Big Sur Fires Blaze On

Where There's Smoke, Sometimes There's Just Smoke

The fire blazes on in Big Sur. Picture Source

And the fire blazes on in Big Sur, only a short drive south from where I live in San Ramon, CA. In fact, it’s short enough for a quick weekend trip ( in California, our weekend in easily 3 or 4 days ), which is exactly what I did over my birthday weekend a few weeks ago.

Thursday, June 26th, I packed up the gas guzzling BMW X5 and took to the road for San Simeon, home of Hearst Castle, which is just about an hour south of Big Sur. Whenever we go there, we stay at the Best Western Cavalier Oceanfront Resort. It’s a beautiful resort right on the Central Coast, and we always get an oceanfront room so we can hear the crashing waves as we enjoy our Martinis and Margaritas by the fireplace. It’s also one of the few upscale resorts that allows our fluffy white Samoyed to sleep with us in the room – how can I celebrate a birthday without my wife and darling little girl.

There are several ways to get to San Simeon, but on this occasion we decided to take Highway 101 south to Highway 46. Highway 46 has some great central coast wineries that we love to visit, including Hunt Cellars and Four Vines.

The minute we turned on to Highway 46 south, I smelled engine problems. After a few choice words, and no indications from my car’s alert system, I realized nothing was wrong with the car (thank God!), and I looked around to see a sea of smoke around us. I thought for sure one of the wineries had caught on fire, and was expecting on the next turn, to see the glow of police and fire engine siren lights. However not only was there a distinct absence of emergency vehicles, there was a distinct absence of all vehicles. It was quite eerie snaking down the winery laced, smoke-filled path alone, like the lone brave knight approaching the Dragon’s Lair.

I was quite surprised to reach the end of Highway 46, with no sign of a fire engine, police car, or ambulance. As I turned right on Highway 1, the quarter pole on my final approach to San Simeon, I scratched my head trying to figure out what was going on. I could see the smoke, and smell the smoke, but I didn’t see any fire.

When we arrived at the resort, I stepped out of my car to be greeted by a wave of smoke in the face. There was definitely something going on around here, but could it be the Big Sur fires? Big Sur is an hour north of here, and besides we’re on the coast.

The front desk clerk confirmed that it indeed was smoke from the Big Sur fire that we were breathing. He explained that the smoke from the fire gets pushed out to the ocean, then the ocean carries the smoke down to the resort, where the ocean then pushes the smoke back in! I was convinced that there was a fire somewhere around town, because of all the smoke. And yes, there was a fire that originally caused the smoke, but it had nothing to do with the immediate surrounding area.

We have to guard our assumptions when dealing with a compliance issue. The wrong conclusion can get you into a lot of trouble. You might notice a sudden erratic behavior from your otherwise cool-headed Controller, and start wondering if there’s fraud around the corner. Maybe, or maybe he’s just stressed out because the price of gas is too high.

Human beings are very bad at assessing causation. You see two or three data points, and all of a sudden there’s a trend. A few bad things happen to you all at once, and all of a sudden “they” are out to get you in some sort of conspiracy to destroy you.

When building your compliance program, you will need to profile your risks. Meaning, you will need to proactively identify your risks ( uncertain events ), and among other things, know their probability, impact, detectability, and causation. Trying to guess on these characteristics is dangerous, especially causation. That’s because false signals will typically require expending resources to avert the impact of the risk.

Great compliance officers don’t leave causation of high impact risks to capricious guesswork. A formal causation study (e.g. Design of Experiments) should be done, so that when the time comes, and you see smoke, there will be fire.

The DOJ's Opinion on FCPA

Halliburton's Concession for Confession -- Is it Fair?

FCPA ( Foreign Corrupt Practices Act ) is all over the compliance news these days. The FCPA prevents US companies that have business operations in foreign countries, from bribing foreign government officials in exchange for favorable business agreements. It seems like a reasonable request, until you consider that foreign countries don’t operate like ours, and it’s quite common in other countries for government officials to get “paid off” to conduct business. From a business perspective, this puts US companies at a disadvantage, as it seems other countries don’t have quite as much of a problem with it. Regardless, the US put its stake in the ground when it comes to unethical business practices, and it took the form of the FCPA back in the 1970’s.

Although it’s a relatively old regulation to comply with, its implications are still making newsworthy waves. Compliance Week ( subscription required ) just headlined an article involving the DOJ’s opinion on Halliburton acquisition of a British-based oilfield services company. The concern Halliburton has, is that it will be responsible for any FCPA violations found in the acquiring company. The DOJ has issued a “due-diligence” opinion on the matter, in essence making Halliburton a deal of sorts. The DOJ will allow the acquisition to go through, and will not hold Halliburton responsible for any FCPA violations for six months. But of course, it’s not that easy.

