable to pay, in which case the court may order only nominal periodic payments. Restitution is based on the amount of harm or damage to the victim and generally equals the full amount of the loss. When there is an identifiable victim, the restitution is made to the victim -- in a lump sum, in partial payments, or in in-kind payments. For example, an entity convicted of defrauding a group of consumers by selling defective appliances or roof repairs will be ordered to pay an amount of restitution to the victims sufficient to repay them for their losses. In addition, the judge may order the company to take further corrective action, such as a product recall.

C.

Determining the fine


After determining the amount of the restitution order, the court must decide whether a fine should be imposed in addition to the restitution. If the court found that the organization could not pay the required restitution, then it need not go through the process of determining the appropriate fine, because no fine will be imposed. If it appears that the entity can pay the restitution order, the court should then determine the

fine. The restitution, if paid, will compensate the victims. The fine, which is a penalty, will be paid to the government. 1.

The base fine


The base fine for a corporation is the amount of the organizations gain from the offense, the amount of the victims loss caused by the offense, or the amount specified by the Guidelines fine table, whichever is the greatest. The amount specified in the fine table is based on the offense level. The offense level for organizations is determined in the same way as for individuals, with adjustments made for the specific factors set out in each Guideline. Thus, using the fraud example above, if the fraud were committed by a corporation, it would carry a base offense level of 6 (the same as for an individual), plus an additional 8 levels for the amount of the fraud, plus 2 levels for more than minimal planning, for a total of 16. The adjustments for role in the offense and acceptance of responsibility are not taken into account in calculating the base fine, but are relevant in calculating the entitys culpability score, as discussed below. Using the fine table for an offense level of 16 would dictate a base fine of $175,000. But because this is less than the $300,000 loss suffered by the victim, the actual base fine would be $300,000.

2.

Determining the culpability score


Once the base fine has been determined, a separate calculation must be done to determine the organizations culpability score. This process involves assigning points, or deducting them, for certain factors. A convicted entity starts with five points. A prior history of criminal activity on the part of the organization can add one or two points, depending on the crime and how long ago it was committed. Criminal conduct that violates an existing court order adds two points. Obstructing the investigation, prosecution or sentencing of the current crime adds three points. Obstruction includes such things as deliberately destroying or altering documents with knowledge that an investigation is underway, encouraging employees or coworkers to lie to investigators, threatening an employee who is cooperating with law enforcement authorities, and/or deliberately misinforming others about their rights and obligations with respect to the investigation. The culpability score increases depending on the size of the corporation and the level of the employees who were involved in the criminal conduct or who tolerated it. For example, a large organization (or unit of an organization) with 5,000 or more employees, in which high-level personnel participated in or condoned the conduct, or in which substantial authority personnel pervasively tolerated the offense, will have five points added to its culpability score. High-level personnel include directors, executive officers, individuals in charge of a major

business or functional unit, and individuals with substantial ownership interests. Substantial authority personnel include all high-level personnel, plus individuals who exercise substantial supervisory authority, such as a plant manager or a sales manager, and any other individuals who exercise substantial discretion when acting within the scope of their authority, such as individuals with authority to negotiate or set prices. Two factors will reduce the culpability score for an entity -- an effective compliance program, and self-reporting of wrong-doing. An effective compliance program is defined in the Guidelines and has seven components. These components will be discussed in more detail below, but the focus of the requirements is the deterrence, discovery and remedy of illegal conduct. If an entity has a compliance program that meets these requirements, the culpability score is lowered by three points. Finally, the score may be reduced if the entity reported the offense to law enforcement authorities. A prompt report before the entity became aware of a government investigation will reduce the organizations culpability score by five points. Lesser degrees of cooperation and acceptance of responsibility can result in a reduction of one or two points. 3.

Determining the multiplier and calculating the fine


Once the culpability score is determined, the Guidelines establish minimum and maximum multipliers based on that score. The greater the culpability score, the higher the multipliers. The multiplier is then applied to the base fine to determine the range of minimum and maximum fine that the judge can impose. For example, a culpability score of six yields a minimum multiplier of 1.2 and a maximum multiplier of 2.4. If the base fine was $300,000, the minimum fine the judge could impose would be $360,000 and the maximum would be $720,000. In cases involving fraud resulting in large losses, the multipliers can dramatically increase the fine range. For example, assume that a 1000-employee entity was convicted of a fraud involving $500,000 in losses, which was committed at the direction of the chief operating officer, in which the entity did not self report and had no compliance plan. The entity starts with five points as its culpability score. The COOs involvement in the fraud, committed by an entity of this size, adds 4 points, for a total of 9 points. The entity did not self-report the crime and had no compliance plan so it is entitled to no reduction. The final culpability score of 9 yields a minimum multiplier of 1.8 and a maximum of 3.6. These multipliers are applied to the base fine to yield the minimum and maximum fine range. In this example, the base fine is $500,000 (i.e., the greatest of the amount from the fine table ($250,000), the amount of loss to the victim ($500,000), and the amount of gain to the offender ($500,000)). Applying the multipliers, the fine range is $900,000 to $1.8 million. As noted above, the fine is in addition to restitution.

D.

Can a judge impose a sentence on an organization outside the Guidelines range?


Under relatively rare circumstances, a judge may impose a sentence greater or less than the range called for by the Guidelines, if the judge finds aggravating or mitigating circumstances of a kind or extent not adequately taken into account by the Sentencing Commission. For example, the court may go below the Guideline range if the organization has substantially assisted the government in investigating or prosecuting an unaffiliated individual or another organization. On the other hand, a higher sentence than the Guideline range may be justified if the offense resulted in death or bodily injury, threatened national security, threatened the environment or involved the bribery of a public official.

E.

Probation 1. When would a court order probation for an organization?


In addition to imposing a fine, the judge may place a convicted entity on probation, and must do so in certain circumstances -for example, if the entity has 50 or more employees and does not have an effective compliance program in place, or if the entity has a prior history of similar misconduct. The probation term is from one to five years for a felony and any period up to five years for a misdemeanor. Probation means that the entity remains under court supervision, through the courts probation office. As discussed more fully below, the court may also impose further conditions on the entity as part of the probation order. The probation office monitors the entitys compliance with such conditions and notifies the court if the entity fails to comply. 2.

What kinds of conditions of probation may a court impose on an organization?


The first condition of probation is always that the entity not commit another federal, state or local crime during the term of probation. Another universal condition is that the entity must pay restitution. In addition, the judge may order the entity to give notice to victims of the offense or to publicize the nature of the offense, the conviction, the punishment and the steps the entity will take to prevent recurrence. The organization may be required to file periodic financial reports with the court or the probation officer to ensure that it will be able to pay any deferred restitution or fine. The probation officer or experts hired by the court may examine the books and records of the organization and may question the employees of the organization from time to time during the probation period. The court may also order the entity to develop and implement a compliance program, with periodic reports to the court or probation officer.

If an entity does not comply with the conditions of probation, the court may extend the probation term, impose additional or more restrictive conditions, or revoke the probation and resentence the organization, presumably to a higher fine. 3.

Forfeiture
In certain cases, the government is permitted or required to seek a forfeiture order requiring the offender to turn over certain property to the government -- typically only proceeds of the crime. When prosecuting organizations, the government most often relies on the federal law against money laundering to obtain such an order. Although this statute was originally aimed at drug dealers, the government often uses it against legitimate businesses suspected of fraud or similar crimes. For example, an entity that does business with the federal government may be charged with fraud for overbilling the government. The proceeds of the fraud would be the amount of overcharges received by the entity. If the entity moves those funds from one account to another, it may be charged with money laundering in addition to fraud. The money laundering charge not only allows the government to seek forfeiture of those funds, but also carries much stiffer penalties than the fraud charge standing alone.

THE IMPORTANCE OF AN EFFECTIVE COMPLIANCE PROGRAM


Because the existence or nonexistence of an effective compliance program can play a significant role in the sentencing process, it is important to have some understanding of the basic requirements and benefits of such a program. I.

What Is an Effective Compliance Program?


An effective compliance program is defined in the Sentencing Guidelines as "a program that has been reasonably designed, implemented, and enforced so that it generally will be effective in preventing and detecting criminal conduct." The Guidelines specify seven steps that an organization must take in order for its compliance program to be considered "effective." A. The compliance standards and procedures established by the organization must be reasonably capable of reducing the possibility of criminal conduct. This requirement generally means that an organizations compliance program must address areas of vulnerability, taking into account the practices, procedures and business of that organization. At a minimum, the program must require compliance with all the laws, rules and regulations applicable to that organizations business. A person or persons within the high-level personnel of the entity must have overall responsibility for compliance with the standards and procedures. As noted above, high-level personnel include a director, an executive officer, or a person in charge of a major business or functional unit. This requirement is meant to ensure that the compliance program is taken seriously within the organization. This position is often designated compliance officer. The persons with overall compliance responsibility

B.

C.

D.

E.

F.

G.

should have direct access to the board of directors, usually through a compliance or audit committee. The organization has an obligation to exercise due diligence to ensure that individuals with substantial discretionary authority are not inclined to engage in illegal activities. This requirement means at a minimum that the organization must make efforts to determine whether persons in such positions, or proposed for such positions, have prior criminal records. In addition, reference checks of prospective employees should include an inquiry regarding any criminal conduct. The higher level the employee, or the more discretionary authority given to the employee, the more thorough the inquiry must be. In addition, many companies use regular performance appraisals to assess the their employees integrity and the quality of their compliance with the organizations standards. The entity must effectively communicate its compliance standards and procedures to its employees and agents. This requirement is usually met through required participation in regularly scheduled training education programs, or by distributing training education materials that explain the compliance standards and procedures in a practical manner. New employees should be introduced to the companys compliance standards within weeks of starting employment. Participation in all training and education activities should be documented. The organization must make reasonable efforts to achieve compliance with its standards. This goal is met through monitoring and auditing systems designed to detect criminal conduct by employees. The Sentencing Guidelines do not specify the auditing procedures required. These are left up to each company but likely involve auditing both the compliance processes and the entitys particular areas of potential vulnerability, such as billing, toxic waste disposal, or price-fixing. These areas of vulnerability will vary with each entity, depending on the type of business it is in. In addition, the Guidelines suggest that an entity have a reporting system in place, such as a "hot line," through which employees can report criminal conduct by others without fear of retribution. Many companies also encourage their employees to raise concerns with their supervisors. The organization must consistently enforce its compliance standards through disciplinary mechanisms. This requirement includes disciplining individuals who are responsible for the failure to detect an offense. Discipline must encompass high-level personnel as well as lower level employees, and should be carefully documented to show consistency and proportionality. Once an offense has been detected, the entity must take reasonable steps to respond appropriately and to prevent further similar offenses, including making modifications to the compliance program. The entity must respond quickly to make sure that the conduct is discontinued. In addition, if the organization chooses to self-report the offense to the government, it will receive the most significant benefit from self-reporting within 30 to 60 days of the discovery of the offense. Choosing to self-report an offense to government authorities is a significant decision which should be made only after careful consideration and with the advice of knowledgeable counsel. According to the Guidelines, the precise actions necessary for an effective compliance program will depend on a number of factors. These include the following, among others -The size of the organization. This is relevant in determining whether the program is sufficiently formal to actually prevent and detect violations of law. Although a compliance program for a small organization may be

relatively informal, a large organization generally will have to establish written policies and procedures for its employees. Whether the compliance program is tailored to address the types of offenses that are likely to occur in the organizations line of business. For example, an entity that handles toxic substances must have standards and procedures that ensure the safe and lawful handling of those substances. The organizations prior history. This may indicate the types of offenses that the organization should have sought to prevent. For example, a history of similar misconduct in the past casts doubt on whether the organization took all reasonable steps to prevent the current problem. The Guidelines also state that failure to incorporate and follow applicable industry practice or any standards called for by applicable government regulations will "weigh against" finding that the program is effective. II.

What Is the Impact of an Effective Compliance Program? Reduction of the fine A.


As discussed above, an effective compliance program can substantially reduce the fine imposed on an organization convicted of a crime. The three point reduction in the culpability score for an effective compliance program would reduce the score in the above fraud example from nine to six. The multipliers then would be a minimum of 1.2 and a maximum of 2.40, instead of 1.8 to 3.6. Applied to a loss of $500,000, the fine would be between $600,000 and $1.2 million as compared to a range of $900,000 to $1.8 million without an effective compliance program. B.

Deterrence and avoidance of improper conduct


An effective compliance program has benefits beyond reducing fines in the event of a conviction. The training, discipline, monitoring and auditing all serve to deter those who otherwise might be inclined to violate the law, or who might unwittingly expose the entity to criminal liability. By developing, implementing and genuinely supporting a compliance program encompassing the elements set forth in the Guidelines, business organizations -- and their employees, managers, executives and directors -- can help ensure that they are doing everything possible to conduct their business in compliance with the law.

C.

Early discovery of improper conduct


In the event the compliance program is not successful in completely deterring criminal conduct, it should uncover such conduct promptly. This effect depends on the regular, consistent and thorough auditing component of the compliance program. It is enhanced by the reporting system, which allows employees to report suspicious conduct anonymously. An entity that learns of illegal conduct must ensure that the conduct stops and may also self-report the conduct, thus leading to an additional reduction in the culpability score of up to 5 points in the event of a criminal conviction. Again, self-reporting is a very significant step, the advisability of which depends largely on the facts and the

applicable law, and should be undertaken only with the advice of counsel.

EDUCATIONAL HANDBOOK SECURITIES, MONEY LAUNDERING, AND THE USA PATRIOTS ACT
This comprehensive resource provides valuable information and tools that will help to supplement your ethics and compliance program training efforts related to Securities, Money Laundering and USA PATRIOT Act compliance. It includes a Topic Overview, Frequently Asked Questions about the topic area, a Top Ten list revealing the most important risks to your organization, rounded out by a Quiz that will help to assess your employees knowledge.

TOPIC OVERVIEW
INTRODUCTION
Given how easily vast sums of money pass through securities accounts, law enforcement authorities have increasingly focused on the securities industry as a potential haven for money laundering activity. This is especially true after the passage of the USA PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act in October 2001, which substantially increased the anti-money laundering obligations of broker-dealers in the interest of combating terrorism. Law enforcement officials know that criminals and terrorists can and do use securities accounts to transfer and disguise proceeds of illegal activities. In addition, securities fraud is a type of criminal activity that can provide the basis for money laundering allegations. Therefore, prosecutors are apt to include money laundering charges in an indictment for securities fraud. As a result, we are seeing more and more federal money laundering investigations involving broker-dealers and their employees. These investigations are no laughing matter. They can be expensive, they can damage the business and personal reputations of the people investigated, and--if they lead to a trial and conviction--the people involved can face substantial civil and criminal penalties, including prison time, fines, and forfeiture of property. This is serious business, and you need to know how to spot money laundering and how to prevent it at your firm. A number of features make the securities business an attractive target for money launderers. First, it is, by nature, international. Brokerage firms frequently have offices all over the world, and it's common for transactions to be conducted by wire transfer from, to, or through numerous countries. Second, the securities markets are highly liquid, which means that purchases and sales of securities can be made and settled quickly. Third, because compensation at securities firms is often based on sales commissions, there is, among less scrupulous brokers, an incentive to disregard the source of customer funds. Finally, in some countries, securities accounts can be maintained by brokerage firms as nominees or trustees, thus permitting the identities of true beneficiaries to be concealed. For these reasons, you need to be aware of, and sensitive to, circumstances or transactions that suggest that a securities account is being used to launder money. We'll take a look at some potential indicators of suspicious activity later on. But for now, keep in mind that you must be alert to suspicious circumstances. Otherwise, you could expose yourself or your employer to substantial criminal or civil penalties. You also need to know and understand the record-keeping and reporting requirements that apply to you. You're probably aware that you and your firm are required to report any currency transactions over $10,000 to the federal government. In addition, some broker-dealers affiliated with banks are required to adopt suspicious activity reporting procedures that may require you to report certain unusual activity in an existing customer account. Under the USA
Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

PATRIOT Act, the suspicious activity reporting requirement applies to all broker-dealers, as will specific due diligence requirements for customers in order to monitor account activity and to identify when accounts might be being used to launder money. This handbook is intended to help you understand the federal money laundering laws and the procedures many brokerdealers have adopted to ensure compliance. It is not intended to provide advice or guidance on how you should act in a particular situation. You should also understand that the money laundering laws are complex and that prosecutors are constantly seeking to expand them to apply to new situations. Moreover, not all broker-dealers have adopted the same know-your-customer and suspicious activity reporting procedures. You should therefore consult your firm's law or compliance department to determine what to do in any particular case. We'll first discuss some general background, including what money laundering is and how it works, and then follow with the specifics of the money laundering laws and how they apply to brokerage firms. We'll also cover some of the potential indicators of suspicious activity that you should watch for and how you can get to know your customer to prevent money laundering. Finally, we'll cover specific reporting and record-keeping obligations for brokerage firms and the penalties for failing to comply with the money laundering laws.

WHAT IS MONEY LAUNDERING?


