Demonstrating that a compliance program works is important for external and internal purposes.  In a 2012 PWC/Compliance report “State of Compliance: 2012 Study,” the respondents identified regulators (91 percent), audit committees (72 percent) and business partners (70 percent) as groups that will demand evidence that a compliance program is effective.

CCOs have to be creative when developing metrics for a compliance program.  Some measurements are common – the number and type of complaints received; number and resolution of internal investigations; number of participants who have completed training and executed appropriate certifications of compliance.  These are common measurements but it is important to develop others which are more relevant to important compliance program elements.

Here are some other ideas:

Due Diligence Effectiveness: Given the importance of a due diligence screening program, a CCO should track the number and level of due diligence reviews, including the number of companies/individuals screened through an initial examination, the number of questionnaires completed, the number of interviews conducted, the number of enhanced due diligence inquiries, the number of focused due diligence inquiries, the number of due diligence inquiries which ended up approving or rejecting a proposed third party.

Compliance Audits:  CCOs should conduct compliance audits, often in conjunction with a detailed internal audit of a specific office or third party agent or distributor.  A compliance audit should focus on local implementation of compliance policies, programs and controls.  A specific set of issues should be prepared in advance and completed during the audit.  The number of audits and the performance on specific criteria can be calculated and monitored year by year.

Employee Surveys:  CCOs can learn valuable information from an employee survey which focuses on the company’s compliance culture, tone-at-the-top, and other important issues.   Surveys can be targeted to specific countries, divisions or product lines.  It is not necessary to conduct an annual survey of every employee given the cost and time involved in collecting such information.

Gifts, Meals and Entertainment: CCOs should measure the number, amount and approvals for gifts, meals and entertainment expenses.  It is important to look for patters from specific offices, regions or sales departments – a high number in one area which is significantly different from another, might signal a problem.

Whatever measures are chosen, companies need to have strong information technology support for collecting, presenting and analyzing information needed to measure a compliance program.  It is important to build systems which can effectively collect and present compliance metrics.  If your IT system cannot provide these basic measures, a CCO will be required to push for improved IT technology and specific fixes needed for compliance purposes.

We all know that corporate boards play an all important role in an effective compliance program.  Not as much attention is paid to the operation of senior executive compliance committees.  This is a different animal than the compliance committee at the board level.  A senior executive compliance committee consists of the key senior corporate officers needed to carry out an effective compliance program.

A PWC Compliance Survey conducted last year found that 71 percent of surveyed companies have a senior executive compliance management committee.  But not all committees guarantee success.  Some committees work well and some do not.

The success of a committee depends on the mission, the structure and the processes of the committee.  The mission of a committee is defined by not only its role and responsibilities but whether or not it is empowered by the company to carry out its responsibilities.  The CEO and other senior managers have to commit the mission to the committee and make sure it has the backing of the company’s leadership.

Assuming the senior executive compliance committee has the proper mission and is fully empowered, the membership of the committee is crucial to carry out its mission.  The compliance committee should include: (1) CEO; (2) CCO; (3) CFO; (4) General Counsel; (5) Chief, Internal Auditing; (6) Chief Operating Officer; (7) Human Resources; (8) Information Technology.

With these senior managers, compliance issues can be identified, assessed, and resolved, so long as the company maintains a commitment to compliance and this process.  This structure is essential to an effective compliance and ethics culture.

With a commitment from senior management and the appropriate structure, the senior executive compliance committee has to put in place effective processes to ensure that information is shared among the committee members, issues are identified for analysis and resolution, and business intelligence and plans are shared with key compliance players.

Proactive management requires effective processes which elevate the right issues at the right time for the committee to resolve.  Technology has to be leveraged for the committee to succeed.  If technology is a hindrance, then the committee’s operations will be frustrated.

A compliance committee depends on integration of individual processes  into an integrated whole.

A compliance committee’s challenge is to align the right people, processes and technology to view risk across the company, and to ensure that key stakeholders on the committee have the right resources to implement a successful company-wide compliance program.

Despite all of these obstacles, the CFPB has acted carefully and deliberately to enforce consumer protection laws.  It recruited a strong leadership team and has carefully put in place procedures for supervisory examinations and enforcement actions.

The CFPB also has demonstrated shrewd political enforcement strategies, focusing first on the mortgage industry, especially broker, then moving to credit card companies and abusive conduct, and then focusing on debt collectors.  There is strong public support for oversight and enforcement against these industries – the American public has long resented consumer practices in these industries and the CFPB has carefully enforced the law and regulations against indefensible practices.

Recently, the CFPB has started to focus on auto financing companies.  On March 21, 2013, the CFPB issued a long-awaited guidance bulletin on auto financing with the fair lending requirements of the Equal Credit Opportunity Act and its implementing regulation, Regulation B, for “indirect” auto lenders that permit dealers to increase consumer interest rates and that compensate dealers with a share of the increased interest revenues.

Last week, it was reported that the CFPB issued civil subpoenas (“Civil Investigative Demands” or “CIDs”) to a number of banks and captive motor vehicle finance companies relating to the sale of optional extended warranties, insurance and other “add-on” products.  According to press reports, the CIDs request data on the various add-on products sold by dealers and financed in retail installment sales transactions.

The CFPB’s enforcement action in the credit card industry focused on similar “add-on” products.  In July 2012, the CFPB settled an enforcement action against Capital One requiring a refund of approximately $140 million to 2 million credit card customers whom it allegedly misled into buying optional add-on products. The order also required Capital One to pay a $22 million penalty to a civil penalty fund.

Auto finance companies and banks need to conduct a deep review of their lending practices, especially with regard to add-on features which may be sold during a transaction.  For each of these add-on products, auto finance companies should make sure that the consumer practices and information for these add-on features are robust and transparent.  If they are not, auto finance companies should remediate the issue as soon as possible, and even consider terminating such add-ons if there is no possible rationale to support continued offering of the service.

In addition to the add-on issue, auto finance companies face a serious risk with respect to ECOA compliance.  The CFPB has announced that it will launch enforcement actions against auto finance companies when it has evidence of  “disparate treatment” and “disparate impact” as an indication of discrimination based on race, color, religion, national origin, sex, marital status, age, receipt of income from any public assistance program, or the exercise, in good faith, of a right under the Consumer Credit Protection Act.

