The UK Bribery Act, FCPA And Data Monitoring

Sunday, April 3, 2011 - 00:00

Editor: Can you tell our readers a bit about yourself and Recommind?

Sklar: I am senior counsel at Recommind. I help companies and firms understand the capabilities of Recommind's software.

Recommind is ten years old. Because we have been around longer than most companies in this space, our clients feel comfortable with the quality of our advice and with using our software. Our predictive information management software provides not only an end-to-end solution for e-discovery-related issues but also for managing risks because it enables management to detect risks on a real-time basis.

It's an exciting time. We are a growing company, having just opened up offices in Sydney, Australia and expanded our London office. We already have offices in Germany as well as Boston and San Francisco.

Personally, I have a background in regulatory compliance. I started out as an assistant DA in the Bronx investigating white-collar crime there. I then went to the SEC, where I was a senior enforcement counsel for six years. Following that I went in-house at American Express, where I ran compliance programs for their travel division, which encompassed three operating divisions totaling about 20-25,000 people. After that I implemented almost from the ground up American Express's anti-corruption compliance program across the entire company. From there, I went to Hewlett Packard, where I ran the anti-corruption compliance program and also gave advice to business units on compliance with U.S. sanctions.

Editor: Tell us about the recent activity around the UK Bribery Act (UK Act).

Sklar: The UK Act was passed a year ago, and it's still in the process of implementation. Its scope is expansive in terms of both jurisdiction and the substantive crimes that it creates.

From the jurisdictional perspective, the UK Act has a long arm. Any company that has a substantial nexus to the UK is covered. Substantively, it differs significantly from the U.S. Foreign Corrupt Practices Act. The UK Act outlaws facilitation payments, which are not considered bribes under U.S. law. More importantly, unlike the FCPA, it prohibits bribery of commercial entities. We are waiting on pins and needles to see what the guidance for enforcement of the UK Act will be.

The implementation of the UK Act has been delayed twice because the UK government wants to have in place compliance guidelines for companies at the time it becomes effective. This is similar to the practice of our President issuing a statement about how the government will interpret new legislation upon his signing it into law.

Drafts of the UK government's guidance have gotten into the hands of the press, and it appears that the drafts are weakening some elements of the Act. A recent draft discussed the Act's jurisdiction. One of the triggers for FCPA jurisdiction is being listed on a U.S. exchange. Any foreign company that issues ADRs or is otherwise listed on a U.S. stock exchange is covered by both the anti-bribery elements of the FCPA and its books and records requirements. What the UK government will supposedly say is that having your stock listed on a UK exchange will not necessarily provide jurisdiction.

Another element on which they seem to be weakening is the prohibition of facilitation payments. These are small payments to lower-level officials in order to expedite an action to which you are entitled as a matter of law or contract. For example, an employee of the telephone company comes to connect your phone, but won't do so until you give him a couple of dollars. Those few dollars are a facilitation payment. Obviously, the difference between a facilitation payment and a bribe is a little fuzzy, which is why facilitation payments are so dangerous. Sometimes you don't know whether the government will treat a payment as a facilitation payment or a bribe.

Editor: Don't federal officials face the same problem under the FCPA?

Sklar: They do and they don't. Under the U.S. law facilitation payments are not considered bribes. When the U.S. law was passed in the '70s, 400 companies presented the SEC with a survey that evidenced that facilitation payments were essential to doing business. Under U.S. law, we still have a problem because there is no exception for facilitation payments under the books and records provisions. So, U.S. companies are allowed to make facilitation payments but must record them as such in their books and records.

Perhaps, we should breathe a sigh of relief with respect to the UK Act, because although facilitation payments are tremendously problematic under the language of the UK Act, it appears from the draft guidance that the UK government is going to say that we're not going to prosecute facilitation payments except in extreme cases. The third area where the draft guidance seems to weaken the law is in hospitality. Under the FCPA, inviting the Minister of Defense in Nigeria out to lunch is not going to be a problem. Where companies generally run into problems is when the hospitality gets out of hand, for example, when you fly a government official and his family to Florida and he spends one day talking to you about your business, and then you send them for four days to Disney World.