I. In General Money laundering typically evokes images of drug cartels, suspicious-looking characters, and suitcases full of cash. Yet many activities and transactions we usually don't think of as money laundering may violate the law. You therefore need to know what money laundering is and how to spot it. Simply stated, money laundering is the process of making "dirty money" clean. It typically involves concealing the existence or source of funds and then disguising those funds by using them for apparently legitimate purposes. There are two kinds of dirty money. The first is money that comes directly from illegal activities, such as drug sales, gambling, larceny, bribery, and securities fraud. The second is money that comes from legitimate activities but is then concealed for an illegal purpose--for example, a businessman wants to hide legitimate income in order to evade taxes. Once it's hidden, its dirty money. II. The Stages of Money Laundering Money laundering usually involves three stages: placement, layering, and integration. Dirty money is initially placed into the banking and securities system, layered to obscure its origins, and finally integrated or reintroduced into the legitimate economy as "clean" money. These three stages often overlap, however, and should be viewed as seamless parts of a single ongoing process. A. Placement Placement occurs when dirty money--often in the form of cash--is first placed into the financial system. This can be done in several ways--for example, depositing cash directly into a bank or brokerage account, converting the cash into money orders or other cash equivalents that are then used to open an account, or funneling the cash through front businesses, such as neighborhood laundries or grocery stores, that make the actual deposits. However it's done, placement is aimed at getting the dirty funds into the system, where they can easily be moved from place to place.
Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

Remember, a money launderer who uses a brokerage account is mainly concerned with having the funds accepted into the system, and then moving them around. Investment returns are likely to be an afterthought, at best. Example 1: Jack uses his brokerage account to write and cash checks and make wire transfers, but he rarely invests in securities and seems unconcerned about their performance. This suggests that Jack may be using his account for placement rather than investment. You should report this activity to your supervisor or to your law or compliance department. B. Layering Layering is using complex financial transactions to move funds through various accounts and entities-both domestic and foreign. The purpose here is to put even greater distance between the funds and the illegal activities that generated them. By moving the funds frequently through many accounts and entities, the money launderer can further conceal their source, ownership, and location. For example, the funds might be moved through several foreign and domestic accounts and end up in an offshore company secretly controlled by the money launderer, which then uses the funds to make apparently legitimate loans to a domestic company owned by the money launderer's cousin. At each stage of the process, the source of the funds becomes more difficult to trace, particularly if the funds pass through countries with strong financial secrecy laws. This is just one simple example, however--the variety and complexity of layering techniques are virtually unlimited. Layering is often done through wire transfers, which enable the launderer to move money quickly from account to account or country to country. Layering is also the step at which the brokerage industry is most susceptible to money laundering. In short, you should be suspicious of any activity involving customer funds that makes no sense from a business or personal standpoint. If a transaction doesn't make sense to you, it may be an attempt to create a confusing paper trail to obscure the original source of the funds. Example 2: Bill is a customer of Global Brokerage. He deposits a large sum of money and then asks Ed, his registered rep, to transfer the money to an account either at the firm, another firm, or a bank for a recently formed company that lists Bill as its president. The address of the corporation is a post office box. Ed doesn't recognize the name of the corporation, and Bill hasn't explained what the corporation does. Ed should report this activity to his supervisor or to his law or compliance department, because it's possible that Bill has placed "dirty money" with the firm and then tried to use the firm to layer those funds through transfer into a corporate account. C. Integration After placement and layering, illicit funds are integrated into the general economy. Basically, the money is now being spent. This may be done through a variety of activities, such as buying homes, cars, or jewelry; buying or investing in a private business; or paying employee salaries and other routine business expenses.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

Example 3: A customer deposits a large sum of money into an account. The funds represent the proceeds of illegal drug sales. He then day-trades several different blue-chip securities so that he has effectively converted the entire value of the account into stock and back into cash in a very short period of time. The customer then asks the brokerage firm to open accounts in the names of his wife and children, gives himself discretionary authority over the accounts, and transfers the bulk of the assets from his account into the new accounts. He then writes checks from those accounts to pay for such things as a car for his wife and college tuition for his children. The illegal funds have thus been integrated. Integration can take many forms and can often appear to be legitimate business activity. You need to be aware of your customer's background and business to spot activities that might otherwise appear legitimate. Example 4: Al, a drug dealer, sets up a securities account using drug money. He buys $10,000 worth of securities through the account and pledges the securities as collateral for a loan to a fake business. Al then defaults on the loan, and the securities are liquidated to repay it. As a result, Al keeps the loan proceeds, and the lender is paid through what appears to be a standard liquidation. Al's illegal drug funds have thus been successfully laundered. D. Money laundering and the Internet You also need to be alert to money laundering through the Internet because the federal authorities know that it takes place and watch for it. Although the initial placement of illegally generated money still requires some contact between the customer and the broker-dealer, the Internet provides a fast, clean mechanism to facilitate placement, layering, and integration. Once a customer has successfully placed assets with a broker-dealer, it becomes a simple matter to transfer money, buy securities, pledge the assets, or perform any number of commercial transactions online. The transactions used to layer and integrate the funds are nothing new--they are the same old schemes that the money laundering statutes were designed to combat. The Internet simply provides a much faster and more impersonal means of laundering the funds. Example 5: Jack, a drug dealer, opens two online brokerage accounts: one with Global Online Brokerage and one with Internet Trading. He arranges to wire several thousand dollars from two bank accounts into each of the brokerage accounts, but in amounts just below reporting thresholds. He then day-trades several times, at low commission rates, netting just a little less than his opening balance. Finally, he arranges for a series of wire transfers to yet another bank account. Not once does he need to speak with anyone from either brokerage firm. Although in some ways the Internet makes it more difficult for brokerage firms to know who their customers are and whether they might be engaging in criminal activity, it can also be used to guard against money laundering. Firms can use databases and other publicly available information to learn more about online customers. Automated exception reports and other monitoring systems can also help brokerage firms and their employees better identify suspicious customer activity. Following up directly with customers who have been identified by these systems can help the firm verify the identity and activities of the customer.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

OVERVIEW OF THE MONEY LAUNDERING LAWS


Congress has passed three major laws designed to combat money laundering: the Currency and Foreign Transactions Reporting Act (Currency Act), passed in 1970 the Money Laundering Control Act of 1986 the Patriot Act, passed in October 2001

These laws require banks, broker-dealers, and other financial institutions to comply with various reporting and other requirements. They also prohibit such institutions from knowingly helping others launder funds. Let's take a closer look at these requirements. I. Currency Reporting A. In general Banks, brokerage firms, and other financial institutions must file a Currency Transaction Report (CTR) with the Internal Revenue Service for any cash transaction of $10,000 or more. The reporting rule covers any single transaction of $10,000 or more, as well as multiple transactions during the same day that total $10,000 or more. If the transaction involves currency and/or monetary instruments totaling more than $10,000 that are physically transported into or out of the United States, broker-dealers and the financial institution must file a Report of International Transportation of Currency or Monetary Instrument (CMIR) with the Commissioner of Customs. The notion underlying these requirements is that criminals deal primarily in cash while most legitimate businesses do not fear a paper trail. Reports of large currency transactions are therefore useful in helping to detect criminal activity. Although large cash transactions generally are not illegal in and of themselves, they must be reported. B. Structuring The $10,000 reporting threshold has generated a cottage industry in which low-level operatives scurry about to different banks, making cash deposits just under the $10,000 limit--a practice known as structuring, or "smurfing" (after the little blue cartoon characters that the operatives are said to resemble as they scurry from bank to bank). Structuring is illegal, and banks, brokerage firms, and other financial institutions must be alert to any efforts to evade the currency reporting requirement in this manner. Broker-dealers may be liable if an employee assists a customer in structuring a transaction to avoid these reporting requirements. For obvious reasons, transactions of $9,999 should raise suspicions. And even if you file a CTR or CMIR, you should still report any suspicious transaction to your firm's compliance or law department. Example 6: Your customer comes to you and requests that $15,000 worth of securities be liquidated and the funds wired to his U.S. bank account. You must report the wire transfer, and your employer must file a CTR.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

Example 7: Tuesday morning, a customer asks you to liquidate $5,000 worth of securities, have a check issued to bearer, and mail the check to an address overseas. Tuesday afternoon, he asks you to liquidate another $7,000 worth of securities and send the $7,000 by overnight courier to the same address. You must report this, and your employer must file a CTR and a CMIR. Remember, however, that even if no CTR or CMIR is required to be filed, multiple transactions over multiple days, even at different firms, might indicate an attempt to structure transactions to evade the reporting requirements. These transactions should also be reported to your law or compliance department. Example 8: Alan, a customer of Global Securities, deposits $8,000 into his brokerage account. As he does so, he says to Bill, his registered rep at Global, that he just deposited $6,000 at his bank earlier that day and $9,000 yesterday to his Global account. Alan also winks and says that he hates paperwork. No CTR is required to be filed because the single-day $10,000 threshold has not been reached. However, because Bill learned about the two other deposits and that Alan is probably trying to evade the reporting requirements, he should report the transactions as suspicious activity. Suspicious Activity Reporting As indicated above, banks and other financial institutions, including broker-dealers, must report suspicious activities that indicate possible money laundering. All broker-dealers are required to report suspicious activity effective January 1, 2003. Suspicious activities must be reported in writing to the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN), which is responsible for establishing, overseeing, and implementing policies to prevent and detect money laundering. The reports must be made on a government form known as a Suspicious Activity Report (SAR). Before Congress passed the USA PATRIOT Act in October 2001, the only brokerage firms required to file SARs were broker-dealer subsidiaries of banks. The NASD, NYSE, and other self-regulatory organizations (SROs) encouraged their other member firms to file SARs voluntarily, and many did so. Under the USA PATRIOT Act, all brokerage firms will be required to file SARs and to establish enhanced know-your-customer, due diligence, and other policies and procedures aimed at detecting possible money laundering. We'll take a more detailed look at these requirements--and at some examples of suspicious activities later in this handbook. You should also note that some states have their own laws requiring currency reports, SARs, or both. Helping Others Launder Money In general The ability to transfer funds into securities accounts through wire transfers or instruments such as cashier's checks or bearer securities can make it fairly easy for customers to use their accounts for money laundering purposes. For example, a drug dealer can use cash to buy money orders, then deposit the money order into a brokerage account.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

For this reason, the money laundering laws prohibit any brokerage firm or other financial institution from engaging in a financial transaction if it knows that the transaction involves the proceeds of a crime and its purpose is to conceal or disguise the nature, location, source, ownership, or control of the funds avoid federal or state currency reporting requirements through structuring promote crime evade taxes

Anyone who knowingly assists a money launderer in this way is also guilty of money laundering. Here are some examples: Assisting concealment: Example 9: Anne is a registered representative for Global Brokerage. Her customer, Phyllis, tells her that her recent profitable trade in Acme High Tech was due to inside information about Acme's just-announced merger, which she got from Acme's CEO. She asks Anne to take the money and buy 1,000 shares of a different company, XYZ Technologies, and then sell the XYZ shares the same day and buy yet another company's stock. Phyllis's requests might be attempts to conceal the source, location, and ownership of the illegal insider trading proceeds. If Anne helps her, she too may be engaging in money laundering. Assisting structuring: Example 10: Mark, a Global Brokerage customer, brings Alex, a Global registered rep, $70,000 in cash and asks him to make eight transfers of less than $10,000 each over a three-day period to other securities and bank accounts held in third-party names. He gives Alex a wink and mentions how paperwork is such a hassle. Alex knows that Mark is a drug dealer, but doesn't really care where the money came from. It turns out the cash came from the recent illegal sale of cocaine. If Alex complies with Mark's request to structure the transfers, he would be engaging in money laundering--and violating currency reporting requirements--and he could go to jail for doing so. Assisting criminal activity: Example 11: Ned, a Global Brokerage trader, enters into an agreement with other traders and officers at Company Incorporated to pump up Company's stock price by falsely touting its stock on the Internet and through market manipulation. The proceeds from this scheme are deposited into an account over which Ned has discretionary control and are used to finance a "pump-anddump" scheme on yet another stock. Ned has promoted a criminal activity--securities fraud--by using the original fraud proceeds to engage in other illegal pump-and-dump schemes. He can be found guilty under the money laundering laws and federal and state securities laws. Assisting tax evasion: Example 12: Ed, a Global Brokerage customer, tries to deposit with Bill, a Global registered rep, a check made out to Ed for $9,900. The check appears to be drawn on the account of Ed's poolhall business, Mind Your Pools & Cues. The memo line at the bottom of the check says
Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

"Repayment of Loan." Ed tells Bill that the money represents some of last year's proceeds from Ed's business, but that he hasn't reported the income on his taxes and that in fact he really didn't loan the company any money. If Bill accepts the check while knowing that Ed is trying to evade the tax laws, Bill might have also violated the money laundering laws. A. The $10,000 rule In addition to the above situations, employees of a broker-dealer can be guilty of money laundering if they knowingly receive or distribute through the broker-dealer $10,000 or more in property they know is derived from criminal activities. This is true whether or not the employee knew that the proceeds would be used for one of the purposes discussed above--for example, to promote criminal activity, to conceal the proceeds, or to avoid reporting requirements. Essentially, this law makes it illegal to engage in any transaction involving more than $10,000 in funds or other property if you know they came from criminal activity. Example 13: Bill has an account with Global Brokerage. He brings in $11,000 to deposit into his brokerage account, telling his broker, Dennis, that the funds came from his drug dealing business. Dennis really doesn't believe they will be used in further criminal activity and doesn't think the deposit was done to conceal the funds. Despite Dennis's beliefs, if he accepts the check from Bill, Dennis has probably engaged in money laundering because he knew the funds came from Bill's drug dealing and that they exceeded $10,0. B. Financial transactions For purposes of the money laundering laws, "financial transaction" includes virtually any activity involving a client's funds or account with the firm. Examples include a deposit; withdrawal; transfer between accounts; currency exchange; loan; purchase or sale of stock, bond, certificate of deposit, or other instrument; use of a safe deposit box; or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means. Although the traditional view of money laundering involves shady characters with bags full of cash, the laws are not, in fact, limited to transactions in cash or currency. Under the law, any monetary instrument is covered. These include coin or currency (of any country) as well as traveler's checks, personal checks, bank checks, money orders, and even bearer securities or other negotiable instruments. Each type of instrument involves special issues. Many broker-dealers restrict or prohibit cash deposits and third-party checks. If a customer brings you cash, you should be aware of the restrictions in effect at your firm. However, just because your firm might prohibit cash transactions doesn't mean you shouldn't worry about money laundering. As discussed later, there are special record-keeping requirements for wire transfers over $3,000 that will likely require you to report such wire transfers to your law or compliance department. And if your firm accepts third-party checks, you should know the third party and understand where or how it got the money to make the investment.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

C. Knowledge The "knowledge" standard relates to two issues: whether someone "knew" that the proceeds were from criminal activity and whether someone "knew" that a transaction was intended for one of the purposes mentioned earlier--to promote crime, for example. You might assume that there's no problem unless you actually knew these things for sure. But you would be wrong. For these purposes, "knowledge" includes more than actual knowledge--knowing, for example, that your customer's money came from a drug deal because he told you so. It also includes turning a blind eye to suspicious circumstances that indicate that money laundering may be occurring. Therefore, you should be vigilant in policing the activity in your customers' accounts. Burying your head in the sand can result in grave consequences for you and your firm. Remember, your actions and the activities of your customer may be judged later by prosecutors or judges with the benefit of "20/20 hindsight," flexible federal laws, and significant penalties. Therefore, you need to be especially careful at the outset to identify and prevent a transaction that might give rise to a money laundering prosecution. The key is to be alert to the potential indicators of suspicious activity. We'll take a closer look at these indicators when we discuss reporting suspicious activities. In the meantime, remember this: if you know what your customer is up to or choose to ignore the suspicious activity and help your customer launder dirty funds, you could find yourself being prosecuted for money laundering along with your customer. Example 14: Jack, a registered rep, gets a new client, Brian, who claims he's a student who works part time at the local convenience store to help pay for college. After about two weeks of little trading activity, Brian deposits more than $100,000 into his account over three days. He then asks Jack to wire the funds to a bank account in the Cayman Islands. Jack asks Brian where the money came from, but Brian simply tells Jack not to worry about it. Jack decides he won't probe any further, because he just doesn't want to know. Jack also tells Brian that his firm must report the transaction because it's greater than $10,000. Brian hesitates at first and then suggests that Jack transfer the funds in 11 increments of $9,000 and one $1,000 transfer. Jack, although now very suspicious, agrees to transfer the funds. If it turns out that Brian was engaged in criminal activity, Jack could be convicted of violating the money laundering laws. This is a high price to pay for ignoring some rather obvious suspicious activity. One other thing: it might seem obvious, but if you're told by a customer that cash or other proceeds are from criminal activity, and you nonetheless engage in a transaction or transfer for the customer, you have probably violated the money laundering laws. This is true even if the person you're dealing with turns out to be a government informant or undercover law enforcement agent. These kinds of "sting" operations are permitted to find and punish people who are willing to launder money on a criminal's behalf.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

D. International transfers Although we'll discuss other potential indicators of suspicious activity later, one thing you should watch out for is where the money is going to or coming from. Some countries may be very susceptible to money laundering--for example, because they have strict bank secrecy laws, encourage foreign investment without asking many questions, or have few resources available to police such activity. The U.S. government has begun focusing on transfers to accounts in certain countries, warning banks and other financial institutions to be particularly vigilant about transactions involving these destinations. The targeted countries currently include the Cook Islands Dominica Egypt Grenada Guatemala Hungary Indonesia Marshall Islands Myanmar Nauru Nigeria Philippines Russia St. Vincent and the Grenadines Ukraine

The money laundering laws are even stricter when it comes to international transfers. If you know that an international transfer is being made as a way to further criminal activity, it is considered money laundering even if the funds were legitimately acquired. Therefore, you should be especially wary of any request to wire or otherwise transfer money to or from accounts in the listed places. You should also be on the lookout for places that are not on this list but that may be susceptible to money laundering. Example 15: Tom, a drug dealer, has a securities account at Global Brokerage. He inherits $20,000 from a rich uncle. Tom deposits the funds in his securities account and has his registered representative, Mark, wire transfer the money to his bank account in Panama. Tom tells Mark that he's transferring the money so he can use it to pay for illegal drugs that he will bring into the United States. Even though Tom got the money legitimately, the transfer of the funds outside the United States for the purpose of furthering Tom's drug business is illegal, and both Tom and Mark are guilty of money laundering.