Indirect auto finance companies provide financing through auto dealers.  (The CFPB has no direct supervisory authority over auto dealers).  The CFPB has taken the position that indirect auto lenders may be liable for the lending practices of auto dealers under the auto finance company’s markup pricing and compensation policies.  Additionally, an indirect auto lender may be on notice of a dealer’s discriminatory conduct.

As background, auto dealers request financing from third party, indirect financing companies.  Many indirect auto lenders allow dealers to mark up the interest rate above an indirect auto lender’s “buy” rate (interest rate to the auto dealer for resale to consumer).   The CFPB believes that some indirect auto lenders have policies that allow auto dealers to mark up lender-established buy rates and that compensate dealers for those markups in the form of reserve (collectively, “markup and compensation policies”). Because of the incentives these policies create, and the discretion they permit, the CFPB believes there is a significant risk that they will result in pricing disparities on the basis of race, national origin, and potentially other prohibited bases.

Because the CFPB cannot directly regulate auto dealer consumer practices, the CFPB is creatively extending its authority over indirect auto finance companies to impose liability for their auto lending portfolio if the portfolio reflects disparate treatment and/or disparate impact.  Thus, an indirect auto lender’s markup and compensation policies may result in liability under the ECOA.

The CFPB Guidance outlines specific compliance steps that indirect auto financing companies should take, including but not limited to: (1) imposing controls on dealer markup and compensation policies, and monitoring those policies; (2) eliminating dealer discretion to mark up buy rates and fairly compensating dealers using another mechanism, such as a flat fee per transaction, that does not result in discrimination; (3) adopting and disseminating an up-to-date fair lending policy statement; (4) regular fair lending training for all employees as well as all officers and Board members; (5) ongoing monitoring for compliance with fair lending policies and procedures; (6)  ongoing monitoring for compliance with other policies and procedures that are intended to reduce fair lending risk (such as controls on dealer discretion); (7) review of lending policies for potential fair lending violations, including potential disparate impact; (8) regular analysis of loan data for potential disparities on a prohibited basis in pricing, underwriting, or other aspects of the credit transaction; (9) regular assessment of the marketing of loan products; and (10) meaningful oversight of fair lending compliance by management.

Based on this clear enforcement risk, you would expect that antitrust compliance would be a high priority for global businesses.  Instead, we hear a deafening silence on the issue.  FCPA compliance still rules the day.  If you weigh the impact of an antitrust cartel enforcement action, with the potential US fines, treble damages in private class actions and EU enforcement actions, antitrust risks may exceed those of the corrupt payments.

The compliance industry reflects corporate demand for compliance services.  Why is antitrust compliance on the back burner (or not even on the stove)?  Companies are playing a serious game of Russian roulette when it comes to cartel risks.  Senior executives have plenty of incentives and opportunities to interact with competitors to carry out illegal price-fixing, bid-rigging or  territorial allocation schemes.

Common characteristics of global cartels include: (1) Senior executive involvement who have the authority to carry out pricing, output or operational changes in a global company; (2) Attempts to avoid detection, especially in the United States where criminal penalties can be imposed; (3) Use of trade association meetings to facilitate joint meetings and coordination;  (4) Ability to fix prices, output or bid-rig on a regional or global basis; (5) Monitoring “compliance” with terms of illegal agreements and attempts to discourage cheating;  (6) Concentrated markets and product homogeneity are higher-risk markets because of the ease or coordinating a smaller number of participants’ who provide similar products or services.

Chief Compliance officers need to examine antitrust compliance issue.   Antitrust compliance programs have the same objective as any other compliance program – to prevent and detect antitrust violations.  The detection of a potential violation is critical – antitrust fines can be very large but the collateral consequences can be equally devastating when private victims earn treble damages.  The Antitrust Division’s leniency program is extremely effective – the first company in the door can get a free pass on criminal liability in the US, a reduced fine in the EU and avoid treble liability and receive only single damages.

The sentencing guidelines standards apply to antitrust compliance and require:  (1) Clearly established compliance standards; (2) Assigning overall responsibility to oversee compliance to high-level executives within the company; (3) Exercising due care not to delegate responsibility to employees who have a propensity to engage in illegal conduct; (4) Taking reasonable steps to communicate standards and procedures effectively to all employees; (5) Taking reasonable steps to achieve compliance with standards; (6)  Consistent enforcement of standards through appropriate disciplinary mechanisms; and (7) Taking reasonable steps when an offense occurs to respond and to present future violations.

An antitrust compliance program should focus on many of the same broad principles involved in any compliance program.  Specific risks in the antitrust area center on contacts between and among competitors – opportunities for senior officials to interact with competitors, meet with competitors and potentially reach illegal understandings and agreements, especially in those markets where competition is ruthless.  Antitrust audits usually focus on risks relating to:

Trade Association Meetings should be reviewed for attendance, purpose and patterns, especially meetings outside the United States.  If the trade association is involved in collecting industry data which may include specific pricing practices, or forward-looking pricing and output data, the risk of illegal interactions increases significantly.

Joint Ventures among competitors in a concentrated market are very high-risk since legitimate interactions in the joint venture can easily be expanded into illegal agreements in markets outside the joint venture where the participants are competitors.

Market Share and Pricing History can sometimes reveal an illegal agreement resulting in stable market shares and pricing in a normally competitive market.

Sales Transactions between your company and competitors may, in fact, be a disguised payment to offset disputes or violations of a market allocation scheme.

Sudden and Unexplained Price Rises can indicate an illegal agreement among competitors combined with pricing announcements from competitors or other sensitive information in company files.

The perception of CCOs is far different.  Management and employees often view CCOs and their staff as “law” enforcers or “sheriffs.”  If that is the perception, the CCOs have an important task – to change this perception and turn into important business partners.

CCOs are often challenged to make the business case for compliance.  It should be an easy argument – an integrated approach to risk and compliance directly translates into bottom-line increases in profits.  In this context, it is a mistake to argue that legal and regulatory requirements dictate that a compliance program follow certain policies and procedures, or else the company will suffer big fines and reputational damage.  A singular focus on negative consequences is a limited (albeit partially effective) message.

