“Now more than ever, there is increased regulatory pressure on organizations – and their Boards of Directors – to create and maintain effective ethics and compliance programs…

[A]ntitrust/competition prosecutions are on the rise, product safety and quality issues are increasingly viewed as ethics and compliance issues, business partners and supply chains are under scrutiny with such laws as the California Transparency in Supply Chains Act, the DOJ is focusing on insider trading, U.S. FCPA prosecutions are increasing, the UK has enacted the Bribery Act, and the Dodd-Frank Act requires sound ‘speak up’ programs and establishes an SEC Whistleblower Program.

What is the net effect on the Board? CEOs and Board members are increasingly under the microscope – and under pressure to uphold both compliance and ethics oversight and company leadership responsibilities.”

“This data – with identifying characteristics removed – has allowed the creation of a set of benchmarks across a group of metrics which will assist organizations in making informed decisions about program effectiveness, potential problem areas, and necessary resource allocations. This report reviews the cross-industry benchmarks created using data from all companies in the database. It should serve as an excellent starting point for companies wishing to assess their organization’s reporting data…”

“The size of the penalty catches the eye, but beyond the whopping number is a sizeable lesson to be drawn from such enforcement actions: when a company forgoes the expense of maintaining its ITAR compliance system, it risks paying a much greater price if a breakdown occurs.

Folks tend to gripe about the money they shell out to have oil changed, filters replaced, or tires rotated.  But the smart vehicle owners among us know that, however much we may complain at the time, we are paying only a pittance in the present to prevent a future fiasco.  Maintenance and upkeep of a vehicle are key to long-term performance and, maybe more importantly, critical to avoiding that terrible day where your ride gives out on you, leaving you alone and stranded on the highway-side, your engine billowing smoke, while all the other drivers cruise past you, smug in their well-kept cars.

Similarly, the breakdowns that allegedly led to the Raytheon settlement were eminently avoidable.  According to a State Department press release, the Office of Defense Trade Controls Compliance (DTCC) determined that ‘numerous violations demonstrated a recurring, corporate-wide weakness in maintaining effective ITAR controls.’”

“Although a risk assessment can provide key information to those responsible for anti-corruption compliance, such an exercise is unlikely to have much visibility outside the company, and the failure to perform one may well go unnoticed. Yet without a clear vision of its particular corruption risks, a company’s compliance efforts may turn out to be needlessly costly and inefficient and, even more importantly, fail to provide the protection that the company hopes to obtain. Yogi Berra may have said it best: if you don’t know where you’re going, you might not get there…

Simply ‘having’ a policy against bribery provides little or no protection from corruption-related problems. U.S. authorities say they have frequently encountered companies ‘with compliance programs that are strong on paper but that nevertheless have significant FCPA violations because management has failed to effectively implement the program […].’ The purpose of an anti-corruption compliance program is to ‘mitigate’ or reduce the company’s risk of liability for improper conduct. A well-considered assessment of a company’s risks in this regard provides a solid foundation for these efforts. By identifying and evaluating its full range of corruption risks, a company is able to assure that it addresses key risks appropriately. Where risks are not identified, however, there may be gaps that leave certain exposures unmitigated.”

“In 2012, DOJ and the SEC brought 25 new Foreign Corrupt Practices Act (‘FCPA’) enforcement actions, a significant decrease from the number of FCPA enforcement actions brought in 2011 (45) and the prolific 2010 (71). However, there is no reason to suspect that DOJ and the SEC are losing their zeal for enforcement. Rather, it is likely that DOJ and the SEC are juggling the approximately 150 open investigations and were distracted by the drafting of their comprehensive FCPA Resource Guide, which was released in November 2012, as well as several trials.