SUSPICIOUS ACTIVITIES AND KNOW-YOUR-CUSTOMER ISSUES


Because money laundering laws are so broad and don't allow financial institutions to turn a blind eye, knowing your customer is critical to preventing money laundering problems. You must therefore be sure to follow the know-yourcustomer procedures in effect at your company. In addition, it's up to you and your employer to police activity in securities

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

10

www.eca.lrn.com

accounts for suspicious behavior, and--when you detect such behavior--to prevent it from occurring. The best way to do this is to monitor the customer's use of the account and determine whether it's consistent with the relevant information regarding the customer's financial and securities sophistication, investment history, and investment strategy. I. Suspicious Activity Reporting A. In general Many firms have adopted procedures designed to ensure compliance with money laundering laws. These procedures are commonly referred to as the know-your-customer and Suspicious Activity Reporting (SAR) rules. They are modeled on the rules that apply to banks and broker-dealer subsidiaries of banks. You're probably familiar with the know-your-customer rules already in place at your firm for suitability and other purposes. While similar to FinCEN's rules in some respects, they may differ in others. Therefore, it's likely that your firm may already have specific policies and procedures that apply to you, and it's important for you to understand and follow those policies and procedures. In addition, the NYSE and NASD have urged member firms to adopt suspicious activity reporting procedures and to discipline members who fail to have procedures in place to detect and report suspicious activities. B. Reporting requirements Until January 1, 2003, the details of what you need to report will depend on whether you work for a broker-dealer that is a subsidiary of, or affiliated with, a bank. Broker-dealers that are bank subsidiaries are already subject to FinCEN rules and must report any known or suspected involvement by an officer, director, or employee of the broker-dealer in criminal activity involving transactions through the broker-dealer any suspected or known criminal activity when the amount of money involved is $25,000 or more in transactions through the broker-dealer regardless of whether a suspect can be identified any transaction or transactions equaling $5,000 or more that involve potential money laundering or violations of the transaction reporting requirements any transaction or transactions equaling $5,000 or more when the transaction has no business or apparent lawful purpose or is unusual for the customer, and the institution, after reasonable investigation, has no explanation for it

Bank broker-dealers must report any attempt to engage in these activities as well as the activities themselves. After January 1, 2003, under the USA PATRIOT Act regulations, all brokerage firms, regardless of whether they are affiliated with a bank, are required to file a SAR for any transaction conducted or attempted by, at or through a broker-dealer involving (separately or in the aggregate) funds or assets of $5,000 or more for which the broker-dealer detects any known or suspected federal criminal violation involving the firm, or the firm knows, suspects, or has reason to suspect that the transaction involves funds related to illegal activity is designed to evade the regulations, or

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

11

www.eca.lrn.com

has no business or apparent lawful purpose and the firm knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction

It's expected that the Treasury Department will issue regulations on SAR reporting soon that may provide additional guidance. The $5,000 reporting threshold doesn't mean that illegal activity involving less than that amount need not be reported. You should report any suspicious activity you discover to the appropriate contact person in your firm, regardless of the amount involved. Your firm will decide under what circumstances it will file the SAR. As a general matter, to protect yourself and your firm, and regardless of the $5,000 threshold, if you suspect that criminal activity is occurring at or through your firm, you should report the activity to your law or compliance department. In addition, you should be alert for suspicious activities in areas of your firm where you might not typically expect money laundering to occur. For example, you may work for a clearing broker--a firm that clears securities transactions for other firms (introducing brokers). While a clearing agreement will set forth the respective responsibilities of the clearing and introducing broker to adopt and follow know-your-customer procedures and to detect and report suspicious activity, such responsibilities generally remain with the introducing broker. The clearing broker's responsibility will typically not extend beyond producing reports (such as exception reports) that may assist the introducing broker to fulfill its responsibilities regarding know-your-customer procedures and suspicious activity reporting. Nevertheless, particular situations may arise that will alter that division of responsibility: if, for example, the clearing broker discovers that certain customers of the introducing broker, or the introducing broker itself, is engaged in money laundering, or if there is a particularly close relationship between the introducing and clearing brokers. In such cases, the clearing firm might have knowledge of customer transactions or other activities that point to possible money laundering violations. Therefore, if you're not sure what to do in a particular situation, report any instances in which you believe money laundering might be occurring at the introducing broker to your law or compliance department. Finally, if the firm reports a particular suspicious activity, it's illegal for you to tell the customer. In addition, it's illegal to disclose the SAR, or the fact that a SAR was filed, except to law enforcement agencies or securities regulators. C. Reporting safe harbor If you're not sure whether something is suspicious, you should inform your law or compliance department. The reporting laws contain a safe harbor for firms and their employees who report suspicious activities. This means that if the firm reports to the authorities what it believes to be a customer's suspicious activities, the firm and its employees are generally protected from a lawsuit brought by the customer for reporting the activity, even if it turns out to be legitimate. You should, however, have a good-faith suspicion that the law may have been violated and that the account or accounts are connected to the suspicious activity. In other words, you are not allowed to abuse the safe harbor. D. Examples of suspicious activities While it's impossible to list every potential situation that may be deemed suspicious, the activities can be segregated into two general categories: customer information and customer account activity.
Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

12

www.eca.lrn.com

Here are some of the potential indicators of suspicious activity that you should be alert to concerning customer information: The customer seems unusually concerned about privacy. She is reluctant to provide routine information about identity, source of funds, business activities, and bank references that you would expect a customer to provide as part of normal account-opening documents. The customer provides information that is false or suspicious when verified. Examples include a phone number being disconnected, an address listed as a business address being in a vacant building, or an office space that seems inconsistent with the description of the business. The customer is reluctant to proceed when informed of currency reporting requirements. The customer withholds information necessary to complete required transaction reports. The customer refuses to identify or fails to indicate any legitimate source for the funds or other assets. The customer's appearance or demeanor is unusual or the customer acts excessively nervous under the circumstances. The customer is introduced by an overseas agent, affiliate, or other company based in a country that's known for drug trafficking, terrorism, or money laundering. The customer has no apparent reason for opening an account or using the firm's services, or for maintaining an account in a particular geographic region--for example, there's an office closer to the customer than the one the customer uses. The customer is the subject of news reports or rumors indicating that he is engaged in illegal activities or is under investigation by a government agency. The customer claims to be an agent (such as a lawyer or accountant) for someone else but does not reveal the identity of his principal or permit you to speak to him. The customer has difficulty describing his business or lacks general knowledge of his industry. The customer is from, or has accounts in, a country identified as a noncooperative country or territory by the Financial Action Task Force (FATF), which is an international organization of several countries, including the United States, dedicated to combating international money laundering. Here are some examples of customer transactions or account activity that might be suspicious under the circumstances: The customer wants to engage in transactions that lack business sense or apparent investment strategy, or that are inconsistent with the customer's stated business strategy. The customer engages in transactions that appear to be beyond his needs. The customer opens multiple accounts under different names or different business names, then makes deposits of just under $10,000 in each of them at the same time. The customer has multiple accounts under a single name or multiple names, with a large number of interaccount or third-party transfers. The customer tries to pay by using third-party checks. The customer opens an account using sequentially numbered monetary instruments that were purchased the same day and are just under bank reporting thresholds (for example, $9,900). The customer makes frequent deposits or withdrawals of large amounts of money for no apparent business or personal reason, or for a business that does not generate such large amounts of money.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

13

www.eca.lrn.com

The customer attempts to make frequent or large deposits of cash, insists on dealing only in cash equivalents, or asks for exemptions from the firm's policies relating to the deposit of cash and cash equivalents. The customer frequently deposits funds in the account and immediately requests wire transfers to another city or country, when such activity is inconsistent with her business or personal activities. The customer frequently receives wire transfers from another city or country and purchases securities for payment to, or for the benefit of, a third party. Wire activity in the customer's account increases compared to prior account activity. The customer begins wiring funds to another country when such transactions have not occurred before or are inconsistent with past customer behavior. The customer engages in transactions at unusual times from unusual places. The customer doesn't show concern regarding risks, commissions, or other transaction costs. The customer makes wire transfers to countries such as the Marshall Islands, Russia, or other countries identified as havens for money laundering when such transfers are inconsistent with personal or business activities. The customer attempts to deposit bearer securities, third-party checks, or foreign bank drafts. The customer makes a funds deposit for the purpose of purchasing a long-term investment followed shortly thereafter by a request to liquidate the position and transfer the proceeds out of the account. The customer engages in excessive journal entries between unrelated accounts without any apparent business purpose. The customer requests that a transaction be processed in a way that avoids the firm's normal documentation requirements. The customer, for no apparent reason or in conjunction with other potential indicators of suspicious activity, engages in transactions involving certain types of securities, such as penny stocks, Regulation S (Reg S) stocks, and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. The customer's account has inflows of funds or other assets well beyond the known income or resources of the customer. Large international funds are transferred to or from the accounts of a domestic customer in amounts and of a frequency that are not consistent with the nature of the customer's known business activities. A customer consistently uses third-party checks to pay for transactions.

Example 16: Susan goes to Global Brokerage to open a securities account. She claims to run a small delivery service. Soon afterward, she forms companies in Switzerland and the Cayman Islands that appear to have no viable operations, and wire transfers funds from the securities accounts to accounts held in those companies' names. This should be enough for Global to suspect that money laundering might be occurring. Example 17: Jake claims to run a small dry-cleaning business. He opens a securities account with you and deposits $1 million into the account. He and his wife drive expensive cars, buy and sell cars frequently, dress in expensive clothes, own an expensive house, flash large amounts of cash, and appear not to spend much time during the workday at their jobs. They also deposit and withdraw substantial amounts of cash into and out of their account. This should be more than enough for you to question whether Jake and his wife are using the securities account to launder funds from criminal activities and whether you would be giving them substantial assistance.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

14

www.eca.lrn.com

Example 18: Mark opens an account and provides the same address for his home and business. He deposits a large sum of money into the account. Mark is only willing to give you the number of a cell phone, not a landline. When you ask for another number, he gives you what purports to be an office number, but you can never reach him at that number. These are potential indicators of suspicious activity, and you should either follow up to get more information or report your concerns to your law or compliance department. II. Know-Your-Customer Procedures A. In general Each of the examples above might, either by itself or in combination with others, indicate that a customer is engaging in illegal activity. Some of the examples are obviously suspicious, while others are not so obvious but--depending on the circumstances--still might indicate illegal activity. Of course, customers might also have legitimate reasons for acting in a particular manner. To tell the difference between actions taken by a customer for legitimate as opposed to illegal reasons, you need to have a good understanding of your customer and his needs. This will come from adequately knowing your customer. Many firms have procedures in place to ensure that you know your customer not only to comply with the securities laws, but also to help you spot suspicious activities that might point to money laundering or other crimes being committed by customers. The know-your-customer procedures are similar to the know-your-customer policies you may be required to follow in connection with determining whether securities are suitable for your customers. This makes sense, because if a customer is engaging in certain activity that appears to be unsuitable for the client based on everything you know, one possibility is that the customer is using a securities account to launder money or to engage in some other illegal activity. B. How to get to know your customer Set forth below is a general outline of know-your-customer procedures. Your firm has probably adopted its own procedures, so you should consult your compliance or law department about the specific procedures that apply to you. The goal of any know-your-customer procedure is to make reasonable efforts to determine the true identity of all customers and the ownership of all accounts identify the source of funds used by the customer to open an account and pay for trades monitor the account--both transactions and the flow of cash and assets to and from it--for activity disproportionate to the customer's apparent means, business, or background While your broker-dealer employer will likely have its own procedures for what you need to do to know your customer, all firms have certain minimum obligations under both the securities laws and the USA PATRIOT Act. Each firm must obtain certain information from its customers when opening an account, including the customer's name and residence whether the customer is of legal age

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

15

www.eca.lrn.com

the signature of the registered representative introducing the account and the signature of the member or partner, officer, or manager who accepts the account if the customer is a corporation, partnership, or other legal entity, the names of any persons authorized to transact business on its behalf

Rules issued by the SEC and the Treasury Department require that firms set up a customer identification program (CIP) to accomplish those things. Let's review some of the CIP's basics. First, they apply to any customer--that is, anyone who opens a new account or who is granted trading authority with respect to an account. So, for example, a person who already had an account when the CIP rules became effective isn't considered a customer for purposes of the rule. However, if that person opens a different account--such as a customer who has a cash account opening a margin account--that person becomes a customer and the CIP requirements would apply to him. The same holds true if a customer already has trading authority over one account, but is granted authority over another account. The rules apply to individuals as well as to all corporations and other organizations or entities. Under the CIP rules, you must get each customer's name, date of birth (if an individual), address, and documentary number (such as a social security number or taxpayer ID). You must also keep copies of documents used to gather and verify this information, such as copies of a valid driver's license for an individual or articles of incorporation for a company. You should then determine whether additional identifying information is required to reasonably believe the true identity of each customer. The specific rules you need to follow will be in your firm's CIP, so be sure to know what applies to you. In addition, prior to settlement of an initial transaction in the account, a firm is required to make a reasonable effort to get the following additional information (for accounts other than institutional accounts and accounts in which investments are limited to transactions in open-end investment company shares not recommended by the firm or its associated persons): tax identification and social security number occupation name and address of employer whether the customer is an associated person of another member firm

Under the USA PATRIOT Act, firms are required to verify the identity of any customer seeking to open an account keep records of information to verify a customer's identity check that a customer does not appear on any list of know or suspected terrorists or terrorist organizations such as those on the Treasury Department's Office of Foreign Assets Control (OFAC) website under "Terrorists" or "Specially Designated Nationals and Blocked Persons" (SDN List), or on the list of embargoed countries and regions

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

16

www.eca.lrn.com

Here are some sources and methods for gathering and keeping this information: For a customer who is an individual, get a driver's license, passport, government identification, alien registration card, major credit card, or other common form of identification. For a business, get evidence of legal status and authority (incorporation documents, partnership documents, resolutions, business licenses, and so forth). Complete a customer profile. Find out the customer's occupation (or the line of business for a company), investment experience, investment goals, age, financial sophistication, family circumstances, and so forth. Identify the customer's other securities accounts with the firm, including accounts in the names of others over which the customer has control. Look at the trading in those accounts. Has the customer moved large amounts of money in and out of those accounts? Engaged in frequent wire transfers? Engaged in foreign transactions? This may warrant additional investigation. Find out the customer's financial information. What is the customer's net worth and the net worth of immediate family members? What are the customer's assets, liabilities, income, and expenses each year? What is the customer's liquidity? Are the customer's income and financial position consistent with his stated occupation? Particularly if the customer is opening an account for a limited partnership, corporation, trust, or other third party, verify that the customer has authority to open the account and verify the identity of the beneficiary, if any, or the third party. Verify the source of the funds the customer is using to open an account or pay for trades. Be wary of customers who open accounts when there are other brokers closer to them. Ask these customers why they didn't open accounts with other brokers. Get personal and business references.

In addition, depending on the circumstances, you may want to use some or all of the following techniques to verify customer information when opening an account: Check phone numbers and addresses by telephoning or visiting the customer to thank her for opening the account. Investigate disconnected phone numbers and incorrect addresses further. Businesses that you find out don't exist or that don't appear to provide the services indicated are also suspicious and warrant further investigation. Check the customer's personal or business income, perhaps by your firm requesting tax forms or running a credit check. In consultation with your law or compliance department, consider whether a report should be requested from a private credit agency--for example, if the customer engages in significant margin activity. For a business, ask for financial statements, annual reports, marketing brochures, a description of the business, a list of suppliers and customers and their location, and a description of the locales in which the company does business (paying particular attention to whether it conducts international transactions). Conduct a search of available online databases or newspapers, periodicals, and other public information. Check with the local chamber of commerce or retrieve public filings with the Securities and Exchange Commission when appropriate. For a business, ask for information supporting the expected volume of funds generated. Gets an understanding of the customer's likely trading patterns so that you can detect deviations from them later.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

17

www.eca.lrn.com

You should verify identification information at the time the account is opened, or within a relatively short period after--for example, within five business days after opening the account. If a customer refuses to provide the information, or appears to have intentionally provided false or misleading information, contact your law or compliance department before opening the account to seek guidance. Depending on the circumstances, some additional information may be useful for certain kinds of accounts. Below is a partial list and the types of information you may want to consider gathering when opening the account: Nonresident alien account: Get a current passport number or other valid government identification number, and all necessary U.S. tax forms. Also consider whether even more information is necessary, depending on which country the customer comes from. Domestic trusts: Identify the principal ownership of the trust. Also get information regarding the authorized activity of the trust and who is authorized to act on behalf of it. Personal investment corporations or personal holding companies: Identify the principal beneficial owners of offshore corporate accounts in which the accounts are personal investment corporations or personal holding companies. Try to identity who the beneficial owners are and where they're located. You may need additional due diligence depending on the entity's location in particular countries. Offshore trusts: Identify the principal ownership of a trust established in a foreign jurisdiction, and consider additional due diligence for trusts located in countries known to have lax oversight of trust formation.

C.

Institutional accounts, hedge funds, investment funds, and other intermediary relationships Simply because a customer is an institution doesn't mean that your anti-money laundering obligations have ended. Although institutional business differs from traditional retail business, this simply means that some of your anti-money laundering procedures will differ. In fact, even if an institution doesn't represent a credit risk to the firm because transactions are conducted on a delivery vs. payment (DVP) basis, you may still need to conduct appropriate due diligence to satisfy your anti-money laundering procedures. The due diligence obligations under know-your-customer rules for institutional accounts is a good place to start. Also consider getting information about the institution's customers or its intermediary's authority to act on behalf of the underlying client, as well as whether the institutional client or intermediary has policies and procedures of its own to know its own clients. Some things to consider when deciding what additional due diligence is appropriate for an institutional customer include whether the institution or its intermediary has established anti-money laundering policies and procedures your firm has prior experience with the customer or done business with it the customer is a registered financial institution based in a major regulated financial center or is a registered financial institution located in an FATF jurisdiction the customer has a reputable history in the investment business

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

18

www.eca.lrn.com

the customer is from a jurisdiction characterized as an offshore banking or secrecy haven or is one of the countries identified as being non-cooperative with international efforts to combat money laundering

D.

Special issues relating to correspondent accounts 1. Correspondent accounts with foreign shell banks It's illegal for a broker-dealer to establish, administer, or manage a "correspondent account" in the United States for an unregulated foreign shell bank. A correspondent account is an account established to receive deposits from, make payments on behalf of a foreign bank, or handle other financial transactions related to such a bank. Note that this definition is different from the one for correspondent brokerage accounts. A foreign shell bank is a foreign bank with no physical presence in any country. If you discover or suspect that you might be maintaining or establishing a correspondent account for a foreign shell bank, contact your law or compliance department for guidance. Due diligence for correspondent accounts with foreign banks For correspondent accounts with foreign banks that aren't shell banks, your firm is required to maintain records identifying the owners of the bank and the name and address of an agent residing in the United States who is authorized to accept service of legal process for the bank. It's also likely that your firm has a model certification issue by the Treasury Department that the foreign bank must complete. The form generally asks the foreign bank to confirm that it is not a shell bank and to provide the necessary ownership and agent information. The firm is required to recertify, if relying on the certification form, or otherwise verify any information provided by each foreign bank, at least every two years or at any time the firm has reason to believe that the information is no longer accurate. Under the USA PATRIOT Act, firms must establish appropriate, specific, and--when necessary-enhanced due diligence policies, procedures, and controls to detect and report money laundering for any foreign bank correspondent account. At a minimum, for foreign banks licensed by highrisk countries or operating under an offshore banking license, your firm needs to take steps to determine the ownership of the foreign bank conduct enhanced scrutiny of the account to report and detect suspicious activity determine whether the foreign bank maintains correspondent accounts for any other bank, and if so, the identity of those banks

Special due diligence for private banking accounts The USA PATRIOT Act also requires special due diligence for non-U.S. citizens who have private banking accounts with the firm. A private bank account is an account (or combination of accounts) that requires an aggregate deposit of funds or other assets of more than $1 million established on behalf of one or more individuals who have a direct or beneficial ownership interest in the account, and is assigned to, or administered by, in whole or in part, an officer, employee, or agent of a financial institution as a liaison between the institution and the direct or beneficial owner of the account.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

19

www.eca.lrn.com

For private banking accounts, firms are required to take steps to determine the identity of the nominal and beneficial account holders, and the source of the funds deposited into, the account. If the account is for a senior foreign political figure, or any immediate family member or close associate of a senior foreign political figure, enhanced due diligence is required. The enhanced scrutiny should be designed to detect and report transactions that may involve the proceeds of foreign official corruption, such as bribery. Check your firm's procedures for the due diligence requirements that apply to you if you handle correspondent accounts for foreign banks.