There are significant operational advantages to integrating governance, risk and compliance issue – namely that effective compliance is good for business.  What do I mean by this?  A CCO has unique visibility of an entire organization.  CCOs have to become familiar with all of the business operations.  They have a view of the company that few others in the C-Suite have.  And they can provide important insights into the governance, risk and compliance mix.

CCOs often report to the Board on common metrics of compliance program effectiveness – number of complaints, risk assessments, audit reviews and disciplinary actions taken.  There are other important operations that CCOs can identify, including a lack of oversight, organizational silos, wasted resources and information, lack of data integrity.  CCOs can then assist in identifying effective oversight programs, integrated risk and control policies, quality data and information, resource and personnel improvements, and streamlined business processes.

CCOs can bring about a good marriage of compliance and operational goals.  With a fundamental understanding of the business operations, CCOs can make valuable contributions to key business decisions relating to organizing people, process and technology, and projecting future benefits and costs from key business decisions.  CCOs can make the case that strong risk and compliance processes can increase revenues, reputation and brand protection, customer attraction and retention, improve workforce performance and asset protection.

To transform CCOs into effective business partners requires one significant change – CCOs have to be elevated to the C-Suite.  This is occurring more frequently but companies still have a long way to go.   Assuming they have a seat at the table, CCOs can advance the importance of the compliance function by communicating ways in which governance, risk and compliance management can improve the bottom line for everyone.

Corporate governance can succeed or fail based on the CEO’s performance.  Numerous studies have focused on the personality types of CEOs.  In a recent article, a British study found that CEOs are four times as likely to be psychopaths as the general population (incidence rate of 4 percent versus 1 percent).  That is an extreme example of personality research which has little relevance to day-to-day corporate operations.

Assuming that the Board has exercised care in the selection of its CEO to screen out the personality outliers, there are important ways to focus the Board-CEO relationship to improve compliance.

The Board, senior management and the chief compliance and ethics officer have important roles and responsibilities in carrying out the compliance program.  In carrying out their respective duties, the board has to ensure that incentives are aligned to accomplish meaningful compliance.

Most CEOs spend little time on compliance.  They often speak about the importance of ethics and the commitment to lawful and ethical conduct.  CEOs are not naturally committed to learning the nuances to legal and policy issues – they rely on others for that.  Understandably, CEOs focus on different concerns – financial performance, hitting incentive targets and other business issues.

The challenge for the Board and the CCO is to give the CEO specific directions and tasks to make sure that compliance is on the CEO’s radar.  The Board needs to send a message to the CEO and the CCO by defining the scope of the compliance and ethics program, reviewing key policies and procedures, and requiring periodic, substantive reports.  Specifically, the Board needs to emphasize to the CEO that it is the CEO’s responsibility to ensure that an effective compliance program is implemented and that management has the tools and resources to carry out this priority.

To underscore this point, the Board has to ensure that the CEO’s (and senior managers) compensation is linked, in part, to overall performance of the compliance program.  CEOs and other senior managers respond to financial incentives and the possibility of financial rewards.  Specific and measurable objectives should be identified by the Board and included in any compensation package for the CEO and other senior managers.

The Board sets incentives and measures for the CEO’s performance.  The CEO, in turn, directs the performance of senior managers.  The CEO’s goal should be to instill in management throughout the organization a priority attention to compliance.  From senior managers in the C-Suite to “shop” managers in the lower levels of the company, compliance has to be identified as a priority and reinforced through financial incentives.  Building a compliance framework with this basic tool is essential to an “effective” compliance program.

The FCPA Guidance was very clear on the subject of training programs.  The Justice Department and the SEC took a little bit of time to underscore the importance of making a training program relevant and accessible to the audience.

DOJ and the SEC appear to be concerned about the content of training materials.  The government’s concerns about anti-corruption training programs reflect issues they have identified in reviewing company training materials.  Many training programs include lengthy legal discussions which are sure to bore any audience (including lawyers).   As set out in the FCPA Guidance, the government wants businesses to push their training programs to the next level (from its perspective).

The question of live versus on-line training boils down to resources.  Many companies do not have the resources for compliance and legal staff to travel to all the company offices to conduct training programs.  This reflects a limited view of who should be conducting compliance training.  Why can’t business people conduct training?  Why should this be limited only to compliance and legal staff?

A company that wants to expand its training opportunities should use a variety of trainers to conduct training.  Having business staff conduct training sends an important message – compliance is not just a legal or compliance staff issue, it is a business issue was well.  To implement this strategy, compliance and legal staff should work together to training business trainers to maximize the number of live training programs.

The FCPA Guidance urged companies to make training materials relevant to the audience.  For example, the training content for senior executives should be different from the content for sales staff that has direct interactions with foreign officials.   That is just good common sense.

In addition, the FCPA Guidance highlighted the importance of including case studies and specific scenarios for training purposes.  For a sales staff meeting, the scenarios should be designed to reflect real life situations which may arise.  Case studies can be crafted to reflect real-life situations.

This same content requirement should be addressed in training materials for senior executives, accounting or procurement staff.  A risk assessment can help identify issues of concern for each of these divisions.  Training materials have to reflect these risks and the content needs to be drafted with reference to these specific risks.

Training materials also have to accessible to employees and third parties.  Most companies recognize the importance of offering training in foreign languages and have translated their materials to the relevant language in each office.  To the extent that local customs and terminology are relevant to compliance purposes, training materials should incorporate local customs and terms in case studies and hypothetical scenarios.  Legal discussions should be made simple to ensure that foreign audiences which are not necessarily familiar with the intricacies of United States legal systems and institutions.

The bottom line for improving your training program is to try to think outside the box – look for additional resources, design your materials to make sure they are relevant and accessible to the audience, and draft training presentations to reflect relevant risk assessments.

One key component of this collaborative effort is the relationship among the Chief Compliance Officer (”CCO”), General Counsel and Internal Auditor.  Neither one of them can do it all no matter how hard they work or how good they are at their respective jobs.

