Reading the Tea Leaves

There is absolutely no percentage in disagreeing with Mike Volkov.  Besides being—and I don’t use this word all that often—brilliant, and an experienced practitioner, and a former prosecutor, and just a heck of a nice guy, he’s usually right.

But with a slight tremor of my fingers on the keys, let me venture into this dangerous world of those who disagree.

To be fair (and I recognize this is another caveat), it’s not just Mike I disagree with.  Mike, in his latest blog post, echoes a common theme.  The theme—like a lot of the latest drivel masquerading as commentary lately—is something that sounds like someone wants it to be true.  But it’s not true at all.  It’s a lie.  And a dangerous lie at that.

Mike says that the Department’s enforcement regime is well into hubris [don’t be ashamed, go ahead and click through to the definition: I did].  He claims that companies just want clarity:

Companies and practitioners are frustrated because they have to read tea leaves of Justice Department expectations from criminal settlements and official speeches to decipher what is expected of them in the compliance world.

Most business want to comply in good faith but want more specific guidance on what they have to do to comply with the law. Legal interpretations of terms are made by DOJ lawyers with little judicial supervision. These are issues which should be addressed by some type of overall regulatory framework or even like the Ministry of Justice tried to do in releasing guidance for the UK Bribery Act.

I’m sorry, but no. I don’t accept this at all. Whether the Department’s habit of trumpeting its settlements ventures into hubris is something reasonable people can disagree on. I tend to think not, if only because every single agency—and law firm—does the same thing. If everyone has hubris, no one does, don’t you think?

But the idea that companies would jump to comply with the FCPA if only they knew what the DOJ expected of them is total crap. In case you missed the Metcalf and Eddy case back in the 90s, or the 2004 opinion release (04-02) which defined effective compliance, you need only look at Schedule C to any recent deferred prosecution agreement. Or go to any “Luncheon Law” event, or read any of the books written about effective FCPA compliance (including, not for nothing, Mike’s)[which I bought, by the way, and I recommend you buy as well]. At the conference I just chaired (I’m writing this post in the Hong Kong airport), Chuck Duross appeared via Skype and talked about this very thing. How many times have we heard from Chuck, and Mark before him, that programs need to be more than paper?

I’ve done a metric ton of benchmarking, and you’d be amazed at what companies don’t do. What amazes me isn’t that there are 80 companies under investigation, but that the number is only 80.

The problem isn’t that people don’t know what to do. The problem is that they don’t want to do it. Not really. They tell their compliance officer that an extra $500 spent on diligence would “kill the business.” Or “that’s just not how things are done here in ______”. And their senior leaders say they want ethical business, but push comes to shove, they get their bonus only if they meet their sales targets. Which are set in stone.

Or worse, companies come up with all kinds of workarounds, or set up their program to give the appearance of diligence without actually learning anything about the partner.

Companies also know—within a range—what kind of benefit they’ll get from having effective compliance. But because each case is different, the Department must have—absolutely must have—significant discretion on what to reward and how much.

But is this what we want? And do you mean what you’re saying? Companies shouldn’t have to implement effective compliance without knowing their ROI? Companies have to implement effective anti-corruption compliance because companies shouldn’t bribe! Bribery is bad. I think we can all get behind this concept, yes? Bribery leads to things like kids getting killed because construction projects use substandard materials approved through bribery, and the buildings fall down during an earthquake. And if you think I’m being melodramatic, someone at my conference used that very example in training. It really happened. Bribery is a blight that warps markets, and ends up impacting the most the segment of the population that can bear it the least. People struggling with poverty shouldn’t have to deal with forced expediting payments.

And if you’re interested in ROI, let’s talk about the effect of bribery on the ROI of product developement and customer service.

But why do I call this a “dangerous lie?” It’s dangerous because it’s an excuse for inaction. And inertia is a compliance officer’s worst enemy. “Let’s wait until we get some better guidance on what we need to do.” “If the Department can’t tell us what they want, we really can’t justify the expense of the system you want to build; maybe next quarter when the DOJ comes out with the guidance.” It’s tough enough to move companies into the light without experienced practitioners giving them ammunition.