RECORD-KEEPING REQUIREMENTS SPECIFIC TO BROKER-DEALERS


In addition to the records that broker-dealers must keep under the federal securities laws, certain currency or foreign transactions have specific record-keeping requirements. First, all financial institutions, including broker-dealers, must keep records of, among other things each extension of credit in excess of $10,000, unless it's secured by real property each instruction received or given regarding any transaction resulting in the transfer of currency or other monetary instruments or securities of more than $10,000 to or from any person, account, or place outside the United States (and cancellations of any such instructions if cancellation records are normally made) each advice, request, or instruction given to another financial institution or other person located in or out of the United States regarding a transaction intended to result in the transfer of funds, currency, other monetary instruments, or securities of more than $10,000 to a person, account, or place outside the United States

Broker-dealers must also keep, for each account, a record of the account holder's taxpayer identification number the identity of any nonresident account holder, either by recording the person's passport number or a description of some other government document used to verify his identity each document granting signature or trading authority over the account all transfers of currency, other monetary instruments, or securities of more than $10,000 out of the United States receipt by the firm of currency, other monetary instruments, or securities of more than $10,000 from outside the United States

For any wire transfer or other transmittal of funds that exceeds $3,000 that you send or receive for a customer, your firm must keep records of the following information for five years: the transmitter's name and address the amount of the transaction the execution date of the payment order the payment instructions from the transmitter received with the payment order the identity of the recipient's financial institution the name, address, account number, and any other specific identifier of the recipient, if received with payment order

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

20

www.eca.lrn.com

This record-keeping requirement travels with the wire transfer, so that if a broker-dealer acts as an intermediary, it is required to retain a copy of the transmittal order and must include in the corresponding transmittal order all the information it received from the sender. The information must be retrievable by the customer's name and account number, the sender's name and account number (for the sender's broker-dealer), and the recipient's name and account number (for the recipient's broker-dealer). While there are exemptions to the record-keeping requirement relating to wire transfers, you should not rely on an exemption without first consulting your law or compliance department. Therefore, when a customer asks you to make a wire transfer over $3,000, you should notify your law or compliance department. Remember, while these are recordkeeping requirements and not reporting requirements, any suspicious wire transfer--no matter how large or small--must be reported.

PENALTIES
It's probably apparent by now that law enforcement takes money laundering violations seriously. In fact, the penalties for violating the money laundering statutes are severe. Depending on the circumstances, fines against companies can be as high as $500,000 per violation or twice the amount of the property involved in the financial transaction. Individuals are subject to the same fines, as well as up to 20 years in prison. Even the penalties for violating the reporting requirements are harsh. An individual's willful failure to report $10,000 transactions is punishable by fines of up to $250,000, up to five years in prison, or both. A false statement or misrepresentation made on a report can carry a fine of up to $10,000, five years in prison, or both. The law even says that if the violation of the reporting statutes is part of a pattern of illegal activity involving more than $100,000 in a 12-month period, the fine can double up to a maximum of $500,000, ten years in prison, or both. Finally, even if you're not criminally prosecuted, civil penalties can be assessed for each willful failure to file a report, up to the greater of $25,000 or the amount involved in the transaction, up to $100,000.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

21

www.eca.lrn.com

FREQUENTLY ASKED QUESTIONS ABOUT MONEY LAUNDERING, SECURITIES, AND THE USA PATRIOTS ACT
1. If my firm prohibits cash transactions, do I still need to worry about money laundering? Yes. Many brokerage firms have placed restrictions on cash deposits to discourage cash-based money laundering, but money laundering can take place with traveler's checks, personal checks, bank checks, money orders, bearer securities, and other negotiable instrumentsand funds that are in purely electronic form, too. 2. Can suspicious activity on the Internet be detected? Yes. Account-monitoring software, pattern recognition programs, and automated exception reporting systems can help identify it. 3. If a client tells me that the money in his account resulted from illegal activities, can I still execute transactions in the account? No. If you engage in any kind of transaction with such an account, you may be helping the customer launder money. You must report what you know to your supervisor or compliance department. They'll tell you what to do. 4. Which countries are known as money laundering havens? The Cook Islands, Guatemala, Indonesia, Myanmar, Nauru, Nigeria, and the Philippines. 5. Why is the securities business attractive to money launderers? First, it's international. Brokerage firms often have offices all over the world, making it easy to conduct wire transfers to other countries. The securities markets are also highly liquid, which means that purchases and sales of securities can be quickly made and settled. Compensation in securities firms is often commission-based, so there's a built-in incentive to disregard the source of customer funds. And brokerage accounts can be maintained as nominees or trustees, concealing the true identities of the beneficiaries. 6. Can clean money become dirty? Yes. All money starts out clean. But people with clean money can use it to evade legal obligations, such as taxes. They may try to hide it and report to the government less money than they make. Or they may hide the money to avoid other legal obligations such as divorce decrees and court judgments. Once hidden, such money becomes dirty. 7. How much money gets laundered? It's estimated between $590 billion and $1.5 trillion each year. 8. What's the point of "layering" dirty money? The point of layeringmoving money from one account to another, or from one form to anotheris to create a confusing paper trail that makes it more difficult to trace dirty money back to its original criminal source.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

22

www.eca.lrn.com

9. Can dirty money be integrated into a business? Yes. It can be integrated into a business, and thus into the economy, by being used to buy or invest in a private business, pay employees, or purchase supplies. 10. Why does the $10,000 reporting requirement focus on cash? Criminals deal mostly in cash to avoid leaving a paper trail. Reports of large currency transactions are therefore useful in helping to detect criminal activity. 11. Are other types of financial institutions covered by the money laundering laws? Yes. The laws apply to all types of financial institutions: banks, broker-dealers, investment banks, currency exchangers, insurance companies, casinos, and others. 12. What kinds of securities industry crimes are covered by the money-laundering laws? Almost any securities industry crime you might think of is covered, including insider trading, market manipulation, wire fraud, and mail fraud. 13. Am I still guilty of money laundering even if a transaction I engage in wasn't specifically intended to conceal or structure funds, evade taxes, or promote another crime? Yesif it involves $10,000 or more and you know the money came from a criminal activity. Just engaging in transactions with such money is a crime, so the government only needs to prove that you handled dirty money, knowing it was dirty. 14. What does it mean to "know" something under the money laundering laws? You "know" about money laundering activities if you have actual knowledge of them, or even if you just turn a blind eye to suspicious circumstances that indicate that they may be occurring. The law here is concerned with whether someone knows that money being used is derived from a crime or that a transaction is designed to conceal the true nature of money, or to avoid federal or state reporting requirements. 15. Under the money laundering laws, do you "know" something only if someone tells you about it? No. The term "know" extends beyond the situation in which someone has told you about something. What you "know" can be proven by circumstantial evidence. Evidence that you turned a blind eye to your customer's activities and ignored red flags that indicated money laundering could implicate you in a crime. 16. Can I be convicted of money laundering just for ignoring red flags indicating suspicious activities? Yes. If you know what your customer is up to or choose to ignore red flags while assisting your customer in laundering money, you could find yourself being prosecuted for money laundering. 17. Can money laundering occur with any kind of financial instrument? Yes. Money laundering is not limited to cash transactions. It can involve stocks, bonds, and any other form of financial instrument, as well as electronic funds.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

23

www.eca.lrn.com

18. What is a correspondent account? It's an account established to receive deposits from a foreign bank, make payments on behalf of a foreign bank, or handle other financial transactions related to such a bank. Note that this definition of a correspondent account is different from the definition of a correspondent brokerage account. A foreign shell bank is a foreign bank with no physical presence in any country. 19. I work for a clearing broker. Should I be concerned about money laundering at one of our introducing brokers? Yes, while a clearing agreement will set forth the respective know-your-customer and suspicious-activity reporting responsibilities, the clearing broker's responsibility will typically not extend beyond producing reports (such as exception reports) that may help the introducing broker fulfill its responsibilities. Nevertheless, situations may arise that will alter that division of responsibilityif, for example, the clearing broker finds that certain customers of the introducing broker, or the introducing broker itself, is laundering money. Then the clearing firm might have knowledge of customer transactions or possible money laundering violations. 20. What should I do if I suspect illegal activity but the transaction is under $5,000? The $5,000 reporting threshold doesn't mean that illegal activity involving less than that amount shouldn't be reported. You should report any suspicious activity you discover to the appropriate contact person in your firm, regardless of the amount involved. Your firm will decide under what circumstances it will file the SAR. 21. I work with institutional customers. Do I need to be concerned about money laundering? Yes. Institutional business differs from traditional retail business, but that just means some of your anti-money laundering procedures will differ. In fact, even if an institutional customer doesn't represent a credit risk to the firm because transactions are conducted on a delivery vs. payment (DVP) basis, you still need to conduct appropriate due diligence to satisfy your anti-money laundering procedures. 22. What is FinCEN? In 1990, the U.S. Treasury Department created the Financial Crimes Enforcement Network (FinCEN) to establish, oversee, and implement policies to prevent and detect money laundering. FinCEN acts as a central depository for reports filed by financial institutions. While FinCEN is an agency of the Treasury Department, it provides intelligence information to many law enforcement agencies, such as the Justice Department, enabling them to track criminals and their assets and to develop new strategies to curb money laundering. 23. What are some of the red flags I should look for regarding customer information? Watch for a customer being unusually concerned about privacy, providing information that proves to be false or suspicious when checked, being reluctant to proceed when informed of currency reporting requirements, withholding information necessary to complete required transaction reports, and being the subject of news reports or rumors that indicate illegal activities or investigation by a government agency. You can see more examples in the handbook.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

24

www.eca.lrn.com

24. What are some of the red flags I should look for in customer account activity? While it's impossible to list every potential situation, some examples include a customer opening a number of accounts under different names, then making deposits of less than $10,000 in each simultaneously; making frequent deposits or withdrawals of large amounts of money for no apparent business or personal reason; frequently depositing funds into an account and immediately requesting wire transfers to another city or country when there isn't a clear connection between the transfers and the customer's business or personal activities; and consistently using thirdparty checks to pay for transactions. You can find more examples in the handbook. 25. Does the law protect me if I report suspicious activity and I'm wrong? Yes. If a firm reports a customer's suspicious activity to the authorities, both the firm and its employees are generally protected if the customer sues them for reporting it. Don't make such a report, however, unless you have a good-faith suspicion that the law may have been violated and that the account or accounts are connected to the suspicious activity. In other words, you aren't allowed to abuse the protection. 26. What are some of the due diligence steps I can take for correspondent accounts with foreign financial institutions? First, you can determine whether the account is subject to enhanced due diligence requirements and if there's a significant risk of money laundering. You may also consider public information from U.S. government agencies and multinational organizations regarding regulations applicable to the institution, as well as any guidance issued by the U.S. Treasury Department or your functional regulator (such as the SEC or state insurance commissioner) about money laundering risks associated with specific institutions and types of accounts. Another tactic is to review public information to determine whether the institution has been the subject of criminal enforcement or regulatory action related to money laundering. 27. What is a private bank account? It's an account (or a combination of accounts) at any financial institution, not just a bank. It requires a combined deposit of funds or other assets of more than $1 millionestablished on behalf of one or more individuals who have a direct or beneficial ownership interest in the accountand is assigned to or administered, whole or in part, by an officer, employee, or agent of a financial institution, who acts as a liaison between the institution and the direct or beneficial owner of the account. 28. What is the USA PATRIOT Act? In October 2001, the President signed into law the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act, with the goal of creating a number of mechanisms to combat international terrorism. Among other things, the law significantly expanded companies' obligations to detect and prevent money laundering. Its anti-money laundering provisions apply to all money laundering activities, not just to those related to terrorism.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

25

www.eca.lrn.com

TOP TEN THINGS TO REMEMBER ABOUT MONEY LAUNDERING, SECURITIES, AND THE USA PATRIOT ACT
1. Money launderingconverting dirty money into clean moneyis illegal. Dirty money is money gained from crime. Laundering it is also a crime. Even assisting others in money laundering is illegaland not reporting your suspicions of money laundering activity can be seen as assisting in the crime, as well. 2. You could inadvertently become involved in money laundering during any of its three stages. Broker-dealers can be caught up in money laundering schemes while helping clients deposit, transfer, or spend their money to purchase securities. They're usually involved at the stage in which money is transferred from one account to another. 3. Penalties for money laundering can be severe for both individuals and their companies. Depending on the circumstances, fines against companies can be as high as $500,000 per violation or twice the amount of the property involved in the transaction. Individuals are subject to the same fines, as well as up to 20 years in prison. Even the penalties for violating the reporting requirements are harsh: an individual's willful failure to report $10,000 transactions is punishable by fines of up to $250,000, five years in prison, or both. Finally, the government can seize and require forfeiture of any property that was part of a money laundering offense or that is otherwise "traceable" to it. 4. "Looking the other way" may make you an accomplice to the crime of money laundering. What you "know" about your customer's accounts may legally include what you can infer about any suspicious information or account activity. Reporting your suspicions about illegal activity is always safer than ignoring what may be criminal behavior. Turning a blind eye may implicate you in the crime. 5. If you suspect that criminal activity is occurring at or through your firm, report it to your law or compliance department. To protect yourself and your firm, you should be alert to suspicious activity that may indicate that money laundering or other crimes are being committed. If you're not sure what to do in a particular situation, it's best to go ahead and report any suspicious activities. If it turns out that you were wrong, you and your firm will be protected from lawsuits as long as your report was made in good faith. 6. Be suspicious if your customer intentionally provides incomplete or deceptive information. Information that a customer provides reluctantlyor that is falsemay indicate an attempt to cover up illegal activity. It can be the first sign that the customer is trying to launder money. 7. Large transactions made for no apparent business or personal reason should make you suspicious. The movement of large sums of money between accounts without any apparent basis in the customer's personal or business life might indicate illegal activity. Any type of unusual account activity is reason to look more closely at an account.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

26

www.eca.lrn.com

8. Know-your-customer policies are designed to help you identify potential problems before they become actual ones. Because money laundering laws define "knowledge" broadly and don't allow you to look the other way, knowing your customer is critical to preventing money laundering problems. Following your company's know-your-customer procedures can help you detect and prevent the concealment of funds, the structuring of transactions, tax evasion, and other criminal activity. 9. There are detailed financial transaction reporting requirements for securities firms. Firms must file a CTR with the IRS to report any transaction exceeding $10,000 in currency. For transactions in currency or monetary instruments that alone or in combination exceed $10,000 and are physically transported into or out of the United States, a Report of International Transportation of Currency or Monetary Instrument must be filed with the commissioner of customs. And even if you're not required to make a report because a sum doesn't meet the required amounts, you should report any suspicious activity to your law or compliance department. 10. Be sure to know the specific record-keeping requirements for currency or foreign transactions applicable to your firm. Securities firms must keep information gathered under a CIP; records of credit extensions over $10,000 not secured by real property; instructions received or given resulting in transfers over $10,000 to anyone outside the U.S.; and each request, advice, or instruction to another person or financial institution about a transfer of more than $10,000 outside the U.S. You must also keep certain account-identifying information records of wire transfers or funds transmittals over $3,000 to or from customers, and all transfers in or out of the U.S. of securities or currency or monetary instruments over $10,000.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

27

www.eca.lrn.com

TEST YOUR KNOWLEDGE OF MONEY LAUNDERING, SECURITIES, AND THE USA PATRIOT ACT
Question 1:
The money laundering laws apply to a) b) c) d) banks only financial institutions only everyone drug dealers only

Question 2:
Which step in the money laundering process disassociates the illegal funds from the crime by creating a complex web of financial transactions? a) b) c) d) placement layering integration transformation

Question 3:
Sue processes customer transactions at Worldwide Securities. She notices some odd wire transfers and investigates. The customer refuses to answer some questions, including where he got the money, and gives bogus answers to others. She learns that he lives in a country known as a money laundering haven and recently retired as deputy minister of finance. Lacking concrete proof of money laundering, Sue stops her inquiry and allows more transfers. If this customer launders money through the account, who is guilty? a) b) c) d) the customer only Sue only both Sue and the customer neither Sue nor the customer

Question 4:
Nicole gets a new private banking customer, a wealthy financier. He isn't a U.S. citizen and lives in a foreign country, where he serves as its minister of finance. What know-your-customer due diligence should Nicole perform? a) enhanced due diligence to detect and report transactions that may involve the proceeds of foreign political corruption b) only basic due diligence to determine his identity and the source of his funds c) enhanced due diligence only if he is opening the account as a correspondent account on behalf of a foreign bank d) the same amount of due diligence she would perform for a U.S. senior political figure

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

28

www.eca.lrn.com

Question 5:
For anti-money laundering purposes, what are the basic goals of know-your-customer policies and procedures? Check all that apply a) b) c) d) to determine the identity of the customer and the true ownership of the account to identify the source of the customer's funds to determine additional suitable products and services to offer the customer to determine whether the flow of cash and assets into the account is consistent with the customer's background

Question 6:
Under the USA PATRIOT Act, which of the following might require special or enhanced scrutiny as part of your knowyour-customer obligations? Check all that apply a) b) c) d) senior foreign political officials with private banking accounts correspondent accounts for foreign banks licensed in high-risk countries senior U.S. government officials with private banking accounts non U.S. citizens with standard accounts