A good barometer of a corporation’s compliance program is the relationship among the three key players.  When these three players are working together, a company’s compliance effort is likely to edge closer to “effective.”   On the other hand, if these three players work at cross-purposes, or protect their turfs and create silos, a compliance program edges closer to a “paper” compliance program, permeated with good intentions but falling well short of an “effective” program.

The CCO is dependent on the Internal Auditor to develop important monitoring policies applicable for internal risks with company offices and external risks, particularly third party intermediaries.  Internal Auditors are on the front lines inspecting and reviewing individual company offices’ internal controls and overall compliance activities.

When an auditor identifies improper payments or failures to follow internal procedures, the audit staff conducts a very important initial interview of the responsible staff to find out why the office is not complying with established procedures or an explanation for a questionable payment.  These initial interviews can be critical for assessing potential violations and determining how to handle the issue.

Similarly, Internal Auditors are critical players in handling third parties.  First, a CCO needs to develop controls to include in a written contract to make sure that a third party is paid based on an invoice which describes the specific services provided by the third party.  Second, a CCO works closely with the Auditor to establish an annual schedule for conducting audits of third party intermediaries.  Third parties are more likely to be audited, especially in high-risk areas.  Audits of third parties can uncover important red flags which may require more scrutiny and investigation.

In an “effective” anti-corruption compliance program, CCOs work closely with the General Counsel on important compliance issues.

On a day-to-day basis, General Counsels provide important leadership on legal issues which are important to the overall compliance program.  A General Counsel needs to collaborate with the CCO on a range of issues, including commercial matters, due diligence procedures, employee complaints, training, internal investigations, and acquisitions.

Most important is the synergy when the CCO, Internal Auditor and General Counsel share information and coordinate their activities.  If they share information about business development strategies, potential acquisitions and business strategy, the CCO, Auditor and General Counsel can provide each other with critical information.  In many cases, because the CCO, Auditor and the General Counsel are not part of the C-Suite, they are even more dependent on each other for information.

Register Here (May 21) or Here (May 22)

As more companies design and implement anti-corruption compliance programs, companies need to monitor the performance of their compliance programs. Depending on the size of the company, and the countries in which it operates, audits and other monitoring tools should be used to assess business activities and evolving risks. The Justice Department and the SEC have imposed audit requirements in recent FCPA settlements, including requirements that companies conduct periodic audits in “high-risk” countries.

Join Michael Volkov, CEO of The Volkov Law Group LLC, for a webinar discussion of “best practices” for monitoring, auditing and improving your anti-corruption compliance program.

One thing is clear – the use of DPAs and NPAs are increasing.  In the early 2000s, there were less than five annually; now we see over 30 DPAs and NPAs a year.  That is a significant increase and represents a real policy change by the Justice Department.

The Justice Department has become a lightning rod for public frustration over failure to prosecute any significant executives in the financial industry for the economic meltdown in 2008; failure to prosecute individuals in major AML/BSA sanctions settlements (e.g. ING Bank, HSBC); and “routine” use of NPA/DPAs in corporate settlements with detailed monitoring and compliance conditions.

Prosecution purists point to the pre-NPA/DPA era, when companies were either indicted or not indicted, with no in-betweens.   The purists argue that companies should be required to please guilty to a criminal offense, agree to a fine, and detailed compliance conditions.  Life was a lot easier then (in so many ways).

Prosecutors have a number of resolutions they can use.  In some cases, they have had country or regional subsidiaries plead guilty and avoid making the parent company plead guilty.

Prosecutors like to have a variety of tools.  An up or down decision system – indict or decline to indict – does not give prosecutors any ability to address the hard cases, where they are more inclined to decline prosecution rather than indict.

Until the turn of the century, the old  “up or down” system worked pretty well – companies were either indicted or not, and entered into criminal plea agreements.  With the assistance of defense counsel, prosecutors started to embrace NPAs/DPAs as an alternative tool.  From the company’s perspective, they avoided the impact of a criminal guilty plea.  Prosecutors agreed to the new tool since they still secured a large fine and were able to impose proactive changes to improve corporate compliance programs.

In the context of FCPA cases, the Justice Department and the SEC have used corporate settlements to raise the bar for corporate compliance programs.  In the last five years, the Justice Department and the SEC have incorporated new best practices and ideas from the compliance community in corporate settlements.

When corporate compliance failures result in FCPA violations, prosecutors have a responsibility to make sure that companies remediate those issues to prevent future violations.   Unfortunately, FCPA settlements have turned into the Dead Sea scrolls and examined for “clues” as to the Justice Department/SEC’s latest thinking on compliance requirements.  The FCPA Guidance, however, outlined a very specific set of requirements for compliance programs, but that has not stopped practitioners from engaging in the review and analysis of each FCPA settlement.

The debate will continue – I have no doubt of that.  Nor should anyone expect the Justice Department or the SEC to stop using DPA/NPAs anytime soon.  The debate is a healthy one and important for our criminal justice system and may have a long-term impact on prosecutors.  For now, prosecutors continue to hold all the cards and corporations typically have a very weak hand to play.

In the unfortunate event that your company is involved in an FCPA enforcement action, DOJ and the SEC conduct a thorough review of a company’s compliance program.  If the program falls into the “paper program” pile, prosecutors will aggressively investigate potential FCPA violations.  On the other hand, if the company can demonstrate an “effective” program which is tailored to the specific risks identified in a risk assessment, the company will have a much better shot at arguing for a declination or a significantly reduced penalty.

Risk assessments look different depending on the company’s size and footprint. A small company will not conduct the same type of risk assessment, nor will it have as comprehensive an anti-corruption compliance program.  By contrast, larger companies will have a more formalized risk assessment process.

There are several practical approaches to conducting a risk assessment.  The tools for conducting a risk assessment include:

Personal or telephone interviews of key employees;

Surveys and questionnaires of employees; and

Review of historical compliance information such as due diligence files for third parties and mergers and acquisitions, as well as internal audits of key offices.

For smaller companies, these three tools may be sufficient to develop a good risk profile for the company.  The personal interviews are critical because they provide a real-time measure of what is actually occurring in various countries.  A country manager and a lead sales/business development employee should be interviewed about current practices with a focus on interactions with foreign officials, third parties and overall compliance culture.  Such reviews should include a review of regional/local compliance policies and procedures.

