Category: Opinion

Not so Safe Harbor: EU-US data protection cooperation on the rocks.

cameraAfter the Snowden relevations, the European Union is finally getting its data privacy act together and it looks like a brutal fight is ahead, possibly leaving global corporations’ reliance on the longstanding safe harbor provisions, standard clauses and consents listing somewhere mid-Atlantic.

Here’s the EU Commission VP & Commissioner for Justice, Fundamental Rights and Citizenship Reding on Safe Harbor at the Vilnius Informal Justice Council 19 July 2013:

The Safe Harbor agreement may not be so safe after all. It could be a loophole for data transfers because it allows data transfers from EU to US companies – although US data protection standards are lower than our European ones. I have informed ministers that the Commission is working on a solid assessment of the Safe Harbor Agreement which we will present before the end of the year.

The Safe Harbor agreement enables data to be transferred from the EU to the US. The Safe Harbor framework was developed by the US Department of Commerce, in consultation with the Commission, industry and non-governmental organisations to provide US organizations with a streamlined means of satisfying the Directive’s “adequate protection” requirement.

The Commission is working on an assessment which it will present before the end of the year. We can only hope that the US realizes what a hole it’s dug for its tech companies before then. Quick and decisive action is needed but nothing is coming from either the Obama Administration or the US Congress.

Collateral bribery damages: NYC now 3rd fund to file suit v. Wal-Mart.

Buy easy
Wal-Mex

In another of what will likely be many such lawsuits by pension funds, New York City Pension Funds filed a shareholder derivative action against Wal-Mart over the bribery and corruption scandal involving Wal-Mart’s Mexican subsidiary, Wal-Mex. This follows the California State Teachers retirement systems’s similar filing in late May.

The New York City complaint similarly alleges that Wal-Mart’s officers and directors breached their fiduciary duty to the company and its shareholders by failing to properly handle credible claims of the bribery allegations and attempting to cover up details of the scandal, reducing the value of the company by their actions.

For anyone not familiar with a derivative suit, the principal is that the shareholders of a corporation seek damages from directors to reimburse losses to the corporation for which the directors can be held personally responsible, as an exception to the “business judgment rule“.

A key aspect of evidence for plaintiffs in a derivative suit is finding a direct causal link between the directors’ actions (or inaction) and the eventual loss sustained by the corporation. In this case, it’s relatively simple to show that 1) Wal-Mart’s stock price took a big hit on the bribery news and 2) Wal-mart’s goodwill and market position has (again) been damaged. Now, the plaintiffs have to show the link.

A related suit, based on securities fraud, was filed by the City of Pontiac General Employees Retirement System in Tennessee. According to Reuters, a total of  11 derivative suits have been filed against Wal-Mart since the New York Times story ran.

It is imperative for board members and executives to realize that when they are made aware of corruption allegations that they follow advice of counsel and comply fully with internal audit procedures. In this case, it is up to Wal-Mart to show they did. If not, there will be not only the DOJ and SEC to deal with, but many angry pension fund managers and likely other shareholders brought together as a class by the many American law firms specializing in such matters. This story will continue until Wal-Mart manages to come to terms with what actually happened in Mexico (and elsewhere, depending on findings).

Donald Trump on bribery scandals: US “crazy” to enforce FCPA.

On CNBC’s Squawk Box, tycoon, occasional presidential candidate, Reality TV star and bottled water purveyor Donald Trump was asked about Wal-Mart’s allegedly widespread bribery in Mexico. Having obviously thought through the arguments for and against FCPA reform, he provided the following insights:

If you want to operate in Mexico, you have to pay bribes.

This is how business is done.

This country is absolutely crazy. Every other country goes into these places and they do what they have to do. It’s a horrible law and it should be changed. We are like the policeman for the world. It’s ridiculous.

The world is laughing at us.

Let’s parse this.

1. Operating in Mexico requires paying bribes.

According to Transparency International, Mexico scores 3/10 on the bribery index (10/10 meaning little or no bribery). Empirically, Trump is 70% right. Unless a company has chosen to adhere to OECD conventions and applicable anti-corruption laws, it would likely do more business in Mexico by greasing the right hands.

2. This is how business is done. Every other country goes into “these places” (countries with high levels of corruption) and does business according to local mores, in violation of the FCPA.