Question 7:
Financial institutions, like securities firms, must report cash transactions of more than a) b) c) d) $1,000 $5,000 $10,000 $100,000

Question 8:
Robert's client wants to deposit $90,000 in cash. When Robert informs him of the reporting requirements for all currency transactions over $10,000, he asks Robert to break up the deposit into ten $9,000 increments. If Robert goes along with this, which of the following is true? Check all that apply a) b) c) d) he's illegally structuring the transaction to avoid the reporting requirements. he's legally helping a customer avoid extra paperwork. he's possibly assisting his customer in laundering criminal proceeds. he's using poor judgment, but not breaking the law.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

29

www.eca.lrn.com

Question 9:
It might be a clue that money is being laundered if a customer Check all that apply a) is mean or gruff b) is excessively concerned with privacy c) provides false information d) places orders under several different names

Question 10:
Jerry suspects that his customer is conducting criminal activity through her account, and he reports it to his compliance officer. The company investigates and files a SAR. A government investigation determines that the customer's activity is legitimate. The customer, having had to hire a lawyer, is angry and embarrassed, and sues Jerry and the company. What is the likely outcome? a) the customer will win if the transaction was less than $5,000 b) the customer will lose, but only if Jerry and the company suspected money laundering c) the customer will win because her activity was legitimate d) the customer will lose as long as Jerry and the company filed the SAR in good faith

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

30

www.eca.lrn.com

Answer to Question 1:
(c) is the correct answer. Although there are special requirements for financial institutions, the money laundering laws apply to everyone

Answer to Question 2:
(b) is the correct answer. The money launderer tries to disguise the criminal origin of the dirty money by layering, which involves making a series of transactions to distance the money from its source. These transactions are often accomplished by wire transfer, which allows for quick, easy transfers of money from account to account or from country to country

Answer to Question 3:
(c) is the correct answer. Sue saw many red flags indicating possible money laundering, so she may be treated as if she had actual knowledge of it. By allowing the wire transfers, she participated in a transaction relating to the money laundering, so she was engaging in money laundering, too

Answer to Question 4:
(a) is the correct answer. The customer is a senior foreign political figure and is therefore subject to enhanced due diligence requirements, which are typically more stringent than for U.S. citizens, including U.S. political officials

Answer to Question 5:
(a), (b) and (d) are the correct answers. The goals of getting to know your customer for anti-money laundering purposes are to determine the customer's identity and the true ownership of the account; to identify the source of the customer's funds; and to determine whether the flow of cash and assets into the account is consistent with the customer's background. While the information may help you assess your customer's needs, this is not a goal of the know-yourcustomer policies and procedures for anti-money laundering purposes

Answer to Question 6:
(a) and (b) are the correct answers. Special due diligence is required for non-U.S. citizens who have private banking accounts, and enhanced due diligence is required for senior foreign political figures. Correspondent accounts for foreign banks licensed in high-risk countries also require special due diligence

Answer to Question 7:
(c) is the correct answer. Securities firms and other financial institutions must report any cash transaction of more than $10,000 to the IRS. This applies to single transactions of $10,000 or more and to multiple transactions that add up to more than $10,000 a day

Answer to Question 8:
(a) and (c) are the correct answers. What the customer wants to do is called structuring, and it's illegal. Engaging in or helping a client engage in structuring is a money laundering violation and is likely to aid the customer in laundering the criminal proceeds. This is a tactic used by money launderers to avoid having the funds traced back to them

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

31

www.eca.lrn.com

Answer to Question 9:
(b), (c) and (d) are the correct answers. Beware of customers who are excessively concerned with privacy, those who provide false information, and those who place orders under several names. Customers are also suspect if they're reluctant to go forward with transactions when you tell them about the reporting requirements, rumored to be involved in illegal activities, or unusually nervous or otherwise suspicious. Other clues that may point to money laundering are a lot of cash payments and international transfers in amounts inconsistent with the customer's business. A customer being mean or gruff isn't enough to indicate that he might be involved in money laundering

Answer to Question 10:


(d) is the correct answer. As long as Jerry and the company had a good-faith suspicion that illegal activity was being conducted with the account, they are protected, even if it turns out that the activity is legitimate. For reporting purposes, there is no requirement that the suspicious activity must relate solely to money launderingany suspected illegal activity involving the account can be reported

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

32

www.eca.lrn.com

MONEY LAUNDERING AND THE USA PATRIOT ACT


INTRODUCTION
Not too long ago, the phrase "money laundering" might have evoked images of drug kingpins and organized crime figures trying to hide their profits. But in recent years there has been a marked change in the scope of what American law enforcement authorities view to be money laundering. And there has been a vast change in the profile of the "usual suspects" of such violations. Alongside the drug and mob assets typically targeted by law enforcement are proceeds of criminal consumer frauds, stock manipulations, insurance fraud, domestic and foreign political corruption, healthcare frauds, and other criminal schemes--the content of which is only limited by the imaginations of those who would perpetrate them on the public. Most recently, under the USA PATRIOT Act, the laws have been expanded to fight terrorism. Because the laws that regulate the proceeds of all these offenses are generally the same, the reach of the money laundering laws has broadened significantly, along with the obligations with which citizens must comply. Violations of the money laundering statutes can carry federal prison sentences up to 20 years, $500,000 in fines, and forfeiture of any assets from the unlawful activities. Some states have their own money laundering laws and are very aggressive in enforcing them, as will be discussed later. The stakes are therefore enormous for all, and you must understand your obligations in order to reduce the risk of inadvertent violations. It is the purpose of this handbook to distill the essence of the very complex law of money laundering into a practical guide for understanding and behavior in the business world. We attempt to make the basic principles real by drawing on examples from actual situations and cases. In the end you will have the tools to recognize situations where money laundering may be occurring and take appropriate steps to protect yourself, your colleagues, and your company. You should note, however, that this handbook is not intended to provide advice or guidance regarding how you should act in a particular situation. You should therefore consult your law or compliance department to determine what you should do in any particular case.

WHY DOES THE GOVERNMENT CARE?


The government cares about money laundering because without money, crime does not pay. After all, it is the flow and circulation of money that permits criminals to "cash out" of their criminal schemes. Almost every crime is of limited use to the perpetrator unless it can be converted into real value, that is, the ability to purchase goods and services with a crime's proceeds. A successful bank robbery means nothing unless the robber can use the proceeds. A terrorist can't fund his activities if he can't get access to funds that are normally funneled to him. A highway commissioner taking payoffs gets nothing if she can't spend the money. A successful sale of multiple kilos of cocaine means nothing if the seller can't convert the proceeds into a mountain getaway or a racing-model Ferrari. The objective of the government's program is to target the flow of the money generated by crime and to prevent it from being actively employed in commerce. If law enforcement can be

successful in doing so, the government can strike at the heart of people's incentive to do crime in the first place. In addition, in October 2001, the president signed into law the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act, with the goal of creating a number of mechanisms to combat international terrorism. Among other things, this law significantly expanded companies' obligations to detect and prevent money laundering. And although the law was enacted to fight terrorism, the USA PATRIOT Act's anti-money laundering provisions apply to all money laundering activities, not just those related to terrorism. Because the focus of the federal money laundering program is on the money, and the money that is involved in crime is overwhelmingly in cash, the program's attention is squarely--but not exclusively--on cash. How does the government get at it? We'll see in the next section.

WHY SHOULD I CARE ABOUT MONEY LAUNDERING?


You should care about money laundering for several reasons. First, the government has placed much of the responsibility for enforcing money laundering laws on companies and individuals in the private sector. This is based, at least in part, on the notion that those on the "front lines" are in the best position to detect and report potential money laundering by their customers. Under the PATRIOT Act, for example, all financial institutions have affirmative obligations to prevent and detect money laundering. This means they must have in place an anti-money laundering program that includes, at a minimum o o o o internal policies, procedures, and controls a designated compliance officer an ongoing employee training program an independent audit function to test the program

The definition of a financial institution is extremely broad and encompasses many companies that you might not think of in that way. Of course, traditional companies such as banks, savings associations, and credit unions are considered financial institutions. But so are securities firms, money services businesses (such as money transmitters and currency exchanges), and futures commission merchants. The definition also includes insurance companies that issue nongroup permanent life insurance, annuities, and other products that include a cash value or investment feature-as well as insurance companies that are required to register as broker-dealers under federal securities laws. The definition even includes dealers in precious metals, stones, or jewels; pawnbrokers; loan or finance companies; private bankers; travel agencies; telegraph companies; sellers of vehicles, including automobiles, airplanes, and boats; people engaged in real estate closings and settlements; investment bankers; investment companies (such as mutual funds); and registered commodity pool operators and commodity trading advisors.

WHAT IS MONEY LAUNDERING AND HOW IS IT ACCOMPLISHED?


Before we get to the details of the money laundering laws, it's important that you understand what money laundering is. Simply stated, money laundering is the process

of converting "dirty money" into what appears to be "clean money." Money either starts out dirty or it starts out clean and later becomes dirty. Money starts out dirty when it comes from illegal activities such as drug sales, gambling, larceny, political corruption, consumer swindles, securities fraud, credit card fraud, embezzlement, and other white-collar crimes, and the purchase and sale of illegal firearms. However, money that starts out clean can get dirty in several ways, usually involving the evasion of legal obligations such as taxes--people get money legally, but they try to hide it and report to the government less than they make. People also hide money to avoid other legal obligations, such as court judgments and divorce decrees. Once hidden, that money becomes dirty. Also, as we will see below, clean cash can become dirty if the money laundering laws themselves with regard to reporting cash are not followed. Money laundering typically involves concealing the existence, source, or application of income, and then disguising it to make it appear legitimate. It's estimated that the equivalent of between $590 billion and $1.5 trillion is laundered each year.

THE STAGES OF MONEY LAUNDERING


Money laundering usually involves three stages--placement, layering, and integration. Dirty money is initially placed into the financial system, layered to obscure its origins, and finally integrated or reintroduced into the legitimate economy as "clean" money. These three stages often overlap, however, and should be viewed as seamless parts of a single ongoing process. I.

Placement
Placement occurs when dirty money--often in the form of cash--is first placed into the financial system. This can be done in several ways--for example, depositing cash directly into a bank or brokerage account, converting the cash into money orders or other cash equivalents that are then used to open an account, or funneling the cash through front businesses, such as neighborhood laundries or grocery stores, that make the actual deposits. However it is done, placement is aimed at getting the dirty funds into the system, where they can easily be moved from place to place. Remember, a money launderer who uses an account in the financial system is mainly concerned with having the funds accepted into the system, and then moving them around. Investment returns are likely to be an afterthought, at best. Example 1: A general contractor, anxious to get business from the federally funded local housing authority, bribes the authority's executive director in return for being selected as the lead contractor on a public housing project. The contractor is advanced $200,000 for materials and startup costs. He deposits the money in his business's regular bank account. By doing so, he has just "placed" the proceeds of a crime (federal and state bribery) in the financial system.

II.

Layering
Layering is the use of complex financial transactions to move funds through various accounts and entities--both domestic and foreign. The purpose here is to

put even greater distance between the funds and the illegal activities that generated them. By moving the funds frequently through many accounts and entities, the money launderer can further conceal their source, ownership, and location. For example, the funds might be moved through several foreign and domestic accounts and end up in an offshore company secretly controlled by the money launderer, which then uses the funds to make apparently legitimate loans to a domestic company owned by the money launderer's cousin. At each stage of the process, the source of the funds becomes more difficult to trace, particularly if they pass through countries with strong financial secrecy laws. This is just one simple example, however. The variety and complexity of layering techniques are virtually unlimited. Layering is often done through wire transfers, which enable the launderer to move money quickly from account to account or country to country. In short, you should be suspicious of any activity involving customer funds that does not make sense from a business or personal standpoint. If a transaction does not seem right to you, it may be an attempt to create a confusing paper trail to obscure the original source of the funds. Example 2: Anne, a swindler running a water purification scam targeting elderly citizens, deposits the advances she receives from her customers in a bank account but, as a matter of routine, converts the proceeds of such advances into cashier's checks. The cashier's checks are then deposited into a second bank account under a different name. The funds in that account are wired to a wholesaler for a very substantial order of consumer home products, which are thereafter sold through a retail outlet in which the swindler has an interest. Anne has "layered" the proceeds of her criminal scheme. Example 3: Mark, a drug trafficker, purchases a large life insurance policy. He pays for the policy by wire transferring funds from two different bank accounts in which he had "placed" his drug money. Soon after receiving the policy, Mark exercises his right to return it under its "free look" provision. The insurance company sends Mark a refund in the form of a check, which Mark can now deposit into yet another bank account as an apparently legitimate check from the company. Mark has just successfully layered the proceeds of his drug trafficking. III.

Integration
After placement and layering, the money launderer's objective is to integrate the dirty money into the legitimate economy to further distance the money from its illegal source. In short, the money is now being spent. This may be done through what, to all appearances, are legitimate activities of investing in securities, buying property, purchasing a private business, paying employees, or purchasing supplies. Example 4: Anne, the water filtration swindler from Example 2, makes sufficient money from her scheme to purchase a condominium apartment. She makes a substantial down payment with the profits of her transactions, and thereafter pays the mortgage with her ongoing profits from the scheme. Anne has integrated her criminal proceeds into the conventional economy.

IV.

Money Laundering and the Internet


Although the initial placement of illegally generated money still requires some contact between the customer and a financial institution, the Internet provides a fast, clean mechanism to facilitate placement, layering, and integration. Once a customer has successfully placed assets with a financial institution, it becomes a simple matter to transfer money, buy securities, pledge the assets, or perform any number of commercial transactions online that, on their surface, are indistinguishable from legitimate financial activity. The transactions used to layer and integrate the funds are nothing new--they are the same old schemes that the money laundering statutes were designed to combat; however, the Internet provides a much faster, more global, and more impersonal means of laundering the funds.

THE THREE PILLARS OF THE LAWS AGAINST MONEY LAUNDERING


The legal strategy of the government against money laundering rests on three pillars. Each represents a separate type of obligation for citizens and companies. The first pillar is an overarching prohibition against participation in any transaction where the proceeds or assets are derived from a crime. We will call that the obligation to avoid dirty assets. Example 5: A retailer of home products sells $15,000 of hardware goods to a known criminal who pays cash from what the merchant knows was a recent crime. The merchant is guilty of money laundering in spite of having had no participation in the crime. Example 6: A real estate broker sells a house to a criminal who pays for it with proceeds of his criminal activities. The broker knows that the money is the proceeds of a crime. The real estate broker is guilty of money laundering because of the knowledge that criminally tainted funds were used as the basis of the transaction. The second pillar is the requirement that any transaction involving more than $10,000 in cash at a financial institution be reported to the Internal Revenue Service (IRS) regardless of whether there are any suspicious circumstances that surround the source of the funds. Furthermore, the aggregate amount cannot be broken down into individual amounts less than $10,000 to avoid the report. In fact, doing so--called structuring--is an independent crime. Finally, there is a similar reporting obligation whenever one leaves or enters the United States with more than $10,000 in cash. The report must be made to the Customs Service. We will call these collective duties the obligation to report cash. We will describe in detail below the circumstances that trigger the reporting obligation, but the most important characteristic is its absoluteness: the obligation arises whenever more than $10,000 in cash is part of a transaction of any kind at a financial institution or is taken into or out of the country. The penalties for violations of this obligation of the federal money laundering laws are less severe than when known tainted assets are involved; nevertheless, as described below, penalties for failures to report are substantial. Example 7: A generous uncle gives a lucky nephew $13,000 in cash. When deposited into a bank, a report of the transaction must be made to the IRS by the bank, and the customer must not discourage or otherwise interfere with the bank's report of the transaction.

Example 8: After receiving $13,000 in cash from his generous uncle, the lucky nephew-knowing that his bank is obligated to report his deposit of the full amount to the IRS-splits the money into $7,000 and $6,000 portions and deposits them separately in the bank. By doing so, the nephew has committed the crime of money laundering. Example 9: An institutional customer enters into a satellite communications services agreement and pays $14,000 in cash. Upon deposit, the transaction must be reported to the IRS by the financial institution. Any request by the satellite company that the report not be made is a criminal money laundering violation. The third pillar of the government's anti-money laundering program relates to the circumstances where corporations or other business entities are held responsible for the money laundering violations of their employees. Corporations can be responsible for the acts of their employees unless it is demonstrated that the company had a prevention program in place that diligently anticipated the risks of violations by its employees and the company took reasonable actions to prevent such violations from occurring. We will call this the obligation of companies to enforce compliance. It is therefore important that you understand and follow your company's anti-money laundering policies and procedures. Example 10: A vice president of a commercial real estate firm is convicted of knowingly brokering the purchase of an office building by a foreign national using the proceeds of an offshore bribery scheme. The real estate firm had no anti-money laundering policies or procedures in place. Depending on the circumstances, the company could be independently subject to prosecution and punishment. We will address all three pillars in detail below, but at all times remember the three pillars of the American law of money laundering: o o o II. the obligation to avoid dirty assets the obligation to report cash the obligation of companies to enforce compliance

Pillar 1: The Obligation to Avoid Dirty Assets


There are many technical aspects of the money laundering laws, but one easy proposition to keep in mind is: if you have knowledge that the source of the money, goods, or property that you are dealing with was a crime, then your involvement in the transaction makes you a participant in the crime of money laundering. And if you find yourself in that situation, get out of it. Example 11: You are a salesperson for a national consumer home products chain. You get a lead to a potential customer who wants to buy 1,000 compactdisk players. The person making the introduction tells you not to ask any questions as to why the customer would want to buy so many appliances, and then he winks and says, "The money is hot. You know what I mean?" You make the sale. It is later disclosed that the purchaser is part of a drug ring and that the reason for the purchase was to convert the profits of his trade into "clean" consumer products, which he then resold on the open market. You face years in prison and a huge fine.

A.