Many trends from 2011 continued into 2012, including DOJ’s and the SEC’s willingness to reward companies for their swift voluntary disclosure and ongoing cooperation. In at least one significant case (U.S. v. Peterson), DOJ and the SEC declined to bring an enforcement action against the individual defendant’s corporate employer, financial services giant Morgan Stanley, noting Morgan Stanley’s rigorous FCPA compliance program, voluntary disclosure, and cooperation. In addition, the trend away from using independent compliance monitors/“consultants,” in favor of self-monitoring and periodic self-reporting, continued. DOJ’s and the SEC’s targeting of the health care and life sciences industries continued to bear fruit. Indeed, more than half of DOJ’s FCPA enforcement actions this year were brought against medical device manufacturers and/or pharmaceutical companies.”

“The comprehensive guidance consists of cases, hypotheticals, interpretations, and explanations, and is designed to guide employers in designing and testing their FCPA compliance programs… One of the more extensive topics of discussion in the newly-issued FCPA guidance is the provision of gifts, travel, and entertainment. The guidance lists several examples of improper travel and entertainment gifts, including ‘a $12,000 birthday trip for a government decision-maker from Mexico’ and ‘a trip to Paris for a government official and his wife that consisted primarily of touring activities via a chauffer-driven vehicle.’”

“Step One: Adopt a ‘responsible sourcing’ policy for conflict minerals and communicate this policy to your suppliers. Make clear your expectation that your suppliers will obtain materials only from ‘conflict-free’ sources, and that you will not tolerate the sourcing of materials from armed groups committing human rights violations. Adopting a ‘responsible sourcing’ policy is the first step in a conflict minerals ‘due diligence’ process, and even if your products do not currently contain ‘conflict minerals,’ having such a policy in place and communicating it to your suppliers will prove beneficial if the mineral composition of your components changes in the future to include conflict minerals, or if the SEC expands the list of ‘conflict minerals’ to include additional minerals besides tin, tantalum, tungsten and gold.”

“… the FSA decided that, when determining the seriousness of the breach in this case, a fine set by reference to revenue was not an appropriate indicator of the harm or potential harm caused by Lamprell. Instead, the FSA found that the level of the fine should be determined by reference to Lamprell’s average market capitalisation during the period of the breach. The final notice also sets out the scale to be used in cases where market capital is used to determine the appropriate level of a fine under step two of the five-step approach (seriousness of the breach), with the FSA considering that a scale of 0%–0.5% of market capitalisation (applied according to the seriousness of the breach) is appropriate in such cases. In this case, the FSA determined that a level four breach had occurred, resulting in a fine of 0.375% of market capitalisation. The resulting £2.4m fine is nearly five times larger than the penalties imposed by the regulator in previous cases of this type.”

“Effective March 8, 2013, U.S. parent companies will become liable for Iran-related sanctions violations committed by their foreign subsidiaries–including subsidiaries incorporated as separate legal entities outside U.S. jurisdiction… 

Faced with these realities, multinational companies in the automotive sector should carefully examine their current business practice and sanctions compliance programs. Fresh risk assessments are also prudent, especially in light of the new sanctions’ effort on foreign subsidiaries, supplies, and affiliates. Even companies that were previously outside U.S. jurisdiction should evaluate their risks.”

“Although the Straub and Steffen decisions represent the views of only two federal judges from the same district court, they provide rare and useful judicial guidance on how far the SEC can go in asserting personal jurisdiction over foreign defendants in FCPA cases. And although the decisions reached opposite outcomes, they can be readily harmonized to offer several lessons of significance to all foreign employees of U.S. issuers, regardless of where they are headquartered.

First and foremost, neither case supports the notion that mere employment by an issuer anywhere in the world is sufficient to establish minimum contacts with the U.S. Indeed, even Judge Sullivan made this point explicitly in Straub.

Second, both cases appear to agree that even if a foreign employee of an issuer has no other meaningful contacts with the U.S., the employee’s direct participation in falsifying the issuer’s financial statements or accounting records will likely suffice to establish minimum contacts, especially if the employee is generally aware that the issuer’s securities are publicly-traded in the U.S. and that U.S. shareholders will likely rely on the company’s financial statements.”