Here is a list of the 10 largest FCPA fines and settlements 1977-2012:

  1. Siemens (Germany) $800 million
  2. KBR/Halliburton (US) $579 million
  3. BAE (UK) $400 million
  4. Snamprogetti (Netherlands/Italy) $365 million
  5. Technip (France) $338 million
  6. JGC Corporation (Japan) $218.8 million
  7. Daimler (Germany) $185 million
  8. Alcatel-Lucent (France) $137 million
  9. Magyar Telekom (Hungary) $95 million
  10. Panalpina (Switzerland) $81.80 million

If FCPA prosecutions are an accurate statistical measure of the willingness of foreign businesses to participate in corruption, Trump is mostly correct. Only one US company makes the list. Moreover, with nine foreign corporations on the list, it does appear that the US is the “policeman for the world” (see DOJ site for the complete list).

3. The US is crazy.

That’s probably a matter of opinion. Watching CNBC for a few days straight might make one conclude that yes, it is crazy.

4. The world laughing at the US [for enforcing the FCPA].

Foreign companies might find the US’s anti-corruption stance risible (until they find themselves caught up in it). For example, Siemens had no compunction about including bribery in its budgets, despite the fact that they were directly subject to the law.

Criminal penalties, disgorgements, fines and consent orders levied against FCPA violators are tragicomically invisible to the vast majority of the world’s population which suffers through the indignity of having to live and do business within highly corrupt economies. Monies collected by the US government or the SEC never make it back to these individuals. 

His personal life, histrionics and buffoonery aside, Trump is a strategic thinker. Perhaps his frank talk isn’t surprising given that apart from a dust-up with the SEC over financial reporting about 10 years ago (settled out of court), he has not had any notable legal troubles over a long career in real estate and the gaming industry.

In my opinion, Trump runs a tight ship, otherwise there would be more blips on the map; his views on how to do business in China, India, Mexico or other ethically-challenged countries likely have nothing to do with how deals are finally done by the Trump Organization. But he would certainly appreciate being able to compete on a level field with foreign businesses for whom bribery is simply another accounting line item.

As an aside, perhaps Trump is engaged in a bit of spin in light of his competitor and onetime enemy Steve Wynn’s unlikely use of the statute internally to oust business partner Kazuo Okada?

69 Questions: EU quizes the G on its new privacy policy.

France’s data privacy authority CNIL (acting under EU mandate) sent Google the following questionnaire in order to clarify a number of concerns on the policy’s implementation, Google’s due diligence vis-a-vis its users and compliance of the policy with EU regulations.

The EU’s Article 29 Working Party (grouping Member State data protection authorities) stated that it further needs to clarify the consequences of the policy for users; specifically different levels of users, such as whether or not they have a Google Account, are non-authenticated, or simply passive users of Google’s services through Google APIs via other websites and/or applications (advertising, analytics, etc.).

Many of the questions seem to point in the direction of Competition Law concerns. It’s hard to imagine that the EU would be posing the same questions about Yahoo!’s privacy policy (which to my eyes, looks compliant).

The CNIL asked Google to provide written responses by April 5. Under EU law, responses are confidential unless Google consents to their release.

 

NGO on FCPA reform: fines should compensate victims.

The SERAP (Socio-Economic Rights and Accountability Project) has added its voice to the calls for FCPA reform.

In a press release, the Nigerian NGO proposes that the US DOJ and SEC allocate a percentage of funds from fines exacted on corporations to aide the actual victims of corrupt government officials and agencies.

SERAP argues that since the FCPA and other anti-corruption laws do not provide for civil actions (apart from under the the Alien Torts Act) and moreover since there is little possibility of recovering damages in the country where the corruption occurred, the US government should share civil penalty and disgorgement proceeds with the victims.

Last week the DOJ replied to the US Chamber of Commerce’s reasonable pleas to “restore balance” and provide clarity on the law (their letter is here) by agreeing to discussions. The DOJ owes a similar response to SERAP. While the NGO lacks the backing of the hundreds of large corporations represented by the USCC, its argument is one that needs to be taken seriously.

SERAP provides some guidance on how civil penalty and disgorgement proceeds should be distributed in a systematic and fair manner to NGOs and the US Congress should invite them to testify in hearings on FCPA reform. That’s probably unlikely though since we probably won’t see any substantial progress on the issue until after the US presidential elections this November.

Updated: The FCPA Professor blog examines this issue in further depth.

 Photo: Rory Mullholland

French Competition Authority will cut fines 10% for companies with compliance programs.