How the laws operate

You could very reasonably ask what crime a salesperson like the one in Example 11 is guilty of. The answer is that it is a crime to knowingly engage or attempt to engage in any monetary transaction involving criminally derived property. It is also illegal under the money laundering laws to receive or distribute more than $10,000 in cash or property known to have been derived from such crimes. "Criminally derived property" is any property gained through crime or bought with--or traded for--property gotten from a crime. Example 12: An insurance salesman sells a life insurance policy to a criminal who pays for the policy with proceeds of his criminal activities. The salesman knows that the money is the proceeds of a crime. The salesman is guilty of money laundering because of the knowledge that criminally tainted funds were used as the basis of the transaction. Example 13: Lee works for a communications equipment company that leases phones, other communication devices, and related equipment to a telemarketing firm that is engaged in a water purification consumer fraud, and he knows it. Lee is paid from the earnings of the scheme. By doing so, he has committed the crime of money laundering because he was paid with proceeds that were "derived" from a crime. The law goes on to define very broadly the kinds of "specified unlawful activity" that constitute crimes for these purposes. For example, any funds or property derived from the following kinds of criminal schemes are covered: sales of narcotics payoffs to any public official, local, state, or federal (bribery) loans and mortgages fraudulently obtained from a bank insurance fraud funds from illegal securities transactions, such as insider trading or a stock scam goods illegally imported into the country stolen property swindle, scam, or "get-rich-quick" schemes counterfeit funds willful violations of the air and water pollution environmental laws trading with countries, like Iraq, that have been designated as enemies of the United States or with people who have been identified as terrorists illegal trafficking in firearms and ammunition food stamp fraud healthcare fraud crimes committed abroad involving narcotics, violence, arson, or fraud against a foreign banking institution These are just a few examples. And as you can see, nearly any crime you can think of is covered by the money laundering laws. Example 14: You work for a medical supply house and sell equipment to an orthopedic group of doctors that does a high volume of workplace

injury treatment. Through your contacts with the customer, you become aware that the group systematically falsifies injury reports and the claims it submits to employers and insurance companies. You continue to sell to the group in spite of such knowledge. In taking payment from the group, you have committed money laundering. In this example you would be guilty of money laundering because you engaged in a monetary transaction (the sale of the equipment to the orthopedic group) with an entity whose funds were derived from a crime (healthcare and commercial fraud) you knew that the proceeds were dirty (even if you didn't know the particulars of the underlying crime) And like anyone else who violates this aspect of the money laundering laws, you would face ten years in prison and $250,000 in fines. B.

Increased punishment for monetary transactions involving other money laundering offenses
In addition to the law against being involved in a transaction with property derived from crime, there are even harsher penalties for someone who engages in a financial transaction with the proceeds of the above kinds of crimes intending to do any of the following: Promote the crimes. Assist in tax evasion. Conceal the source of the proceeds. Avoid reporting the proceeds of the transaction if more than $10,000 in cash is involved. Persons who violate this part of the money laundering laws are punished with up to 20 years in prison and a $500,000 fine. Example 15: Let's revisit Example 13, where Lee works for a communications equipment company supplying goods and services to a telemarketing company involved in a consumer scam. The principal of the scheme outlines her intentions, and Lee agrees to postpone receiving payment for the equipment until the business is up and running. Thereafter he's paid from the revenues of the business, which he deposits. Lee is guilty of this aggravated form of money laundering because he received and deposited the funds with the intention of having "promoted" the crime. He'd face 20 years in jail.

C.

The financial transactions that are covered


"Financial transaction" is broadly defined in the money laundering laws. It includes virtually any action involving a client's funds or account with the firm. For example, it includes deposits withdrawals transfers between accounts

currency exchanges loans extensions of credit purchases or sales of any stock, bond, certificate of deposit, or other monetary instrument use of a safe deposit box any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means Example 16: Ed engages in illegal insider trading by buying stock in his company just before a merger announcement. He then sells the stock at a profit and has the proceeds wire transferred from his brokerage account to his bank account. Ed has engaged in not only illegal insider trading, but also money laundering. If the brokerage firm has knowledge of Ed's illegal activities, it might be guilty of both aiding and abetting his insider trading and money laundering. III.

Pillar 2: The Obligation to Report Cash


The reporting obligation of transactions involving more than $10,000 in cash is actually how the American law of money laundering got started in 1970. The law was called the Currency and Foreign Transactions Reporting Act (the Currency Act). The reporting requirements aid law enforcement in identifying possible money laundering before the funds get layered and integrated into the legitimate money stream. The Currency Act and related regulations require banks and other financial institutions to report each cash transaction exceeding $10,000. This is done on a Currency Transaction Report (CTR). The reporting rule covers any single transaction that exceeds $10,000, as well as multiple transactions during the same day that add up to more than $10,000. And under the PATRIOT Act, all businesses, whether or not they are financial institutions, must now report a transaction of more than $10,000 in cash on Form 8300. For Form 8300 reporting purposes, cash includes currency and, in some circumstances, a cashier's check, money order, bank draft, or traveler's check in the amount of $10,000 or less. For transactions in currency or monetary instruments that alone or in combination exceed $10,000 and are physically transported into or out of the United States, persons are required to file a different form--a Report of International Transportation of Currency or Monetary Instrument (CMIR)--with the Commissioner of Customs. It is illegal to evade or assist in the evasion of these reporting requirements. A person may be liable if an employee assists a customer in structuring a transaction to avoid these reporting requirements. For obvious reasons, transactions of $9,999 should raise suspicions. And even if you file a CTR or CMIR, you should still report any suspicious transaction. While the immediate reporting obligation is on the bank or other financial institution, any request or encouragement by a customer that the teller not complete a report is an independent money laundering crime.

Example 17: You sell your used pickup truck for $18,000 in cash. You don't want to pay taxes on what you got from the sale, and you don't want to risk the IRS finding out about it by having the bank file a CTR recording the deposit. You are friendly with the bank teller at your local bank, so you ask that he not fill out a CTR as you present the money for deposit. He agrees. Both of you are guilty of money laundering. .

Structuring
The $10,000 reporting threshold has generated a cottage industry in which low-level operatives scurry about to different banks, making cash deposits just under the $10,000 limit--a practice known as structuring, or "smurfing" (after the little blue cartoon characters that the operatives are said to resemble). Structuring is illegal, and banks, brokerage firms, and other financial institutions must be alert to any efforts to evade the currency reporting requirement in this manner. Broker-dealers may be liable if an employee assists a customer in structuring a transaction to avoid these reporting requirements. For obvious reasons, transactions of $9,999 should raise suspicions. And even if you file a CTR or CMIR, you should still report any suspicious transaction to your firm's law or compliance department. Remember, however, that even if no CTR or CMIR is required to be filed, multiple transactions over multiple days, even at different firms, might indicate an attempt to structure transactions to evade the reporting requirements. These transactions should also be reported to your law or compliance department. Example 18: Alan, a customer of Global Securities, deposits $8,000 into his brokerage account. He tells Bill, his Global registered representative, that he just deposited $6,000 at his bank earlier that day and $9,000 yesterday to his Global account. Alan winks and says that he hates paperwork. No CTR is required to be filed because the single-day $10,000 threshold has not been reached. However, because Bill learned about the two other deposits and should know Alan is probably trying to evade the reporting requirements, he must report the transactions as suspicious activity. Example 19: Matt, a good customer of a credit union, brings Alex, the credit union manager, $70,000 in cash and asks him to make eight transfers of less than $10,000 each over a three-day period in accounts held in third-party names. He gives Alex a wink and mentions how paperwork is such a hassle. Alex knows that Matt is a drug dealer, but he doesn't care where the money came from--which turns out to be from a recent illegal sale of cocaine. If Alex complies with Matt's request to structure the transfers, this would be considered money laundering and Alex and Matt would likely be off to jail. IV.

Pillar 3: Corporate Compliance


Corporations and other business entities cannot be sent to prison, of course, but they can be, and are, prosecuted and convicted of criminal offenses, including money laundering, because of their employees' acts. Companies can face

millions of dollars in fines and the confiscation and forfeiture of their assets. However, the law offers the means for a company to avoid being charged (or if charged, to have its punishment reduced) if it's able to demonstrate that it took all reasonable steps, in terms of its internal policies and procedures, to prevent its employees from breaking the law. While this principle applies to all kinds of crime, it is especially prominent in the money laundering context because the threat of prosecution can be a powerful force to convince companies to take serious measures to get their employees to abide by the law. You must therefore be sure to know your company's policies and procedures and comply with them. If you have any doubt, you should consult your company's law or compliance department. Example 20: Mary is a customer services representative at a small bank in a major city. Her husband is a corrupt police lieutenant who functions as the "collector" of cash bribes routinely paid by the merchants in the precinct's neighborhood. Through Mary, her husband converts the cash, which is regularly in excess of $10,000, into blank money orders without reporting it to the IRS. The money orders are then distributed by the lieutenant to his coconspirators in the force. Mary and her husband are both indicted for money laundering. Whether or not the bank also would be prosecuted depends on what preventive steps and supervisory structures were in place there to prevent Mary's money laundering activities. .

The need for company compliance


First, under the PATRIOT Act financial institutions have an obligation to establish an anti-money laundering program. And because a company acts through its employees, employee conduct is crucial to ensuring that the company itself avoids violating the money laundering laws. There are generally two circumstances in which an employee can place her employer in jeopardy. The first is when an officer of a corporation commits a money laundering offense while directly acting on behalf of the company. Example 21: The president of a commercial real estate firm is aware that a prospective foreign investor has proceeds originating from a major bank swindle in the investor's home country. The president courts the client and offers him multiple real estate investment opportunities personally and through her staff. The investor eventually purchases an office building. The real estate company is paid a $300,000 commission. The corporation is guilty of transacting business with "criminally derived property." The president, of course, is also personally guilty of the same offense. More complicated, however, is the second kind of circumstance, where no one employee actually commits a crime, but two or more employees acting together cause the company to do so. This happens, for example, when one employee acts without a necessary element of "intent" or "knowledge" but other individuals in the company did have the knowledge that would have provided that "intent." The law considers a corporation to have the "collective knowledge" of all its employees' conduct and all of its employees' states of mind. (We address what it

means to "know" something under the law at some length later in this handbook.) Because a company can be held responsible for the collective knowledge of its employees, it can be convicted even if no employee of the company was individually guilty. Example 22: In the situation of the commercial real estate firm described above in Example 21, say the initial sales contact with the corrupt foreign investor is done by a junior broker in the firm, Michael. Michael knows of the illicit origin of the investor's funds in the foreign bank swindle, but he does not inform any of his superiors. His superiors, including the president, Donna, take over the sales presentations, and Donna closes the deal. Unfortunately, the firm has no anti-money laundering policies or procedures and doesn't train its employees on money laundering issues. The same $300,000 commission is paid to the firm. Despite having closed the deal, Donna did not commit any crime individually because she did not know of the criminal origin of the funds. Depending on all the circumstances, however, the company could be found guilty on account of the collective knowledge--Michael's conduct and actual knowledge of the tainted source of funds, and Donna and her staff's actions in closing the sale and accepting payment for it. A.

How compliance programs can make a difference


The existence of a compliance program has different impacts depending on the particular circumstances surrounding the crime. No matter how good a compliance program may seem, it may not be sufficient to shield a company from criminal liability and severe punishment if the company itself could be seen as intentionally having acted through its chief executive officer to commit an act of money laundering and to have ignored the policy behind the compliance program. However, if knowledge of the dirty source of funds is with a very junior person and the company's executives close the transaction without any knowledge, having a program at the company designed and implemented to prevent its employees from engaging in money laundering could well help the company to be freed of criminal responsibility for the illicit transaction (or at least have the fines leveled against it significantly reduced).

B.

What makes for an effective compliance program


As a result of the concerns identified above, many companies have implemented anti-money laundering policies and procedures to ensure that their employees comply with the law and to protect themselves and their employees from the acts of unscrupulous employees or others. The content of the compliance program is therefore paramount, and the ingredients of a compliance program can go a long way to protecting a company and its employees. These ingredients include a formally adopted written anti-money laundering plan as the company's official policy evidence that the plan was designed with an eye to the particular risks presented by its business and its industry--that is, the

content of the plan was responsive to the special risks of the company's business environment training materials and programs sufficient to explain the employees' obligations and ensure that the employees remain knowledgeable the designation of a person to oversee the implementation, review, and improvement of the program the regular review, evaluation, and refinement of the program by the senior management of the company While no compliance program can ever prevent all crimes committed by a corporation's employees, the critical factors in evaluating any program are whether the program is adequately designed to effectively prevent and detect wrongdoing by employees corporate management enforces the program and avoids any tacit encouragement or pressure on employees to engage in misconduct to achieve business objectives Each company's compliance program will be different. You shouldbe sure to know and understand the policies and procedures in place at your company. Example 23: An insurance agent at a large insurance company is found guilty of aiding a customer to launder money through making large overpayments of premiums and loans against other policies. The company's board of directors had circulated a strict money laundering prevention policy, which required that all employees and officers be provided with an understandable summary of the money laundering laws and provided training, including updated information about recent money laundering developments and practical guidance. A compliance officer had also been designated, who regularly communicated with the employees on the subject. All the above was publicly supported and reinforced by statements from the president and decisive disciplinary action when required procedures were not followed. If the agent had been given training, appeared to understand it, and thereafter signed an acknowledgement of that understanding, the company likely would not be prosecuted by federal authorities for money laundering.

WHAT IT MEANS TO "KNOW" SOMETHING UNDER THE LAW


The word "know" extends beyond a situation in which someone has told you something-in that circumstance actual knowledge is clearly established. However, if you are exposed to information that would lead an ordinary person to conclude that something is a fact, you might indirectly know it to be so. These facts, or red flags, that come to your attention point to whether or not you knew something was amiss. These red flags include o o o o the evasiveness of a person to describe how he or she came to the money or the property a person's reputation in the community knowledge that a particular crime occurred even though you do not know who was involved statements made by others about the customer acting suspiciously

o o

the customer's "demeanor": shifty eyes, sweaty palms, suspicious speech any other peculiar circumstance that marks the circumstances as odd and out of the ordinary (something that leaves you with the feeling that "something is not right")

Finally, you cannot turn a blind eye to your customer's activities by ignoring the above red flags that indicate money laundering may be occurring. If you do, you are considered by the law to have the equivalent of actual knowledge. While the law is complex, one thing is clear--you should be vigilant to oversee your customers' activity in their accounts to the extent that you can. Burying your head in the sand can result in grave consequences for you and your company. Remember, your actions and your customers' activities may be judged later by prosecutors or judges with the benefit of "20-20" hindsight, flexible federal laws, and significant penalties. Therefore, you need to be especially careful at the outset to identify and prevent a transaction that might give rise to a money laundering prosecution. The key is to be alert to the red flags. Example 24: Mary, a customer services rep at a neighborhood bank, is married to a corrupt police lieutenant who takes bribes from local merchants. Mary's supervisor often sees Mary "walk through" the transactions with the tellers in which the husband's illicit cash is converted to money orders. The supervisor reviews daily the reports of cash transactions that the tellers prepare for submission to the IRS, but he never asks why the tellers failed to complete reports for Mary's transactions. He also often notices that Mary's husband is ill at ease and always seems to be looking out the window, as if to see if someone is watching. The supervisor also notices that Mary, who is normally laid-back and upbeat, becomes visibly tense and stressed when her husband is in the bank. The local papers also expose evidence of widespread corruption among the police in the very part of town where the bank is located, and the bank's private security guard once whispered to the supervisor that Mary's husband was "dirty." All the above factors are circumstances that could prove that even if Mary's supervisor didn't actually know what was going on, it was because he chose to ignore reality. By turning a blind eye, the supervisor would be equally guilty of money laundering as if he actually knew what was happening. We'll take a closer look at these red flags when we discuss reporting suspicious activities. In the meantime, remember this: if you know what your customer is up to but choose to ignore red flags and help him launder dirty funds, you could find yourself and your company being prosecuted for money laundering, along with your customer.

CHECKS, WIRE TRANSFERS, AND OTHER FINANCIAL INSTRUMENTS


I.

Monetary Instruments
Although the traditional view of money laundering involves shady characters with bags full of cash, the laws are not limited to transactions in cash or currency. Any monetary instrument is covered, including coins or currency (of any country), as well as traveler's checks, cashier's checks, money orders, or even bearer securities or other negotiable instruments. Each type of instrument involves special issues. Many businesses restrict or prohibit cash deposits and third-party checks. If a customer brings you cash, you should be aware of the restrictions in effect at your company. However, even if your company prohibits cash transactions, you still need to watch out for money laundering. As we'll discuss below, there are special reporting requirements

within financial institutions for wire transfers over $3,000. If your firm accepts third-party checks, you should know the third party and understand where or how the third party got the money to make the investment. Example 25: You manage a consumer electronics store in an area of town where Marty is reputed to be involved in the drug trade. Several times a month, Marty purchases expensive TVs and other home entertainment equipment and pays with random third-party checks drawn on accounts having no apparent legitimate business connection to him. The combination of Marty's known reputation and the suspicious circumstance of his use of third-party checks could be strong evidence against you if the police later accuse you of money laundering for him. II.

International Transfers
Because money laundering doesn't always involve obviously suspicious characters or clearly dirty money, one thing you can watch for is where the money is going to or coming from, because some countries are known money laundering havens. The U.S. government has begun focusing on transfers to accounts in certain countries, warning banks and other financial institutions to be particularly vigilant about transactions to these destinations. In effect, transfers of funds or goods to or from these countries may constitute red flags of suspicious activity. The list of targeted countries, which changes from time to time, can be found at http://www.fatf-gafi.org/dataoecd/17/5/45540828.pdf. These countries are considered money laundering havens for a variety of reasons: They may have stringent bank customer secrecy laws, so it is hard to determine the identity of an account holder. They may be developing countries encouraging foreign investment and, therefore, don't ask many questions. They may be countries that allow investment by U.S. citizens but that do not themselves have particularly friendly relations with the United States. They may be experiencing a current state of political turmoil and so without resources or interest to devote to enforcement of money laundering laws. You should be especially wary of any request to wire or otherwise transfer money to or from customers in these places. You should also be on the lookout for places not on this list but exhibiting these same characteristics, because criminals are constantly exploring new and exotic locales that are conducive to money laundering. Example 26: You are in the wholesale automotive supply business. Your company receives an unusually large order for multiple standard items with a ship-to address in the United States that does not appear to belong to a company engaged in the auto parts business. The order is coming from a person in a thirdworld country, and the goods are paid for by a wire transfer in U.S. dollars originating from a bank in the same third-world country. On these facts alone, there is nothing necessarily illegal. However, your money laundering sensors should be up, and if other suspicious circumstances arise, you may be in trouble if you close the deal.