In exchange for the DOJ’s “generosity”, the DOJ is demanding Halliburton to execute due diligence on the FCPA situation at the acquiring company, and if any violations are uncovered, to immediately report them. Of course, they’ll need to remedy any violations uncovered also.
On the surface it may sound like a decent arrangement, but I think Halliburton is getting the shaft. I’m not saying that due diligence is a bad idea, in fact they should absolutely be concerned about FCPA violations in the acquiring company. However, the fact that they need to immediately disclose everything to the DOJ is where I have a problem.

Every company has compliance issues. It’s a fact of corporate life, don’t let anybody tell you any different. In a perfect world, your company would be able to perfectly comply with every regulation, standard, guideline, contract, and internal policy. In the real world, that will never happen. It’s your corporate responsibility to limit the number of violations for any and all compliance concerns, to their minimums. However, imagine if you had to disclose each and every violation before you had a chance to get it under control. To me, that seems unfair.
In my view of compliance, you should have preventive controls installed to avoid incidents in the first place; however you also need to have corrective controls in case preventive controls are not feasible or effective. The period of time between when a violation occurs and when you can get it under control (i.e. with a corrective control) is certainly a risky period for your company. That said, I think the ability to identify the violation, and bring it under control, without formal disclosure, is your corporate right.

I think a more fair course of action for Halliburton, would be to let the acquisition go through, but keep them on a watch list for a year or two. After six months to a year, audit the situation for FCPA violations, to see how they’ve done. If after a year or two things seem fine, then consider the merger a low risk.

While on the topic of FCPA, it’s important to remind all of you that a formal FCPA compliance program is a must, especially if you’re doing business in high-risk (relative to FCPA violations) countries like China. Don’t mess around with this or put it off. In the following article under the “Hello Rubber, Meet The Road” section, we’ll explore some ways you can bring this to reality, however the point is to get it done, and get it done right.

The stakes are pretty high, and the hammer is coming down. According to the same article in Compliance Week, “In June, Minnesota-based AGA agreed to pay a $2 million criminal penalty and enter into a three-year deferred prosecution agreement in connection with corrupt payments to Chinese government officials that violated the FCPA. Two days later, Florida-based Faro Technologies, a maker of measurement equipment and software, agreed to pay $ $1.1 million in criminal penalties as part of a two-year non-prosecution agreement.”

If you do have business concerns in foreign countries, and don’t already have a formal FCPA program in place, start by reading the next article, then by all means get started on one.

Anti-Corruption Compliance

What a Lovely Bribe

Anti-corruption policies like the Foreign Corrupt Practices Act (FCPA) are making big waves these days. Companies like AGA Medical Corp and Faro Technologies are getting hit with fines in the millions of dollars, because their business practices with foreign officials are coming into question.

The existence of an anti-corruption compliance program is unequivocal these days. Trying to operate a global business without one is like walking a tight-rope without a net. One wrong move, and you could see yourself facing a lot of trouble.

I’d like to show you how easy it can be to put together an FCPA compliance program, exploring some ideas that will bring into reality. As usual, I must disclose that I am not a lawyer, so this is not legal advice. Furthermore, if you know anything about me you know what I’m about to say, as FCPA is no different than any other type of compliance.

If you are having problems getting started or maintaining an FCPA compliance program, the law aspects of it are not your problem. Of course, you need a lawyer that understands the FCPA laws, but to be honest, that’s the easy part. The hard part is organizing a system that works. Hopefully, I can help you get a little traction on this.

Step # 1 : Find Good Legal Guidance

As I said, this is an easy first step. Your lawyer is going to drive the requirement, making sure that all your activities lead to an effective program. If you don’t have this in-house, you will need to outsource. Plan to spend a good amount of involvement with your legal guidance. If possible, find a lower-cost paralegal that understands the regulations well, and has the time and availability to work closely with your team. Avoid the situation where legal guidance has limited involvement at targeted periods of time. On the surface it may sound like a reasonable and inexpensive option, however this will backfire, causing the rest of your resources to spin unnecessary cycles in wasted work.

Step # 2 : Assemble a Good Project Team and Create a Project Charter

A good project team will include a project manager, your legal representative, and a number of good process analysts. If you will be using technology ( highly recommended ), you also need a number of good developers including application programmers and database specialists. Your project team should be Championed by an executive that has a stake in the outcome. If that is not you, make sure you assign somebody that will be willing to provide guidance, support, and clear obstacles in the organization.