Large companies with more resources can conduct risk assessments with sophisticated and time-intensive tools such as personal, face-to-face, interviews and on-site visits and informal audits.  These “deep dive” inquiries could be focused on high-risk countries.

Most companies do not have the luxury of “deep-dive” risk assessments.  The Sentencing Guidelines and the FCPA Guidance both take this into account and provide different expectations for big and small companies.

Smaller companies should not be reluctant to conduct a risk assessment.  Because of the limitation in resources, small companies can conduct a ore informal risk assessment using the basic tools outlined above.  The key to such a risk assessment is to conduct it in good faith and with proper attention to potential risks.   Not every stone needs to be turned over, but significant issues and risks should be addressed.

For smaller companies, the risk assessment should be documented — the interviews  the documents reviewed, the surveys and questionnaires, and an analysis of the risks.  A memorandum setting out the review and analysis should be prepared and maintained as the basis for anti-corruption compliance policies and procedures.

I have tried a lot of cases and have a good sense of which way a criminal case will usually break.  Figuring out the Jodi Arias case is compounded by the notoriety of the case and the media coverage (some might say obsession).

The trial has certainly been high-profile, reminding us of past cases like OJ Simpson, the Menendez Brothers, and Casey Anthony, where the case takes on a life of its own in the media.  This is even more complicated in the Arias trial by the 24-hour news coverage of the trial and all of its twists and turns, along with the impact of social media.  It is hard for the court to prevent the jury from exposure to the media or social media influence.

As a former prosecutor, it pains me to watch a criminal trial so poorly managed.  It is not an accurate reflection of day-to-day criminal trials, and no matter what – the trial judge bears the responsibility for this chaos.  Some commentators have suggested that she is forced to incur delays and defense requests for sidebars and other ridiculous delay tactics because this is a death penalty case and she has to bend over backwards to protect the record.  That point is seriously misguided.

Plenty of trial judges have conducted death penalty cases in an efficient manner without losing control of the trial.  Judge Stephens has demonstrated that she is in over her head and does not have the temperament nor the intellectual capability to run an efficient trial, most especially a death penalty trial.

While I have not observed the jury and its responses to the parties, I am sure the jury is on the side of the prosecutor Juan Martinez.  Why?  His work before the jury has been dedicated to reminding the jury to focus on the evidence and the truth of what occurred.  Jodi Arias committed a brutal murder of Travis Alexander, leaving behind a gruesome crime scene.

From press reports, the jury is distracted or less attentive when the defense questions witnesses.  This reflects the jury’s determination that defense questioning is not helpful to them in assessing the testimony of various witnesses.  Defense questioning focuses on picayune and immaterial issues, with little regard to an overall theme or defense.  It is incredible to watch such misleading and obviously ineffective questioning of witnesses.  A good defense attorney knows how to make their points, weave together a defense, and do something even more effective – make your points and then sit down and move on.

One of the most important pieces of evidence – which surely reflects Arias’ premeditation – was her borrowing and purchase of gas cans for her trip from California to Mesa, Arizona where she murdered Travis Alexander.  She did so with the obvious intent to avoid detection on her return trip after committing the murder.  This is a fact which prosecutor Martinez has not devoted adequate time reminding the jury in cross-examination of the defense expert witnesses.

It was amazing to watch a very effective government rebuttal witness – Dr. Demarte – as she decimated the defense experts in two-days of testimony.  She was an excellent witness, very well prepared and deft at handling inept defense questioning (I especially loved when she explained to defense counsel that there was no way for her to find out what Travis Alexander meant in his emails, texts and instant messages because he was dead).

The jury questioning of witnesses is a significant barometer of who they believe and who they do not believe – Jodia Arias, Dr. Samuels and LaViolette – were asked hundreds of questions, many of them hostile.

In the end, aside from the sheer brutality of the murder, the ineffective defense questioning of witnesses, and the sponsoring of completely incompetent “expert” witnesses, Dr. Samuels and LaViolette, the case will boil down to the defendant’s own credibility.

Given the series of lies surrounding Jodi Arias, her addiction to immature publicity ploys and her eighteen day “performance” on the witness stand, no reasonable juror will ever credit her self-defense story.  Trust me – she is a borderline personality, a danger to society, and she will be convicted of first degree murder.

For Travis Alexander and his family, this result will be little consolation for the taking of his life.  Justice may be served but their loss will always be with them.

Intermountain Healthcare is a hospital chain in Utah, which has 22 hospitals and 185 physician clinics.  In 2009, Intermountain voluntarily disclosed potential Stark Law violations.  In April of 2013, Intermountain agreed to a $25.5 million settlement with DOJ-OIG but escaped imposition of a Corporate Integrity Agreement which can impose a number of burdensome compliance requirements.

The Stark Law is a minefield for hospitals – financial relationships with physicians who refer patients to Intermountain must be “arms-length,” meaning they are at fair market value and must not compensate the physicians for any referrals.

Hospitals have to monitor all business relationships with physicians which have related business relationships.  Most significantly, physicians who have employment agreements, lease office space, or provide personal services to the hospital.

The description of the violations underscores the complete absence of corporate compliance controls over Intermountain’s agreements with physicians.  The agreements were drafted and executed with little regard for compliance with the Stark Law.

The violations included:

• Nearly 40 contracts where the doctors’ were compensated with bonuses based on the number of referrals to Intermountain;
• Almost 20 leases for office space without any written agreement; and
• Over 150 agreements for personal services which were not memorialized in writing.

Hospitals need to carefully monitor all business relationships with physicians.  At a minimum, the agreements have to be in writing, executed, and monitored.  A legal review of each agreement should be conducted to ensure that the agreement is consistent with fair market value and does not contain any compensation which might be linked to referrals of patients to the hospital.  As always, the key to compliance is a procedure and documentation of the procedure.

Similar to a due diligence policy and procedure for third-party agents in the FCPA context, hospitals need to create Stark Law compliance procedures which capture all financial arrangements with physicians for a Stark Law compliance review.  Even in those cases where the agreement passes initial review, periodic monitoring of such arrangements should be conducted to ensure that there are no significant changes in the financial arrangement.