The UK Act has a similar type of prohibition against unreasonable hospitality, but it appears that the guidance is even going to water that down. This will reassure UK companies that they can entertain business guests by providing a box at Wimbledon without a problem.

Avoiding overly lavish and extravagant hospitality can be tricky. Let's say that a company is inviting high-level government officials to come to a four-day business event it is having at a five-star hotel. Can it put the officials up in the hotel where the event is happening? Can you send them a basket of fruit in their rooms? You're obviously going to be taking them out for meals. So, over the course of four days you might be spending $20,000 on each official.

For compliance officers, it becomes a real nightmare to determine whether a particular situation crosses the line. On the other hand businesses exist in order to make profits, so to the extent that companies have to do this in order to make money, the job of compliance officers is to help the business succeed in a compliant way.

Editor: When will the guidance document be issued?

Sklar: We don't know. It was originally supposed to be issued in April contemporaneously with the implementation of the Act. Now the government says that the UK Act will go into effect 90 days after they issue the guidance. Since they have not yet fixed on a date for issuing the guidance, the whole thing still remains very much up in the air. I wouldn't be surprised if it gets pushed into the summer.

Editor: There are widespread complaints in the U.S. that enforcement of the FCPA has gotten out of hand. Do you agree?

Sklar: I don't really agree with that group that says enforcement has been unfair. At the end of the day we're dealing with bribery, which pretty much everybody agrees is not a good thing. The Department of Justice has begun in the last five or six years to enforce the Foreign Corrupt Practices Act in a fairly rational and reasonable way. Certainly, I think the fines have gotten high. However, if a company has paid $600 million in bribes over five or six years, a large fine does not seem to be unreasonable. I don't have a problem with large fines when companies have profited significantly from paying bribes.

It is going to be interesting to see what happens in the UK because the budget for enforcement of the law has been set at £2 million, which isn't a lot.

Editor: Where do the funds go that are collected as a result of enforcement of the UK Act?

Sklar: I was told that the UK regulators will keep for their own budget one-third of the fines they collect. That could be a significant driver of UK enforcement even though in the past the UK has not been exceptionally strong on the enforcement front. It is interesting that the UK has gone from taking a very weak position on bribery to adopting what on its face is the strictest anti-bribery law in the world.

It is a significant change. The fact that they keep a third of their penalties can be a real driver of enforcement. U.S. regulators don't get to keep their fines for their own budget, they just go into the Treasury. Over the last couple of years they have totaled well over $2.5 billion. However, the fact that the DOJ brings so much into the Treasury makes it more likely that their budget requests will be approved.

Editor: Will paying bribes result in prosecution for other crimes and in multiple jurisdictions?

Sklar: One of the dangers of bribery is that once you begin going down the road of paying bribes, you violate a bunch of laws in addition to those banning bribery. You face laws relating to keeping accurate books and records and bans on money laundering (because you're hiding the money that you're spending on bribes). Depending on how you account for those payments, you could be violating tax laws.

Since there is no such thing as international double jeopardy, you may face prosecution in separate proceedings in countries throughout the world. This danger is not hypothetical since enforcement authorities throughout the world share information with one another. If you bribe people in four different countries, you could be facing five different actions, one in the U.S. and one in each country in which you paid the bribes.

Take Siemens, for example. It was prosecuted originally in Germany, and then they were prosecuted in the U.S. Now it is facing shareholder suits in other countries like Italy. It is also exposed to lawsuits in those countries in which it paid the bribes. So, in addition to the $1.6 billion that it paid in fines in Germany and in the U.S., it's facing significant ongoing judgments, penalties and litigation costs.

Editor: There's been a challenge to the part of the FCPA that deals with state-owned entities. What's at the heart of that challenge?