Like the prohibitions discussed above, if you know the funds are from criminal activity and they are transferred into or out of the United States to conceal them or to avoid transaction reporting requirements, you have committed money laundering. The money laundering laws are even harsher, however, when it comes to international transfers. Even if the funds transferred were legitimately acquired, international transfers are illegal if you know the transfer is done to promote the carrying on of criminal activity. This means that even if the funds come from legitimate business activities, if the transfer is done to promote criminal activity, it is considered money laundering and is illegal. One other thing: obvious as it may seem, if you are told by a customer that cash or other proceeds are from criminal activity, and you nonetheless engage in a transaction or transfer for the customer, you have probably violated the money laundering laws. This is true even if the person you're dealing with turns out to be a government informant or undercover law enforcement agent. These kinds of "sting" operations are permitted to find and punish people who are willing to launder money on a criminal's behalf. Example 27: Ned, an employee of a finance company, has a customer, Al, who he believes is a purchaser for a car company. Actually, Al is an FBI agent. Al brings Ned a check for $60,000, telling him that he received it as illegal kickbacks for purchasing parts from a particular supplier. At his direction, Ned deposits the money in the account of a third-party partnership that Al controls, and Ned subsequently transfers it to another account held in another party's name. Ned has just violated the money laundering laws even though he was set up by Al.

KNOW YOUR CUSTOMER AND SUSPICIOUS ACTIVITY REPORTS


Because money laundering laws define knowledge broadly and don't allow financial and other institutions to keep their "heads in the sand," knowing your customer is critical to preventing money laundering problems. Therefore, it is important that you follow the know-your-customer procedures in effect at your company. Although we refer to this obligation as "know your customer," the duty has a wider application, which also includes knowing your business partner, your client, your banker, and any other person or entity with whom you are conducting business. In addition, it is up to you and your company to police activity for suspicious behavior, and when you detect such behavior, prevent it from occurring. I.

Suspicious Activity Reports in General


Many companies have adopted procedures designed to ensure compliance with money laundering laws. These procedures are commonly referred to as Suspicious Activity Reporting (SAR) rules. They are modeled on the rules that already apply to banks and brokerage company subsidiaries of banks.

II.

Examples of Suspicious Activities


While it is impossible to list every potential situation that may be deemed suspicious, the activities can be segregated into two general categories-customer information and customer account activity. Some red flags that money laundering is afoot include situations such as these:

The customer seems unusually concerned about privacy. The customer is reluctant to provide routine information about identity, source of funds, business activities, and bank references that you would expect the customer to provide as part of normal conduct. The customer is from, or has accounts in, a country or territory identified as being of special money laundering concern by FinCEN (which will be discussed later) or as noncooperative by the Financial Action Task Force (FATF), which is an international organization made up of several countries, including the United States, dedicated to combating international money laundering. The customer provides information that turns out to be false or suspicious--for example, the phone number provided by the customer is disconnected, or the business address is for a vacant building or an office space that seems inconsistent with the description of business. The customer is reluctant to proceed when informed of currency reporting requirements. The customer withholds information necessary to complete required transaction reports. The customer's appearance or demeanor is suspiciously unusual, or the customer acts excessively nervously. The customer doesn't seem to care about returns on an investment, but instead focuses on restrictions relating to withdrawal or cancellation. The customer is named in news reports, or rumors circulate that the customer is engaged in illegal activities. The customer claims to be an agent (such as a lawyer or accountant) for someone else, but she does not reveal the identity of her principal or permit you to speak to him. Example 28: Your company plans and remodels office space. You are retained by a telemarketing firm with which you have not done business before to assist in remodeling an office suite. The suite is composed of a front office section equipped with high-end furnishings, fancy decorations, and a large interior space from which--you are told--telephone banks will be operated. In talking with the client contact, you become aware that the company is new to the area. The contact winks at you when you ask what brought the company to the area, and he says, "Things got a little hot at the last location for the guys who run this thing." Further, the billing address he gives you is a post office box far removed from the business. Your initial bill of $14,000 is paid in two installments of cash-first $8,000 then, two days later, $6,000. The client contact tells you, "It's important to do it that way to keep the feds away." You may well be doing business with a criminal telemarketing scam. Here are some examples of customer transactions and other account activity that might be suspicious under the circumstances: The customer purchases a product that's inconsistent with his or her needs. The customer makes orders under different names or different business names. The customer makes payments in cash or cash equivalents. The customer makes payments using sequentially numbered monetary instruments that were purchased the same day and are just under bank reporting thresholds (for example, $9,900). The customer makes large deposits and withdrawals for no apparent business or personal reason.

The customer attempts to deposit foreign bank drafts, third-party checks, money orders, or bearer securities. The customer engages in transactions that appear beyond its needs. The customer frequently makes advance payments in the account and then changes her mind and requests wire transfers to another city or country, when such activity is inconsistent with the customer's business or personal activities. The customer tries to pay using third-party checks. Payment for goods or services comes by wire transfers from another city or country, especially those suspicious countries referred to earlier. The customer requests early withdrawal or cancellation of an investment or insurance product, such as a single premium insurance product, particularly for cash or at a cost to the customer, or settlement to an individual third party. The customer engages in transactions at unusual times from unusual places. The customer attempts to pay with third-party checks or foreign bank drafts. The customer directs that a refund or other payment be made to an apparently unrelated third party, or names such a party as beneficiary on an insurance or other product. The customer borrows the maximum amount available under a product shortly after buying it. The customer buys an annuity or other life insurance policy and upon receiving the policy exercises his right to surrender it for a refund under its "free look" provision. Example 29: Janet works for Global Life, an insurance company. She sells Colin, a new customer, a large life insurance policy. Only days after receiving it, Colin surrenders the policy under its "free look provision" and instructs that the check be sent to him, but care of a different address than the one Janet has. When Janet calls him to clarify the address, he becomes belligerent and tells her to mind her own business, "or else." Janet should report this to her supervisor because Colin may be trying to engage in money laundering. Large international funds are transferred to or from the accounts of a domestic customer in amounts and with a frequency that are not consistent with the nature of the customer's known business activities. The customer suddenly increases the use of wire transfers, especially if they're made at unusual times or from unusual places. The customer requests to transfer money to any country known as a money laundering haven. The customer requests that a transaction be processed in a way that avoids the firm's normal documentation requirements. A customer consistently uses third-party checks to pay for transactions. Example 30: You are a space planner and remodeler for a telemarketer. The services are being provided around the country--your customer's business appears to be thriving. Payments to you for services are made by wire transfers from offshore bank accounts in the Cayman Islands and Panama. Your requests to meet the actual principals of the business are politely refused by your client contact. He explains that they "value their privacy." The contact periodically asks you to do the company the "favor" of exchanging checks from your company for cash. He warns you not to deposit more that $10,000 at a time in your account. With so many red flags flying, you would be hard pressed to claim credibly that

you did not think anything was out of the ordinary with this business relationship if later questioned by the FBI. III.

"Safe Harbor" for Those Making Reports


If you're not sure whether something is suspicious, you should inform your law or compliance department. The reporting laws protect firms and their employees who report suspicious activities. This means that if the firm reports to the authorities what it believes to be a customer's suspicious activities, the firm and its employees are generally protected from a lawsuit brought by the customer for reporting the activity, even if it turns out the activity was legitimate. This safe harbor protects a person whether she's required to report the suspicious activity because it is affiliated with a bank or isn't required to report the activity but does so voluntarily. You should, however, have a good-faith suspicion that the law may have been violated and that the person is connected to the suspicious activity. In other words, you are not allowed to abuse the safe harbor. Example 31: You work in a high-volume retail consumer products company. A customer who, less than a week before, had purchased $15,000 worth of appliances, returns the product unopened and unused, and he requests that a check be issued to "Cash" and be mailed to an account in the Cook Islands. Over the next two weeks he does the same thing for a similar amount and product. You should report this as a suspicious activity. Even if it is later determined that the customer broke no laws and he complains to your company, you and the company would likely be protected from liability for having reported him because of the safe harbor policy of the federal money laundering laws as they relate to financial institutions.

IV.

Know-Your-Customer Procedures A. In general


Each of the examples above might, either by itself or in combination with others, indicate that a customer is engaging in illegal activity. Some of the examples are obviously suspicious, while others are not. Of course, customers might also have legitimate reasons for acting in a particular manner. To be able to tell the difference between actions taken by a customer for legitimate as opposed to illegal reasons, you need to have a good understanding of your customers and their needs. This understanding will come from adequately knowing your customers. Many firms have procedures in place to ensure you know your customers not only to comply with the securities laws, but also to help you spot suspicious activities that might point to money laundering or other crimes being committed by customers. As will be discussed in the next section, certain financial institutions, including banks and securities firms, must have specific procedures in place for gathering customer-related information and verifying customer identities. Although insurance companies aren't covered by these detailed requirements, they must have procedures in place for obtaining all customer-related information necessary for an effective anti-money laundering program. A covered insurance company must also integrate

its agents and brokers into its anti-money laundering program, make sure they're properly trained on their responsibilities under the program, and monitor their compliance with it. The company must also obtain all relevant customer-related information from its agents and brokers (or other sources), and use that information to assess the money laundering risks associated with its business and to identify any red flags. B.

How to get to know your customer


Below is a general outline of know-your-customer procedures. Your firm has likely adopted its own. Therefore, you should consult your law or compliance department about the specific procedures that apply to you. The goal of any know-your-customer procedure is to make reasonable efforts to determine the true identity of all customers and the ownership of all accounts identify the source of funds used by the customer to open an account and pay for trades monitor the account--both transactions and the flow of cash and assets to and from the account--or activity disproportionate to the customer's apparent means, business, or background While your employer will likely have its own procedures for what you need to do to know your customer, many firms have certain minimum obligations they've established to comply with the money laundering laws. For example, under the PATRIOT Act, certain financial institutions, including banks and securities firms, must have specific procedures in place for opening customer accounts gathering customer information (including certain required items) verifying the customer's identity verifying that the customer doesn't appear on any government list of known or suspected terrorists or terrorist organizations-such as the Specially Designated Nationals (SDN) List issued by the Treasury Department's Office of Foreign Assets Control (OFAC) and available on its website at http://www.treas.gov/offices/enforcement/ofac/index.shtml. keeping records used to verify these things Following are some ways of gathering and keeping this information: For an individual customer, get a driver's license, passport, government identification, alien registration card, major credit card, or other common form of identification. For a business, get evidence of legal status and authority (incorporation documents, partnership documents, resolutions, business licenses, and so forth). Complete a customer profile containing information relevant to your business.

Identify the customer's other accounts or transactions with the firm, including accounts in the names of others over which the customer has control. Look at the trading in those accounts. Has the customer moved large amounts of money in and out of those accounts? Engaged in frequent wire transfers? Engaged in foreign transactions? This may warrant additional investigation. Find out the customer's financial information. What is the customer's net worth and that of immediate family members? What are the customer's assets, liabilities, income, and expenses each year? What is the customer's liquidity? Are the customer's income and financial position consistent with his stated occupation? Particularly if the customer is opening an account for a limited partnership, corporation, trust, or other third party, verify that the customer has authority to open the account and verify the identity of the beneficiary, if any, or the third party. Verify the source of the funds the customer is using to open an account or pay for the transaction. Get personal and business references. Ask questions. For example, where is the customer located? Is this a high-risk jurisdiction? What's the source of the funds? If it's an account, is it recently opened or located in a high-risk jurisdiction? What's the method of payment? If the customer is an individual, will anyone other than the account holder have control over how the account is managed or how the funds will be used? If it's a business, who owns it? In addition, depending on the circumstances, you may want to consider using some or all of the following techniques to verify customer information when opening an account. Check phone numbers and addresses by telephoning or visiting the customer to thank her for opening the account. In fact, it's a good idea to have customers provide street addresses to open an account, and not simply a post office box. A disconnected phone number or an address that is incorrect warrants further investigation and may be suspicious. Visiting a business and finding that it does not exist, or that it does not appear to provide the services indicated, warrants further investigation and may be suspicious. Check the customer's personal or business income. Having your firm request tax forms or run a credit check could do this. In consultation with your law or compliance department, consider whether a report from a private credit agency should be done-for example, if the customer engages in significant margin activity. For a business, ask for financial statements, annual reports, marketing brochures, a description of the business, a list of suppliers and customers and their location, and a description of the locales in which the company does business (with particular attention to whether it conducts international transactions). Conduct a search of available online databases or newspapers, periodicals, and other public information. Check with the local chamber of commerce or retrieve public filings with the Securities and Exchange Commission (SEC) when appropriate.

For a business, ask for information supporting the expected volume of funds generated by the business. Get an understanding of the customer's likely patterns of doing business with your company so that deviations from those patterns can be detected. You should verify identification information at the time theaccount is opened, or within a relatively short period after (for example, within five business days after opening the account). If a customer refuses to provide the information, or appears to have intentionally provided false or misleading information, it's a good idea to contact your law or compliance department before opening the account to seek its guidance. If your company provides some kind of an account for a customer, such as a bank account, investment accounts, and so forth, depending on the circumstances, some additional information may be useful for certain kinds of accounts. Below is a partial list and the types of information you may want to consider gathering when opening the account. Non-resident alien account: Get a current passport number or other valid government identification number, and all necessary U.S. tax forms. Also consider whether even more information is necessary, depending on which country the customer comes from. Domestic trusts: Identify the principal ownership of the trust. Also get information regarding the authorized activity of the trust and who is authorized to act on behalf of it. Personal investment corporations or personal holding companies: Identify the principal beneficial owners of offshore corporate accounts where the accounts are personal investment corporations or personal holding companies. Try to identity who the beneficial owners are and where they are located. You may need additional due diligence depending on the entity's location in particular countries. Offshore trusts: Identify the principal ownership of a trust established in a foreign jurisdiction and consider additional due diligence for trusts located in countries known to have lax oversight of trust formation. C.

Institutional accounts, hedge funds, investment funds, and other intermediary relationships
Your anti-money laundering obligations don't end when a customer is an institution. Although institutional business differs from traditional retail business, this simply means that some of your anti-money laundering procedures will differ. In fact, even if an institution doesn't represent a credit risk to the firm because transactions are conducted on a delivery versus payment (DVP) basis, you may still need to conduct appropriate due diligence in order to satisfy your anti-money laundering procedures.

The due diligence obligations under know-your-customer rules for institutional accounts is a good place to start. Also consider getting information about the institutional customer's or its intermediary's authority to act on behalf of the underlying client, as well as whether the institutional client or intermediary has policies and procedures of its own to know its own clients. Some things to consider when deciding what additional due diligence is appropriate for an institutional customer to include are whether the institution or its intermediary has established anti-money laundering policies and procedures your firm's prior experience/business with the customer has been positive or raised any suspicions the customer is a registered financial institution based in a major regulated financial center or located in a FATF jurisdiction the customer has a reputable history in the investment business the customer is from a jurisdiction characterized as an offshore banking or secrecy haven or is one of the countries identified as being noncooperative with international efforts to combat money laundering. 0.

Some special issues relating to correspondent accounts D. Correspondent accounts with foreign shell banks
It's illegal for a financial institution to establish, administer, or manage a "correspondent account" in the United States for an unregulated foreign shell bank. A correspondent account is an account established to receive deposits from, make payments on behalf of, or handle other financial transactions related to a foreign bank. A foreign shell bank is a foreign bank with no physical presence in any country. If you discover or suspect that you might be maintaining or establishing a correspondent account for a foreign shell bank, contact your law or compliance department for guidance.

1. Due diligence for correspondent accounts with foreign financial institutions For correspondent accounts with foreign financial institutions that aren't shell banks, your firm is required to maintain records identifying the owners of the institution and the name and address of an agent residing in the United States authorized to accept service of legal process for the bank. Your firm also likely has a model certification issue by the Treasury Department that the foreign bank must complete. The form generally asks the foreign bank to confirm that it is not a shell bank and to provide the necessary ownership and agent information. The firm is required to recertify, if relying on the certification form, or otherwise verify any information provided by each foreign bank, at least every two years or at any time the firm has reason to believe that the information is no longer accurate. Under the PATRIOT Act, firms are required to establish appropriate, specific, and, where necessary, enhanced due

diligence policies, procedures, and controls to detect and report money laundering for any foreign institution correspondent account. This due diligence should generally include: a determination of whether the correspondent account is subject to enhanced due diligence requirements--this requires that, when the correspondent account is for a foreign bank, you determine whether it operates under certain offshore banking licenses or under a banking license issued by certain jurisdictions a risk assessment to determine whether the correspondent account poses a significant risk of money laundering activity--consider such factors as its size, lines of business, customer base, or location; the products and services offered; the nature of the correspondent account; and the type of transaction activity for which it will be used consideration of any publicly available information from U.S. governmental agencies and multinational organizations with respect to regulation and supervision, if any, applicable to the foreign institution consideration of any guidance issued by the U.S. Treasury Department or your functional regulator (such as the SEC or state insurance commissioner) regarding money laundering risks associated with particular foreign financial institutions and types of accounts review of public information to determine whether the foreign financial institution has been the subject of criminal action of any nature, or of any regulatory action relating to money laundering, to determine whether the circumstances of the action may reflect an increased risk of money laundering through the account At a minimum, for foreign banks licensed by high-risk countries or operating under an offshore banking license, your firm needs to perform enhanced scrutiny to determine the ownership of the foreign bank conduct enhanced scrutiny of the account to report and detect suspicious activity determine whether the foreign bank maintains "correspondent accounts" for any other bank--and if so, the identity of those banks E.

Special due diligence for private banking accounts


The PATRIOT Act also requires special due diligence for non-U.S. citizens who have private banking accounts with the firm. A private bank account is an account (or combination of accounts) that requires an aggregate deposit of funds or other assets of more than $1 million established on behalf of one or more individuals who have a direct or beneficial ownership interest in the account, and is assigned to, or administered by, in whole or in part, an officer, employee, or agent of a

financial institution as a liaison between the institution and the direct or beneficial owner of the account. For private banking accounts, firms are required to take steps to determine the identity of the nominal and beneficial account holders, including the lines of business and source of their wealth, the source of the funds deposited into the account, and whether any account holder is a senior foreign political figure. Steps you can take include confirming information provided by account holders and their agents and contacting beneficial owners, as appropriate, to determine their ownership interest and source of funds. You can also use public databases to determine whether someone is a senior foreign political figure. If the account is for a senior foreign political figure, or any immediate family member or close associate of a senior foreign political figure, enhanced due diligence is required. The enhanced scrutiny should be designed to detect and report transactions that may involve the proceeds of foreign official corruption, such as bribery. This includes approval of the decision to open an account by senior management. The level of scrutiny will also vary depending on whether the official is from a jurisdiction known to be a money laundering haven, whether current or former political figures have been implicated in large-scale corruption, and the length of time since a former official has been in office. To account for all the risk factors, your enhanced scrutiny may include determining the purpose and use of the private banking account, the location of the account holders, the source of funds, the type of transactions engaged in through the account, and the jurisdictions involved in the transactions. Check your firm's procedures for the due diligence requirements that apply to you if you handle correspondent accounts for foreign banks.