Internal controls should be developed so that any payment made to a doctor is subject to verification of an approved contract which has been reviewed for Stark Law compliance.

A training program should be developed to communicate the requirements to hospital employees involved in contracting with physicians.

In recent years, DOJ and SEC have pushed the concept of proactive audits in high-risk areas.  Internal audits are the first to identify weaknesses in a company’s internal controls and compliance is a critical player in remedying the weaknesses identified in an audit.

The audit team should include internal auditors, and a compliance and legal representative.  Before conducting the audit, information should be gathered relating to the office to be audited, including issues which have been raised in prior audits, discussions with compliance and legal staff on relevant issues.

A high-risk audit should include, at a minimum, the following ten focus areas:

Anti-Corruption Compliance Program – An initial meeting with the head of the office should be conducted to confirm the organizational chart, responsibility for implementing local policies and procedures, and to identify changes in business operations.  A review of local policies and procedures should be done to confirm consistency with any global or regional policies, and to make sure they are accessible to local employees in the local language.

Tone-At-The-Top – The site manager should describe the compliance tone in the office; and explain the most significant corruption risks and how they are addressed.  If there have been any violations or potential violations, the site manager should explain the circumstances.  The site manager should explain the office’s interactions with foreign government officials.  If possible, a sampling of employees should be interviewed regarding the tone and the relevant risks, as well as their understanding of compliance requirements.

Employee and Third-Party Training and Certifications – The audit team should review the training program to make sure it is up-to-date, relevant and accessible to all employees.  The audit should confirm that all required personnel are attending the program.  If an employee has not been trained, the audit team should check for some consequence to the employee.

Third-Party Due Diligence – Prior to the audit, the team should obtain a list of third-party intermediaries have been approved through the due diligence procedures.  At the local office, the audit team should focus on the third-party selection process to determine how candidates are being identified.  With respect to all existing third parties, the audit team should confirm that they complied with due diligence procedures initially and at renewal.  All of the contracts should be reviewed to make sure they have required contract provisions as required by compliance and legal staff.

Customers & Suppliers – The audit team should review the customer and supplier selection and contract bidding process.  If there are any state-owned enterprises or government agency suppliers/contractors, the interactions should be carefully reviewed.  A sample of contracts should be reviewed.  All customers and suppliers should be screened against any prohibited lists or sanctions.

Accounting Policies, Fees & Payments – The audit team should focus on the accounting policies and procedures in the office.  A sample of contracts should be reviewed to determine whether the payments are appropriate, including the amount, the manner and the structure (i.e. whether commissions).  If there are any unusual payments, the transactions relating to that contract should be reviewed, and the payments should be traced through all relevant bank accounts (as far as possible).  In addition to contracts, a sample of agency and consulting fees, as well as supporting paperwork, should be reviewed for any unusual payments or relationships.  The payments should be reviewed and traced (as far as possible).

Disbursements, Cash & Petty Cash – the disbursement entries should be reviewed for any unusual expenses.  Any cash payments should be closely scrutinized.  The petty cash report should be reviewed for any unusual patterns or expenses.  Any payments identified as “facilitation payments” should be reviewed carefully.

Gifts, Travel and Entertainment/Charitable Contributions – The audit team should pull a sample of claim forms and expenses for compliance with any policies and procedures, along with the supporting documentation.  If there are any unusual expenses, relevant parties should be interviewed.  For any charitable contributions, the payment should be reviewed and verified against corporate policies governing charitable contributions.

Employee Reporting and Escalation – The audit team should focus on the office’s reporting and escalation mechanism.  Prior to the audit, the team should collect any complaints reported and determine how the matters were handled.  Compliance with whistleblower policies should be confirmed.  All reports of potential corruption violations should be reviewed and assessed.  With respect to each complaint, the mechanism for escalating the complaint should be reviewed.

It is hard for a company to avoid internal struggles, turf wars and competition among rivals.  It is part of the healthy energy which drives a company forward.  Occasionally, internal jockeying can be damaging to a company.  It can divert too much energy and constrain efficient company operations.  Senior management has to monitor these forces and make sure they are channeled in a collaborative way.

CCOs have a tough job.  It can be made tougher when they have a difficult relationship with the company’s general counsel.  It reminds me of two children trying to get along in the same sandbox.  They can work together to create a successful castle with all the bells and whistles or they can stick to their own corners and build their own smaller, less attractive, castles.  In a worst case scenario, the children can destroy each other’s castles in a fit of jealousy and rage.

The challenge is to harness the talents and resources of both the general counsel’s office and the CCO’s office.

There is a very important reason why the government and the compliance industry has pushed companies to separate the compliance function from the legal office in a company.  The government does not want to see a general counsel wearing two hats – as a chief legal officer and a chief compliance officer.  The reason is fairly obvious – they have two different sets of responsibilities.

The general counsel supervises the legal staff and provides critical support to the company to define the legal framework within which the company operates.  A CCO designs and implements a corporate compliance program, relying on the general counsel’s framework, to ensure that the company stays within the legal framework defined by the general counsel.

A CCO’s skill set is distinct from a general counsel’s.  It is based on understanding management and compliance tools which are necessary to promote, implement and monitor corporate compliance.  A general counsel is not typically equipped to design and implement compliance systems needed to minimize risk.

While they have separate responsibilities, the general counsel and CCO need to work together and collaborate on compliance.  They have distinct but closely related functions.  They cannot work well without each other, and they should never try to operate separately from each other.

If this basic relationship is unhealthy, a company should immediately take steps to bring the two offices together.  It is hard for general counsels to give up some of the reins to CCOs, but the benefits of collaboration have to be emphasized.

Every CEO needs to take a moment to address this issue, hopefully by bringing the parties together and underscoring a no-tolerance view for provincial fights and lack of cooperation with each other.  Those companies which are committed to ensuring success should make it clear to each party that part of an evaluation of their respective performances will hinge on cooperation and collaboration.

The importance of an effective relationship between a general counsel and a CCO is too important to leave to personalities.  Frankly, there is too much at risk.