I don’t think the DOJ could be clearer if they gave us a checklist. Oh wait, they did. By the way, for those of you waiting for the guidance, prepare to be underwhelmed. There’s no way—no way at all—that the DOJ is going to put into writing something that will limit their discretion in a meaningful way. They’ll define “foreign official” using the recent decision—I’m betting they’ll quote it exactly—and they’ll talk generally about rewarding effective compliance. But if they say anything significantly different from what they’ve already been saying for the last 6 years, I’ll eat my hat. (A different hat, Barry)

Let’s move the discussion along, shall we? What are the best ways to implement what the DOJ has been telling us for 8 years that they want? That’s a discussion we should be having.

“Luncheon Law” and a Lesson from the Professor

Let me start by saying that I disagree with Prof. Mike Koehler about 95% of the time. That’s not to say he’s wrong; he rarely is. It’s just that he and I have widely disparate views on enforcement, and we read the same facts in different ways. Because of that, we almost invariably come to different conclusions. But reasonable people can disagree, and the Professor is always reasonable.

This is not that. We’re squarely in the 5% here. I found myself nodding in agreement throughout my reading of his post on “Addressing the ‘Luncheon Law’ Nature of the FCPA.” Even within the post, however, I disagree with some of Prof. Koehler’s conclusions. But his thesis is dead on.

To briefly recap his post, he feels that the current practice of DOJ and SEC officials speaking at sometimes pricey conferences is, if not an outright conflict of interest, somehow anti-democratic. Certainly it’s not praiseworthy. It leaves practitioners with too little guidance publicly, and freely, available. And we can all get behind the idea that it’s not how we want law, policy, or even best practices to develop, on the lecture circuit.

I agree with one part of this: while I don’t agree that it’s a conflict or otherwise even remotely improper, I do agree that it’s not how we want the Department to inform us of trends.

I feel for the single practitioners and small-firm lawyers out there. These things are expensive. One of the reasons I started speaking at conferences, frankly, was that they waive the entry fees for speakers. And I’ve either been a regulator or worked for huge corporations that have budgets for this kind of thing. Budgets that I wasn’t responsible for. When I was in-house, I never was told, “it’s too expensive.” But even I choked a little bit seeing the price tag for this year’s ACI conference. I’m still trying to figure out a way to bribe Matt Kelly to get me into Compliance Week this year at a discount.

I used to go to these conferences with the expressed purpose of “reading the DOJ tea leaves for this season.” The “used to” in that sentence is important, but we’ll get to that in a minute. Because “reading the tea leaves” was a crucial part of my risk assessment process. That’s a pitiful state of affairs, but there you are. During that period, several years ago, there really wasn’t anywhere else to go. I would reach out to fellow in-house practitioners and benchmark all the time, and I’d follow Mark Mendelsohn around like a puppy looking for scraps. It was a little sad, really. I know I’m a bit of a geek, and I know Mark Mendelsohn ain’t the Grateful Dead. But there I was, an FCPA Mendelhead. Back then, there was no SEC vertical unit for FCPA prosecution, and Cheryl Scarboro wasn’t nearly as well known as she is today, except to those illuminati like Martin Weinstein and Dan Newcomb, who were doing multiple self-disclosures. She was the unofficial head at SEC, but not as visible.

The nice thing was that Mark and others would throw scraps out. I remember this gem, “people have to realize that the FCPA isn’t fun and games, it’s a federal crime and people have to go to jail.” Don’t think that quote didn’t end up in every presentation I gave. I heard about the idea of industry sweeps at a conference, the push into the tech sector, the push into individual prosecutions, the evolving ideas of when to self-disclose, and current expectations around due diligence, all at conferences.

As I said before, that’s no way to run a railroad. A practitioner’s ability to learn the current state of the law for FCPA compliance shouldn’t cost that attorney the entry fees that conference organizers charge. Not to mention the travel, lodging, food, and other expenses that accrue on a three to four-day trip.

But all this was years ago. I don’t think the same argument could be made today. Well, the conference fee and expense argument can still be made: they’re still really, really expensive. But I don’t think anyone can argue with a straight face that they can’t learn—from free, publicly-available resources—the current state of FCPA law and compliance. Let’s just go through a few of those, shall we?

First, there’s the DOJ Web site, including the Layperson’s Guide. Every opinion release is available for download. When I was first starting out in this space, I took an afternoon and read every single Opinion Release. You’d be absolutely amazed how much is in there.

The TRACE compendium is free—every FCPA case ever is available to read and analyze. TRACE’s publicly available resources are staggeringly useful.