Sklar: It's an interesting issue that has just recently emerged. The FCPA prohibits payments to foreign officials. In order to be a foreign official, you have to work for a department, agency or instrumentality of the state. Since the passage of the Act in 1977, the word "instrumentality" has been interpreted to include entities that are owned by or controlled by the state. Many entities in China compete with private corporations in what is the private sector. Payments to those controlled by the state, and not necessarily owned by the state, could be considered to violate the FCPA.

One challenge to the DOJ's stance is that it leads to some absurd results. For example, an oil company is owned by a foreign state and owns a chain of gas stations in the U.S. Under the current state of the law, if you go to a local gas station owned by that company, the person to whom you hand over your money is a foreign official for purposes of the Act.

The DOJ has been very consistent in its application of the law to state-owned entities. In fact the government's defense in its brief against the challenge is to say "look we've been enforcing it this way for the last 34 years, you can't come to us now and tell us that you didn't know that payments to state-owned or -controlled entities were part of this law. You were on notice that we've been enforcing this."

If Congress thought that state-owned or -controlled entities were not included, they could have changed the law to exclude them. The driver is not a change in policy on the government's part; the reason that it is being challenged now is partly because of a change in government enforcement strategy.

In the last couple of years, the DOJ has made a public effort to tell us what their priorities are with respect to enforcement of the FCPA. Lanny Breuer, head of the DOJ's Criminal Division, now is on the speaking circuit telling us what it considers important.

In the last couple of years, one of the things that they've said is that they will, in order to give the Act real teeth, prosecute individuals, not just companies. Companies pay bribes through people, and the people need to be punished. Mark Mendelsohn started this along with Steve Tyrrell who was Mark's boss at DOJ. As a result of that change in enforcement policy, in 2009 and 2010 more individuals were prosecuted than companies. In the Vegas Shot Show case, 21 people were arrested.

Editor: Why do so few companies reach the prosecution stage? Sklar: Being indicted is just too damaging to public companies. A good example of that is Arthur Andersen. Arthur Andersen fought their case and eventually won. Its conviction was overturned, but it didn't do it any good because once it got indicted it couldn't audit public companies anymore. For a public accounting firm, not being able to do public accounting is a death sentence for that company, and it was for Arthur Andersen. One consequence of that decision is that companies realize they can't afford to be indicted , so the case gets resolved on the DOJ's terms.

Editor: What are the main components of a strong compliance program that will avoid the threat of indictment? I'm sure that you have set up quite a few in your former roles.

Sklar: I have, and companies do want to obey the law, particularly when they understand the consequences of failing to do so. It used to be said that what companies needed was the right "tone at the top." But that has been supplanted by a new phrase, which is "commitment from the top." So, it is not just tone. What prosecutors want to see is a commitment from the leaders of the company to an anti-corruption compliance program.

This starts with a company mandate that they must comply with the law. This is an absolute "must do," and really gives air cover to the business units that say that they would rather lose a contract than win it through bribery. If you have that kind of commitment, it is important that it flows down throughout the organization. Therefore it needs a well-written policy - not one written by lawyers for lawyers. Those policies need to lay out for employees what they are not allowed to do. It must tell them what bribes are and about the importance of not paying them.

You need significant training programs for employees that are targeted first to employees who interact with government officials and then to everybody else. Also, your finance people need to be familiarized with red flags to look for as they deal with the recording and reporting of the numbers. You need to have tiered and targeted training so that riskier employees get more training. You need monitoring efforts so that you can uncover clues about possible bribes.

You should do due diligence on third parties whose payments might be construed as bribes and imputed to your company. Let's say that you have a distributor or a firm that you hire to help you market in a particular country, and they pay a bribe to sell your products. If they do, and you knew or should have known that they were going to, then you are responsible for that bribe.

Global companies are responsible for bribes paid by those in its divisions and subsidiaries (including joint venture partners) located around the world. The leaders of the company have to tell their country leaders that compliance with anti-bribery laws is more important than revenue - that the company doesn't want revenue that comes into the company from a bribe because it is not worth it from a reputational and business perspective.