Doctors like to make money.  As the government expands its role in our healthcare system, doctors have to be even more mindful of compliance when it comes to earning Medicare and Medicaid fees.

The risks become apparent in two common scenarios: (1) when physicians organize separate businesses to provide related services such as clinical laboratory services, physical therapy, radiology, durable medical equipment, home healthcare and other services; and (2) when physicians lease office space for their practices from a hospital or other related healthcare provider.

The government has plenty of tools to use against doctors and they are not shy about aggressive enforcement of the anti-kickback law, the self-referral prohibition (Stark law) and false claims act violations.

The Stark law, which is actually a combination of statutes and three phases of regulations that address the federal physician self-referral provision, prohibits a physician from referring patients to entities with which the physician has a financial relationship for certain designated health services that are reimbursable by Medicare.  The primary remedy for a Stark violation is denial of payment for a prohibited claim or required return (refund) of any amounts collected under such claim.  The significance of a self-referral violation is possible civil false claims act liability consisting of per claim penalties and treble damages for each claim.

Physician groups usually rely on some of the well-established exceptions to the Stark law which allow physician investments where the compensation paid to the individual physician-investors does not vary based on the volume or the value of referrals generated by the referring physician/owner; where: (1) a formal, written agreement has been executed between the parties;   (2) the value of the service is provided at fair market value; and (3) the arrangement does not violate the anti-kickback law.  Physician groups typically provide such services at the same site as their medical practice.

The federal health care anti-kickback statute is a criminal statute that prohibits, among other things, giving or receiving any financial benefit or “remuneration” in exchange for, or to induce, the referral of any patients for, or the purchase, order or recommendation of, any item or service for which payment may be made under Medicare or other federal health care programs.

Given the surrounding risks, a paper compliance program can result in devastating consequences to physicians.  Compliance officers have to be vigilant – basic controls are essential.

Compliance officers have to review and monitor every possible contractual arrangement between a physician’s group and any related service provider.  Policies and procedures have to be drafted and enforced.  A database for contracts should be maintained, along with logs for rental payments and approvals.  Physicians need to be trained on these issues and periodic audits should be performed.  All of this sounds familiar but substantive analyses is important to the overall compliance function.

For example, the determination of the fair market value of office space rented by a physician’s group has to be calculated and documented.  CMS has enforced the Stark law against physicians where there was no written contract nor fair market analysis.  The use of space which is not covered by a lease is a clear violation of the Stark law. Further, any failure to enforce the terms of a lease, such as ignoring a failure to pay rent, will be deemed a clear violation.

The same vigilance is needed when reviewing any payments by doctors by a healthcare service provider.  This potential anti-kickback risk arises when a hospital compensates a doctor for services which the doctor never provides in order to try and induce the doctor to refer patients to the hospital.  For example, a cardiology group was paid by a hospital to provide teaching services which they never provided.  Not surprisingly, the doctors referred more patients to the hospital.  The cardiology group was prosecuted (some civil and other criminal).

As a practical matter, a chief compliance officer at the hospital has to verify that personal services are provided under the terms of the contract.  Documentation of the services, review of timesheets and other basic monitoring has to be conducted and audited.

Depending on the Administration, the Antitrust Division can rise or fall in the enforcement world.  The change in enforcement is most pronounced in the civil arena – mergers and civil enforcement.

Criminal enforcement is something everyone agrees on – price-fixing, territorial allocations and other agreements among horizontal competitors can cause significant harm to consumers.

The Antitrust Division has a mature criminal enforcement program and was extremely successful starting in the 1990s when it initiated its leniency program.  By offering the first company a criminal pass (and de-trebling civil damages to single damages), the Antitrust Division created huge incentives for companies to disclose cartel activity and cooperate against other members of a cartel.

In the last few years, the Antitrust Division has seen a significant rise in criminal enforcement, along with some major criminal trial victories.  Last year, the Antitrust Division recovered over $1.1 billion in criminal fines, a strong year.

More significantly, the Antitrust Division won a number of criminal trials, including a major victory against AU Optronics and two executives for its participation in a cartel involving computer and television screens.  AU Optronics defied the rule of corporate defendants going to trial and paid a big price, a $500 million fine.  The trial judge also required AU Optronics to retain a corporate monitor as part of its sentence.

The Antitrust Division has never had a stellar reputation when it comes to trials.  Last year was a different story.

Aside from these trial victories, the Antitrust Division is building the largest criminal case it has ever prosecuted.  It is investigating a massive, sprawling cartel among suppliers to the auto companies.  This investigation, which is focused on electrical wire harnesses, heater controls, radiators and other parts, began over three years ago.

Twelve Japanese individuals have been imprisoned in United States prisons.  More are expected to be charged in the next year.  Criminal fines have totaled nearly $800 million in the United States.  In addition, the industry is under investigation by the EU and the Japan Fair Trade Commission.

The cartel involved at least four companies and continued over a decade beginning in 2000.  The cartel members fixed price levels on bids for supplying parts to individual vehicle models in response to requests for quotes.

Most of the cartel activity occurred outside the United States.  As in the case of the FCPA, the extra-territorial reach of our criminal antitrust laws is fairly well settled given the harmful impact that an international cartel can have on American consumers.

Given the clear boundaries of criminal antitrust conduct, companies need to address compliance risks in the antitrust area.  For some reason, compliance work has not been as robust in the antitrust arena.   That needs to change given the clear risks to companies from criminal enforcement and follow-on civil litigation.

At the recent Dow Jones Compliance Symposium in Washington, D.C., an FBI official warned the attendees that the Shot Show debacle would not deter law enforcement from using proactive investigations techniques.  It was a stark warning because it was realized in less than thirty days.

According to the charging documents, the FBI enlisted a cooperating witness who wore a wire to record various conversations with the defendant.  In those conversations the defendant made bold claims of intent to destroy documents and cajole witnesses to cover up a bribery scheme to pay foreign officials in Guinea.

When law enforcement warns the business community, executives should listen.  Chief compliance officers and general counsels need to redouble their efforts.

In the last few years, law enforcement is using the same tactics against white-collar criminals as they have used against drug trafficking groups and organized crime.