More recognition across Europe that a well-built and delivered compliance program is being taken into consideration by regulatory authorities comes from France today as the Competition Authority published notice that it would reduce fines for companies that put into place a competition law compliance program. They note and recommend that an “an efficient program” include the following basic elements:

  • The existence of a clear, firm and public position of support adopted by the company’s management bodies;
  • The commitment to appoint one or more persons responsible for the program’s development and operation;
  • Developing information tools, awareness raising measures and staff training;
  • Setting up management, audit and whistle blowing mechanisms;
  • Establishing a system for reviewing reports of misconduct and taking relevant followup actions.

It’s edifiying to witness the principal of reducing sanctions for companies with an effective compliance program spread out to other areas of corporations law. This is a very welcome development for compliance officers and legal departments who can leverage it to demonstrate the value of their programs.

Finally, it wouldn’t be a surprising to see 1) every market leader (or near-leader) in the EU adopt a compliance program and 2) compliance programs being considered in sanctions on in other aspects of corporate behavior, especially in the financial and energy sectors.

 

$16.8M fine for European device maker in FCPA settlement.

 

 

 

 

The US DOJ announced today that Smith & Nephew has admitted to and settled claims related to an offshore kickback scheme with a Greek distributor. Smith & Nephew also settled today with the US SEC, paying $5.4 million in disgorgement of profits, including interest.

This is one more in a line of FCPA cases where the weak link in a company’s compliance program turns out to be 3rd party distributors and pressure to bring in revenue.

A recurring motif in communications with resellers is a version of “all the other resellers are doing it, if I don’t, I can’t compete”.  It seems to be a trap that is too easy to fall into for some executives.

The DOJ noted that it will seek to have the original charges dismissed if Smith & Nephew abides by the terms of its settlement agreement.

P.I.P. Implants: French Health Authorities aware in 1996.

According to French daily Libération, a report delivered this morning to the French Ministry of Labor and Health confirms that P.I.P. implants were tested by independent physicians in 1996 who reported that they found leakage issues.

Moreover, the report cites 41 reported P.I.P. implant malfunctions that year (note that these were saline implants since silicone was banned at the time in France). French inspectors sent to P.I.P. HQ in 1996 noted in their file that “further investigations by qualified physicians would be needed” but the case was then dropped. No explanation as to why.

For those who are not aware, in 2000, the F.D.A. sent a letter to P.I.P. refusing to permit the marketing and sales of its implants in the U.S.

As noted in an earlier post on this subject, a change in device regulations is not the problem here. This is an issue of application of existing rules and better communication between health authorities, physicians and device manufacturers.

 

Cinergy FCPA case: It takes ‘guts’ to make this argument.

In the ongoing FCPA case related to Cinergy’s alleged bribery of Haitian officials, their lawyer is planning to bring in Prof. Edgardo Rotman of the University of Miami Law School to make the argument that the DOJ, in enforcing the FCPA, is “denying the realities of the world” and that certain business cultures apparently require bribery before a contract can be concluded.

Cinergy’s lawyer also said that countries like China ‘allow’ bribery, putting the U.S. at a disadvantage in global trade. 

Considering the fact that China has its own anti-corruption law that nearly mirrors the FCPA (and China is a member of the OECD Anti-Bribery Convention working group…), I don’t think that this testimony will go too far in convincing anyone. I am anxious to read an update. Or not.

photo: Christian Van Der Henst

The FCPA ‘Bad For Business’ Argument – Corruption Currents – WSJ.

EU Telecoms Package Directive and Cookies: Some compliance tips.

The French Commission nationale de l’informatique et des libertés (CNIL) recently published some advice on how to implement the new requirement that web site users consent to the placement of cookies on their devices by sites they visit. According to the Directive, neither a warning in the site’s Terms of Service (ToS) or acceptance through browser settings are adequate compliance. So what does the CNIL recommend?

  • a banner at the top of a webpage (such as implemented on the website of the UK data protection commissioner: www.ico.gov.uk as well as the CNIL : www.cnil.fr);
  • a consent request zone constructed as an html overlay on the page;
  • a set of tick boxes presented during subscription to a online service.

In this lawyer’s opinion, the steps above will likely be too onerous for entities without a very clear EU-emphasis to implement and will grossly affect the usability of many sites. Moreover, are applications that use web APIs and never go through a browser are somehow exempt from the requirements? Personally, I’m chagrined by Internet technology-specific legislation that is so poorly thought through that it is outdated by the time its implementation begins. What’s a poor “data administrator” to do? 
http://www.cnil.fr/english/news-and-events/news/article/what-the-telecoms-package-changes-for-cookies/