You have to set up training and monitoring in each country and do due diligence with respect to third parties who might make bribes in order to sell your products. If you engage an external sales or marketing agent or if you get into a joint venture, you have to do your due diligence on the parties involved to see whether or not there are any red flags, and if you discover red flags, you need to get an explanation. You may need to consider getting audit rights in contracts. Auditing is an essential part of a compliance program. The internal auditors need to make sure that policies are being followed.

Editor: Where do companies come up short?

Sklar: It's interesting, there hasn't been a case where a company has done due diligence on a third party and the government has come in afterwards and said that the diligence was insufficient. Where companies get into trouble is when they don't do any diligence. Companies get into trouble when it's evident that they don't care. Companies get into trouble with due diligence with third parties because they put their heads in the sand.

This is true with respect to hospitality. There really hasn't been a case where a company has said, "Look here is where we have set the lines on hospitality, we talked about it with the business, we worked through all of the issues. Hospitality is an essential part of our business worldwide so we're not going to outlaw it, but here are the constraints we have put on it." That is not where companies get into trouble. If the company makes those decisions and has a reasonable business basis for them, the government is not going to second-guess. The Department of Justice doesn't second-guess such business decisions.

Where companies get into trouble with hospitality is when there is no policy or where they have a policy but it's a policy on paper only. So, where companies fall short is really when they ignore problems and not when they deal with them.

Editor: Where does Recommind fit into this picture?

Sklar: What we do is help companies understand what data they have and what is in it. This is not only of great use in investigations, but it provides an ongoing program for monitoring emails and other data that can be evidence of the kind of due diligence that the DOJ expects or that likely will be expected under the UK Act.

Our software enables clients to pull emails into the application and monitor whether or not the emails indicate a problem. The advantage of our application over others is that our technology allows for concept searching not just keyword searching. What that means is that it doesn't matter what language an employee uses or how they express an idea or if they're talking in code, the software recognizes patterns and concepts in email to bring it forward for review. It's not just going to search for bribes and related keywords, it's going to search for anything that fits within the concept of paying a bribe, however expressed and in any language.

Our software uses concept search to quickly pull relevant documents out of large sets of documents. The concepts might be relevant to violations of laws relating to bribery, antitrust, privacy or any other concept that you want to monitor. As a result of this search you get what we call a seed set of documents that a human being can scan to see if they suggest that a possible violation has taken place or is likely to take place. Based off of this seed set, it will pull out all of the relevant documents from the large set of documents, let's say 1,000,000 documents. It will say you've given me 60 documents that are relevant to the concept for which you are searching, I've gone into that 1,000,000 and I found 437 that are like the 60 you gave me.

Editor: And this would be real time monitoring?

Sklar: That is right and not only that you can set up a schedule for periodically accessing all data being generated. You are not copying or maintaining an entire set of data, you're actually looking at the data where it sits and pulling information about that data and being able to examine it without necessarily copying it into a large data center because then you would need to expand your data storage.

Editor: So what Recommind is offering is a way in real time of getting advanced notice that something is about to take place or something has taken place that should be corrected?

Sklar: That is right so we're good on the pre-investigation stage to help you find potentially problematic documents. Then if an investigation starts, we can connect to all of your data sources and find documents that are relevant, and then if you end up in litigation we can help you review those documents. We don't do the reviewing, but we give reviewers better, more relevant documents to look at. What will end up happening is, if you have 1,000,000 documents, you will review let's say 10 to 30 percent, and that is all you need to look at because by the time you get through the 10 to 30 percent, we've helped you to find all of the relevant ones. Instead of having to go through 1,000,000 documents you now only have to go through 200,000, so we've saved you 80 percent of your human review costs.

Editor: So there is ultimately a human review of those documents?

Sklar: That is correct. Our review application doesn't replace human beings, it just makes them better at their job.

Please email the interviewee at howard.sklar@recommind.com with questions about this interview.