Proactive investigations are usually very successful – they involve the careful use of confidential informants, cooperating witnesses, recorded telephone calls and video and/or audio recorded meetings.  Juries are often persuaded when they see or hear the defendants.  Prosecutors have to pay attention to potential entrapment issues since that is usually the last refuge available to defendants in these cases.

Proactive evidence is particularly powerful when combined with historical evidence from cooperating witnesses which outline historical criminal activity by a defendant.  Often, historical evidence is a key to defeating any claim of entrapment.  In combination, the two types of evidence can be devastating.

It is important for business development and sales staff to be reminded of the risks of proactive enforcement.  Email evidence can quickly be turned into important corroboration of an undercover operation.  Business development and sales staff have to be reminded that it is possible that anyone outside the company can be recording their conversations on the telephone or even face-to-face.

The risk of proactive investigations is particularly significant in industries and in countries where corruption is known to exist.  Law enforcement will naturally focus on areas where they are likely to succeed.  In some cases, cooperating witnesses can sometimes drive an investigation into a particular industry in which the cooperating witness was involved, i.e. the Shot Show sting case.  As proactive FCPA enforcement techniques develop, law enforcement will rely on a network or cooperating witnesses to investigate appropriate targets for which there is a factual predicate of suspected violations.

If anyone thinks the Jodi Arias trial is a sterling example of a criminal trial in our justice system, they are surely mistaken.  Much of the questioning, on both sides, is misguided and improper, with little regard to an overall trial strategy.  As a former prosecutor, my sympathies lie with Juan Martinez, who has had some excellent moments.  The defense, on the other hand, has violated so many basic rules of cross-examination, it is hard to see anything positive.

Let’s go thru some basic rules of cross-examination as applied in the Arias case.

First, cross-examination in most cases must be short, to the point, and completed with authority.  With the exception of a star government witness or a defendant, cross-examination of each witness should last no longer than a few hours.  Days and days of cross-examination are untenable and should be stopped by the trial judge.  Moreover, the questioner is sure to lose the attention of the jury.  A questioner needs to know when to sit down after making his or her points.  No one is Perry Mason and there are very few moments in real life like the Perry Mason trials.

Second, we all have heard the rule that no one should ask a question unless they know the answer.  That is generally true; however, on occasion there are times to ask open-ended questions when any answer will help your case.

Third, cross-examination should never reinforce the direct testimony of a witness.  This rule has been violated over and over by both sides leading to repetitive questioning, and loss of focus.  Such practices give a witness opportunities to reiterate points made on direct and reflect poor cross-examination strategy.

Fourth, cross-examination should be used to “speak” to the jury – meaning, that the questioner does not care about the answer by the witness, but is asking a question which the witness will deny but nonetheless tells the jury what the questioner thinks about the specific point.

Fifth, use the trial judge to help your cross-examination.  Prosecutor Martinez is very effective in using the trial judge to direct a witness to respond to a question rather than providing a non-responsive broad explanation.

Sixth, when you have a witness caught in a misrepresentation or lie – drive the point home.  Prosecutor Martinez had the defense witness LaViolette caught in a misrepresentation – she stated she had testified on behalf of a male defendant in criminal court 1-2 times.  On cross-examination, Martinez effectively got her to admit that she did not testify but only submitted a report.  A great moment!!!  Did he drive the point home?  No, he stopped for some inexplicable reason.  He could have pursued her, questioned other parts of her testimony and repeated her misrepresentation to the jury – she lied in response to a juror question.

Trial strategy requires persistence, a little bit of dramatic flair and knowing how to act in response to specific situations.  Juries can pick up on many trial subtleties – they watch, learn and have a feel for the parties.  Knowing how to cross-examine a witness is a skill which depends on quick thinking and experience.

In the last week, DOJ announced criminal indictments/pleas with three individuals – two from Alstom and one from a mining company.  The Alstom investigation is continuing and more indictments and a major corporate settlement will eventually be announced.  Alstom started out as a big case and is growing into even a bigger case, eclipsed only by Wal-Mart.  It is a case to continue to watch, especially because it involves coordinated international enforcement.

Three years ago Alstom was in the news because of enforcement actions occurring in several countries.  Alstom faced significant prosecutions in the UK, Italy, Switzerland and other countries.  Alstom officials plead guilty in some cases and provided more evidence of potential corruption violations.

In the US, Alstom started down the road of cooperating but faced several roadblocks which eventually resulted in new counsel being retained.  It is not clear that new counsel has been able to achieve any greater success in fending off a government enforcement action in the US.

Aside from Alstom, the SEC also announced the civil settlement with a Siemens board member for $275k.  Like DOJ, the SEC is increasing individual enforcement actions against individual officers and directors.  The SEC will continue these efforts and individuals who may avoid criminal prosecution may fall within the enforcement scope of the SEC under a lower standard of proof.

Finally, DOJ and the SEC announced a settlement with Parker Drilling for a total of approximately $15 million for its involvement in the Panalpina case involving bribery of Nigerian customs officials.  The settlement comes after a lengthy investigation and remediation process during which Parker Drilling implemented a state-of-the-art compliance program (led by Dan Chapman, a talented and recognized compliance leader).  Parker Drilling’s complaince overhaul and remediation has been exemplary.

The rapid increase in FCPA enforcement during the second quarter is expected to precede additional major settlement announcements, including the Weatherford case and others.  To those doomsayers of a “slow down,” the recent uptick demonstrates that there has been no substantive change in enforcement policy but merely resource allocation and case processing requirements which have had an impact on a steady-stream of enforcement announcements.

What is more significant however is the focus of both DOJ and the SEC on individual prosecutions.  It is rare that the government focuses on obstruction of justice charges during a long-term investigation.  The conduct at issue is probably egregious and tactically important to the overall investigation – otherwise, prosecutors are likely to move on to other important targets.  The Alstom indictment and plea reflect a strategic prosecution probably designed to secure cooperation from the indicted defendant to seek cooperation against the company and higher level officials or to send a message to other suspected non-cooperating or potentially obstructing subjects.

Whatever the motivation, one thing is clear – DOJ and the SEC are back and they are sending a resounding message.