PENALTIES
I.

Civil and Criminal Penalties


It should be clear by now that American law enforcement takes money laundering violations seriously. In fact, the penalties for violating the money laundering statutes are severe. Depending on the circumstances, fines against companies can be as high as $500,000 per violation or twice the amount of the property involved in the financial transaction. Individuals are subject to the same fines, as well as up to 20 years in prison. Even the penalties for violating the reporting requirements are harsh. An individual's willful failure to report $10,000 transactions is punishable by fines up to $250,000, five years in prison, or both. Interfering with the filing of a report is also a violation. A false statement or misrepresentation made on a report can carry a fine of up to $10,000, five years in prison, or both. The law even says that if the violation of the reporting statutes is part of a pattern of illegal activity involving more than $100,000 in a 12-month period, the fine can double up to a maximum of $500,000, ten years in prison, or both. Finally, even if you are not criminally prosecuted, civil penalties can be assessed for each willful failure to file

a report, up to the greater of $25,000 or the amount involved in the transaction, up to $100,000. II.

Forfeiture, Receivership and Revocation of Charters


Finally, the government can seize and cause to be forfeited any property that was part of a money laundering offense or that is otherwise "traceable" to the offense. If, for example, one convinces a bank teller not to report a cash deposit of $15,000, the $15,000 can be frozen and thereafter surrendered to the government. Similarly, a building bought with laundered money is subject to forfeiture. Furthermore, a commission paid with dirty money is the government's to keep. A financial institution convicted of a money laundering offense is subject to what is referred to in the industry as the "death penalty": receivership and the revocation of its federal charter, license, or other authorization to conduct business. Through this procedure, financial institutions guilty of money laundering can be permanently closed down. Example 32: While Mary is laundering the payoffs collected by her corrupt police lieutenant husband, the president of her bank periodically goes out of his way to welcome the husband when he comes to the bank, even inviting him into to his personal office in full view of the other bank employees. After the cop is arrested by the FBI as part of a sweep of corrupt police officers, he makes a plea bargain with the government and discloses that every month he gave the president several thousand dollars cash in "appreciation" for the money laundering services rendered to him and his fellow officers. In addition to all the individuals at the bank being personally prosecuted and jailed for money laundering, the bank would probably be placed in receivership and liquidated.

STATE LAWS
A number of states have laws that substantially parallel the federal money laundering statutes and regulations. Included among those states are California, Florida, and New York. Common to the laws of these three states and the federal ones is that knowing participating in transactions involving the proceeds of crime or criminally "derived" property or intentionally concealing the origin of such proceeds and property is illegal. Accordingly, what we have called the "First Pillar" of the law of money laundering--the obligation to avoid dirty assets--is enforceable against an offender in those states having such laws independently of the prohibition of such conduct under the law of the U.S. government. Consult your law department if you have any questions about the effect of state money laundering laws on your company. Example 33: If the bank where Mary works is in California, she, her corrupt police lieutenant husband, her head-in-the sand supervisor, and the compromised bank president could be sent to prison for lengthy terms for violating the state's laws prohibiting participation in any financial transaction of over $5,000 for the purpose of "promoting" or "facilitating" criminal activity. Such prison time would be over and above whatever federal time they had to serve for breaking the federal money laundering laws.

COORDINATED FEDERAL ENFORCEMENT AND OVERSIGHT

In 1990, the U.S. Treasury Department created the Financial Crimes Enforcement Network (FinCEN) to establish, oversee, and implement policies to prevent and detect money laundering. FinCEN acts as a central depository for reports filed by financial institutions. While FinCEN is an agency of the Treasury Department, it provides intelligence information to many law enforcement agencies, such as the Justice Department, enabling them to track criminals and their assets and to develop new strategies against money laundering. It also provides an increasingly valuable information resource to the general public. Among other things, FinCEN periodically designates foreign jurisdictions, institutions, classes of transactions, and types of accounts as being of "primary money laundering concern." For further information, see the "Section 311" page of the FinCEN website at http://www.fincen.gov/reg_section311.html. In addition, the interdiction and eradication of money laundering has been declared a national priority. In 1998 Congress passed, and the president signed, a law requiring the secretary of the Treasury and the attorney general of the United States to annually submit to Congress a "national strategy for combating money laundering and related financial crimes." The strategy is developed in conjunction with the Federal Reserve Board, the IRS, the SEC, the Postal Inspection Service, and states attorneys general and prosecutors. The unifying theme of the multipronged strategy is (1) strict prosecution and harsh punishment of individuals and businesses who violate the laws and 2) prevention through public and private industry alliances within the United States and internationally.

EDUCATIONAL HANDBOOK
ANTI-MONEY LAUNDERING FOR LIFE INSURANCE COMPANIES
This resource provides valuable reinforcement tools to supplement your AML training program efforts. It includes Frequently Asked Questions about the topic area, a Top Ten list revealing the most important risks to your employees, and is rounded out with a Quiz to assess your employees knowledge.

FREQUENTLY ASKED QUESTIONS ABOUT ANTI-MONEY LAUNDERING FOR LIFE INSURANCE COMPANIES
1. What is money laundering? Simply stated, money laundering is the process of making "dirty money" clean. There are two kinds of dirty money. The first is money that comes directly from illegal activities, such as drug sales, gambling, larceny, bribery, and securities fraud. The second is money that comes from legitimate activities but is then concealed for an illegal purpose such as tax evasion or terrorist activities. Money laundering typically involves concealing the existence or source of funds and then disguising those funds by using them for apparently legitimate purposes. 2. How much money gets laundered? It's estimated that between US$590 billion and US$1.5 trillion gets laundered worldwide each year. That's between 2% and 5% of the global gross domestic product. 3. How can I identify which countries are considered money laundering havens? The Financial Action Task Force (FATF) periodically publishes a list of countries that it regards as noncompliant. You can find this list on the FATF Web site (www.fatf-gafi.org). 4. If a client tells me that the money in his account resulted from illegal activities, can I still execute transactions in the account? No. If you engage in any kind of transaction with such an account, you may be helping the client launder money. You must report what you know to your supervisor or legal and compliance department. They'll determine what actions need to be taken. 5. Why is the insurance industry attractive to money launderers? While the movement of assets may not be as easy using insurance products as something like highly liquid securities at brokerage firms with offices all over the world, money launderers may still be drawn to insurance companies. Those laundering money may feel insurance companies will not have as comprehensive anti-money laundering programs. Also, compensation of insurance agents is often commission based, so there's a built-in incentive to disregard the source of client funds. In other words, criminals will try to launder money using insurance products because they feel they can get away with it.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

6. What businesses can be used to launder money? Any business entity that processes cash and transfers funds or other instruments of value can be used to launder money. Funds may be laundered through almost any kind of business, including investment banks, brokerages, commercial and retail banks, hedge funds, foreign currency exchanges, and, of course, insurance companies. Even businesses with a high cash turnover such as bowling alleys and travel agencies have been used to launder money. 7. If my company prohibits cash transactions, do I still need to worry about money laundering? Yes. Money laundering can take place with traveler's checks, personal checks, bank checks, money orders, bearer bonds, and wire transfers. 8. What is willful blindness? Willful blindness occurs when someone ignores signs that an account is being used to launder money, or doesn't take the required steps to report suspicious activity. The law here is concerned with whether someone knows or should be able to tell that the funds in question are derived from criminal activity, or that a transaction is designed to conceal the source of the funds. 9. Can I be convicted of money laundering just for ignoring warning signs indicating suspicious activities? Yes. If you know that your client is laundering money, or if you choose to ignore warning signs while assisting your client in laundering money, you could find yourself being prosecuted for money laundering. 10. What kind of knowledge would make me guilty of money laundering? A financial transaction involving dirty money can violate the money laundering laws if anyone involved knows or is willfully blind to the fact that it's designed to conceal or disguise the nature, location, source, ownership, or control of the proceeds of criminal activity. In addition, if anyone engages in a transaction with the intent to promote criminal activity or engage in tax fraud or evasion, this too violates the money laundering laws. 11. What are the penalties for money laundering? The penalties for violating the money laundering laws are severe. In the United States, depending on the circumstances and jurisdiction, fines against companies can be as high as US$500,000 per violation or twice the amount of the transaction. Individuals are subject to the same fines, as well as up to 20 years in prison. In addition, the government can seize the property involved. In Canada, the fines can be as high as $2 million and the prison term up to 5 years. 12. What is a Politically Exposed Person (PEP)? A Politically Exposed Person (PEP) is an individual who is or has been entrusted with prominent public functions in a foreign country, including heads of state; senior politicians; senior government, judicial, or military officials; senior executives of state-owned corporations; or important political party officials. PEPs also include individuals with close family ties or personal or business connections with PEPs. Prior to opening an account for a PEP, you should perform enhanced due diligence.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

13. What are some of the warning signs I should look for regarding client information? Watch for a client who's unusually concerned about privacy, who provides information that proves to be false or suspicious, who's reluctant to proceed when informed of currency reporting requirements, or who withholds information necessary to complete required transaction reports. 14. What are some of the warning signs I should look for in client account activity? While it's impossible to list every potential situation, some examples include making frequent large deposits or withdrawals for no apparent business or personal reason; frequently depositing funds into an account and immediately requesting wire transfers to another city or country when there isn't a clear connection between the transfers and the client's business or personal activities; and transfers to offshore accounts. 15. Does the law protect me if I report suspicious activity and I'm wrong? Yes. If a company reports a client's suspicious activity to the authorities, both the company and its employees are generally protected if the client sues them for reporting it. Escalate your concerns within your company when you have a good-faith basis for suspicion that the law may have been violated, and that the client's account or accounts are connected to the suspicious activity. Your company will formally decide whether to file a report. 16. Why does the government care about money laundering? Without money laundering, crime doesn't pay. Most crimes are useful to the perpetrator only to the extent that their proceeds can be used to purchase goods and services. The objective of the government's program is to target the flow of money generated by crime and prevent it from being laundered and potentially used in commerce. If law enforcement can succeed at this, the incentive to commit crimes will diminish. 17. How do I report activity that I think is money laundering? It's important that you report it in the correct way. You should not, under any circumstances, disclose your suspicions to the client. Instead, immediately notify your company's legal and compliance department. The department will decide whether to report the suspicious activity to authorities. 18. What are sanctions lists? Various countries have put together lists of people, groups, or entities that are thought to pose a high risk of crimes, including terrorism. It's recommended that you search for your clients' names on these lists. If you find an existing or potential client's name on a sanctions list, immediately contact your supervisor or legal and compliance department.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

TOP TEN THINGS TO REMEMBER ABOUT ANIT-MONEY LAUNDERING FOR LIFE INSURANCE COMPANIES

1. Money laundering is a crime in which funds are moved through one or several accounts, financial institutions, or countries to disguise their illegal origin and ownership. Proceeds of various crimes, including securities fraud, political corruption, arms trafficking, drug dealing, and simple theft, that are successfully laundered may then be spent or reinvested without detection by law enforcement. 2. "Willful blindness" may make you and your company accomplices to the crime of money laundering. Willful blindness occurs when an individual deliberately ignores signs that an account is being used to launder money, or engage in other suspicious activity, and takes no steps to report the suspicious activity. Burying your head in the sand and allowing your clients to engage in suspicious transactions can result in grave consequences for you and your company. Penalties for willful blindness may be as severe as penalties imposed on the money launderers themselves. Reporting your suspicions is always safer. 3. If you suspect that money laundering is occurring at or through your company, report it to your supervisor or legal and compliance department. To protect yourself and your company, you should be alert to suspicious activity that may indicate that money laundering or other crimes are being committed. If you're not sure what to do in a particular situation, it's best to escalate any suspicious activities to your supervisor or legal and compliance department. If your company reports suspicious activity to the government and it turns out that you were wrong, you and your company will be protected from lawsuits as long as your report was made in good faith. 4. An insurance company must develop and implement a risk-based anti-money laundering program applicable to its covered products. Being risk-based means the insurer's AML program must include policies and procedures based upon a risk assessment of the money laundering and terrorist financing risks associated with the insurer. Under the USA PATRIOT Act, the assessment would look at the risks associated with the insurer's covered products. 5. The AML program applies to covered products. For a life insurance company in the United States, covered products include permanent life insurance and annuity contracts other than group life insurance and group annuities, as well as any other insurance products with features of cash value or investment. In Canada, these products would be considered higher risk while products that the USA PATRIOT Act considers exempt would be considered low risk. 6. Insurers are required to incorporate agents and brokers selling covered products into their company's AML program. Money launderers take advantage of the fact that insurance products are often sold by independent brokers and agents who do not work directly for the insurance companies. These agents may have little know-how or motivation to screen clients or question payment methods.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

7. Under certain circumstances insurers are required to file Suspicious Activity Reports (SAR) in the United States or Suspicious Transaction Reports (STR) in Canada. In the United States these circumstances include transactions involving covered products with a face amount of at least US$5,000 that an insurance company knows, suspects, or has reason to suspect involve funds that come from an illegal activity, as well as transactions designed to avoid reporting requirements, or having no business or apparent lawful purpose. In Canada, there are no dollar limits or exclusions based on products or client types for this reporting requirement. Remember, if your company decides to undertake a review or report suspicious activity to a government entity, you must not, under any circumstances, disclose this information to the client. 8. Warning signs that a potential client is a money launderer frequently involve either the client's identity or his reason for wanting to open the account. Be wary of a client's reluctance to provide information about his identity, address, business activities, or source of funds. Clients whose backgrounds are inconsistent or whose behavior doesn't match their reasons for opening the account should also be watched carefully. 9. It's important for financial institutions to detect and prevent money laundering throughout the life of an account relationship, not just at the beginning. Money laundering can take place at any stage of an account relationshipfrom the first deposit of funds into an institution to the liquidation of funds when a client relationship is terminated. Signs of money laundering include clients who disregard commissions and transaction fees. Money launderers also tend to make wire transfers that have no apparent business purpose or that are sudden, unexplained, or extensive. Clients with numerous accounts should raise suspicions, especially if the accounts are under different names or serve no apparent business purpose. 10. Penalties for failing to abide by anti-money laundering laws and regulations can be severe. They include costly remedial measures, substantial fines levied against your company and individual employees, and a licensed person's permanent ban from the financial services industry.

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

TEST YOUR KNOWLEDGE OF ANTI-MONEY LAUNDERING FOR LIFE INSURANCE COMPANIES


Question 1:
Which of the following statements is true? a) b) c) d) Money laundering always involves cash deposits Money launderers seek to disguise the source and ownership of funds through a series of transactions Money launderers include only drug dealers or terrorists Money laundering happens only at the time an account is opened

Question 2:
Which step in the money laundering process disassociates the illegal funds from the crime by creating a complex web of financial transactions? a) b) c) d) Placement Layering Integration Transformation

Question 3:
Why is an annuity contract considered a higher risk for money laundering than a property and casualty insurance policy? a) b) c) d) Because an annuity contract can have cash value and investment potential Because annuity contracts are riskier than any kind of insurance policy Because the amount invested in an annuity is usually larger than property and casualty insurance premiums Because property and casualty insurance protects you against a loss

Question 4:
Linda sees a picture on the internet of a client she recently opened an account for, Monica, shaking hands with a prominent Guatemalan government official. She calls Monica and, after sharing a chuckle about the picture, finds out they're cousins. Does this information change the way Linda should treat Monicas account? a) b) c) d) No, the account is already open and Monica hasn't laundered any money No, a relative of a prominent government official isn't a PEP Yes, Linda should perform enhanced due diligence, even though the account is already open Yes, Linda should freeze the account until an expanded identification process can be completed

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

Question 5:
Each of the following is a warning sign of money laundering when opening an account except a) b) c) d) Excessive concern by a client about your company's compliance with government reporting requirements Altered or forged account opening documentation Reluctance to provide identifying information or documentation Client's personal identification documentation is issued by developing countries

Question 6:
Assessing the likelihood of a product being used to launder money is a component of what type of AML program? a) b) c) d) Client-based Risk-based Product-based Fear-based

Question 7:
Maurice has been a client of Lars for the past fifteen years. Should Lars still be mindful of suspicious behavior in Maurices transactions? a) Yes, a client could launder money at any time b) No, if Maurice was going to launder money he would have done it by now

Question 8:
Which of the following questions will help you detect and prevent money laundering or other suspicious activity? a) Do I know the source of the funds my client seeks to invest at the company? b) Do I know whether my client lives or is based in a sanctioned country or is on a sanctions list? c) Does my client's account activity make sense when compared with the client's stated investment objectives or with the account activity of other similarly situated clients? d) All of the above

Question 9:
Sandra is helping Zachary, a wealthy financier, open a variable annuity account. Zachary isn't a U.S. or Canadian citizen, and in fact is the Minister of Finance of a foreign country. When Sandra begins asking detailed questions about his identity and background, Zachary acts deeply offended and even claims that she's invading his privacy. What should Sandra do? a) b) c) d) Immediately stop asking questions. Tell him that she might have to file auspicious activity report if he refuses to answer the question. Tell him that she must verify every potential client's identity as part of the account opening process Open the account, but do nothing further

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

Question 10:
Your company files a SAR for some transactions made by your customer. But you know the customer and know that the transactions are legitimate, so you speak to him about the SAR to preserve the business relationship. Which of the following statements best describes your actions? a) b) c) d) You violated the anti-money laundering laws You used good judgment to preserve an important customer relationship You perhaps behaved inappropriately, but you didn't violate the law You are allowed to discuss it because you didn't file the SAR

Please note that LRN ECA resources and materials are intended for internal use only by LRN ECA subscribers and distribution to non-subscribers outside of your organization is not authorized without express written permission from LRN.

www.eca.lrn.com

Answer to Question 1:
b) is the answer. Money laundering is the process of hiding the criminal source of funds, generally through a series of transactions. While money laundering can certainly be done with cash deposits, it is not the sole means. Money laun