Several law firms have been incredibly generous—Shearman & Sterling is at the top of that list—in making serious pieces of research available to the public, for free: The FCPA Digest is a must-download. I don’t care how many pages it’s up to now, it’s worth the paper and ink. If you don’t think I have a copy, you’re crazy. Many FCPA-savvy firms have similar client briefs available to the public: Gibson Dunn and Miller Chevalier are two good ones. But there are so many others I hesitate to even begin to list them here.

My This Week in FCPA colleague, Tom Fox, reminded me on this week’s episode that compliance advice goes back as far as Opinion Release 04-02. That’s 2004. I think it goes back farther, to the Metcalf & Eddy documents, but I have to check that, I might be mis-remembering.

Plus, we have an expanding group of writers—I call us the “commentariat”—that write almost exclusively on the FCPA. For straight-up compliance advice, I don’t think there’s anything that beats Tom Fox and Mike Volkov. Delve into their archives and you’ll have everything you need. For the UK Bribery Act, bookmark Barry Vitou’s and Richard Kovalevky’s “The Bribery Act.” You can also look at Chadbourne’s site on that—truth be told, however, no matter how much I love those guys (and Heidi) at Chadbourne, their site comes in second to Barry and Richard’s.

Even as I disagree with Prof. Koehler, I acknowledge that he’s probably the most knowledgeable guy in the world on the history of FCPA law and enforcement. Maybe if you put Mark Mendelsohn, Chuck Duross, and Peter Clark in a room, they’d be his equal. Maybe. For current information, there’s the Godfather of FCPA blogs: Dick Cassin and his FCPA Blog. He’s literally the Godfather: we all pay him protection money. Kidding. Sir, really, I was kidding.

Plus, there are a number of books about FCPA compliance. I have a few on my bookshelf, and I reference them all the time. [ed note: I’m on the Amtrak to DC now, but when I get back home I’ll update this post with the titles]. I just bought Mike Volkov’s book: if you’re interested in FCPA compliance, it’s a must-buy.

Not to pile on, but DOJ lawyers aren’t silent when they’re not at conferences. They are constantly communicating with the public through their language in DPAs, NPAs, and prosecutions. Schedule C—the compliance program explanation that I’m reviewing in a series on this very blog—is an invaluable guide to compliance. It’s a damn checklist, not to put too fine a point on it.

I agree some changes could be made. I once suggested to the DOJ that they publish on their website a schedule of speaking engagements where DOJ representatives would be speaking. But perhaps the DOJ should go further: they should absolutely prepare formal statements based on the conference presentations and publish them on their Web site. I would also get behind a DOJ mandate to conference organizers that if they want DOJ speakers, those sessions must be open to the public. [To all those conference organizers who read this and might consider having me as a speaker…I was just kidding about that].

To close, while I agree that “Luncheon Law” isn’t the state of affairs we want, I don’t think it’s the state of affairs we’ve got.

By the way, if you want to know what Charles Cain said about declinations, read the rest of the post Prof. Koehler links to.

Long Time, No See

Have I really not written anything since July 18th?  You’re probably sitting there by your RSS reader saying, “he never calls, he never writes….”

I’ve been travelling a lot, which is one reason, and I’ve been head-down on a couple of work projects.

So let me just refer you to an excellent post by Michael Volkov.  I say excellent not just because he refers to me in the title, and not just because he has a picture of me at the top of the post, but because he’s absolutely right.

I write and speak a lot on control convergence—the idea that the silos of compliance controls should be merged since we’re all looking for the same or very similar data.  OFAC compliance and FCPA/UKBA compliance is a no-brainer in my opinion for this kind of approach.  Same with anti-money laundering.  If your company has an FIU (mainly in banks and other financial institutions), and your FCPA/UKBA compliance team hasn’t tapped into that resource, you need a new FCPA/UKBA compliance team.  Remember, AML compliance is older, more structured, more mature, and has better resources.  If you need an AML compliance program, you need a good one, and you need it badly.  Companies can spend upwards of $100 million on AML programs.  Is there anyone out there who has spent that kind of money on FCPA/UKBA compliance?  I don’t think so.  Maybe Siemens, but most of their money was spent on internal investigations, not the compliance program per se.

So…go read Mr. Volkov’s post, and I promise new posts more regularly.