As with any project, start off with a solid Project Charter. Your project charter should explain the business case, opportunity for increased compliance, the goal and scope of the project, a high-level timeline, and the team members.

Step # 3: Know the FCPA Basics

Make sure everybody on your team ( not just the lawyers ) knows the basics of FCPA compliance. It’s really not that hard. According to the DOJ, an FCPA violation is composed of five different parts:

• Who – The person benefiting from the corrupt act. That’s you – don’t overthink it.
• Corrupt Intent – Intent is a difficult thing to quantify, but any representative of the Who part of the equation, that has the intention of committing a corrupt act, is on their way to a violation. It’s important to understand that the act doesn’t need to succeed – just the mere intent is enough to qualify.
• Evidence of Payment – Of course for a violation to exist, there must be some sort of evidence of pay-off, however as stated above even a promise to pay, or evidence of an offering can constitute a violation.
• Recipient – The recipient must be a foreign official. This is where your legal guidance will come in handy. A “foreign official” can mean many things, and needs contextual interpretation based on the country in question. Don’t just arbitrarily assume it’s somebody in government office. In China for instance, any head of a government-controlled commercial enterprise would still be considered a “foreign official.”
• Business Purpose Test – For what reason is the payment? If it was a pay-off for obtaining or retaining business, or directing business toward the Who, bingo – violation. Like the Corrupt Intent component, this is a “smell test” component that you should not ride the fence with. Keep it real clean with no grey area, to stay out of trouble.

It’s also worthwhile to note, that trying to route bribes through a third party is a no-no as well, so this needs to be communicated, and acknowledged. As noted below, this will be a significant risk area that you will want to concentrate on. Even if a corrupt act is committed by a third party without your knowledge, you can still be held liable.

Step # 4 : Build and Execute Your Plan

As noted above, third parties will be a key risk, so take extra care to control it. Ensure that your channel partners and distributors are not in violation of FCPA regulations by making it part of your project plan to inspect their FCPA compliance program. Also, consider building a third party control monitoring program to ensure continued compliance.

Also, plan to create a policy that addresses FCPA concerns. Spell out in detail what your compliance guidelines are, and why they are important to the company. Include project milestones that include training and education of all employees that will be dealing with foreign officials.

Since foreign officials is a vague and risky area, consider maintaining a database of known officials. Business that is conducted with these entities should be flagged as high-risk, and appropriate controls should be exercised to limit exposure. As business with a new entity is encountered, a screening process should be in place to identify potential risks with the recipient. These screens must be extremely proactive, as the mere intent of a corrupt act can put you in violation.

FCPA, and other anti-corruption policies are serious business. By getting good legal advice, assembling a good project team, and communicating the basics, you can effectively construct a solid compliance program. Finding legal counsel is a good starting place, and can be done immediately. Don’t waste time with this one.

Hedge Fund CEO turned Fugitive

When One Bad Decision Follows Another

Former Bayou CEO, Samuel Israel III arriving for his sentencing in April 2008. Picture Source

Samuel Israel III is in the chowder this month, after he surrendered to police in Massachusetts on July 2nd. According to the Wall Street Journal, the former CEO of Bayou tried to pull a fast one on investors, almost getting away with more than $400 million, apparently something that's possible if your a crooked CEO of a large hedge fund. Well, he got nabbed, and was convicted in Manhattan in September of 2005 to consipiracy, investor-adviser fraud, and a splendid collection of other violations from "the book" which was thrown at him.

As if that's not bad enough, here's the garnish. Our boy Samuel decided to take it on the lam, and was a no-show for his prison reporting date on June 9th. Instead, all authorites could find was his abandoneed SUV in New York.

His great escape must have been by foot, as it took him a month to get to Massachusetts where he turned himself in. Now he's facing fugitive charges.

The lesson here -- if things are going bad, just cut your losses and turn things around. Everybody has violations, some are severe, and some people get caught. The worse thing to do at this point is dig a deeper whole and try to cover it up with avoidance and / or spin control. Just be honest, and take all measures to do the right thing.

Or maybe, just don't do the wrong thing in the first place.

The Perfect Workplace Coffee Cup

Some Good Controls Take Innovation

The "Lock-Cup", for people who share facilities in the workplace.

Ever get tired of other people using your coffee cup? Check this out! Apparently this is a real product. As you can see, it's a coffee cup with a lock on it.

When the key is out, it leaves a whole in the bottom of the cup, making it impossible to fill it up with any liquid. Only the holder of the key can plug the whole, and use the cup.

I love this product! It's inventive and a perfect example of an effective preventive control. Sometimes it takes innovation to get at the best controls. Next time you're stuck coming up with a good control -- think of the "Lock-Cup."