No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights

Germany in the World Cup and the Alstom FCPA Enforcement Action – Part II

by Thomas Fox
January 14, 2015
in Uncategorized
Germany in the World Cup and the Alstom FCPA Enforcement Action – Part II

This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.

“It was important that we played our game for 90 minutes.” That line was found in an article in The Daily Telegraph entitled “The Unthinkable Scoreline: Brazil 1, Germany 7″ by Jeremy Wilson. It was a quote from Mats Hummels, German World Cup starter, who participated in the single most memorable soccer game that I have witnessed, Germany’s win over Brazil in last year’s World Cup. As Wilson wrote, “It was the game for which the 2014 World Cup will be forever remembered but even now, almost six months on, just the scoreline retains its capacity to shock.” I would only add that the game will most probably be remembered for as long as soccer is played. Wilson ended his piece with “It was a sporting earthquake, and the aftershocks are still being felt.”

Somehow Wilson’s article seemed also an appropriate reflection on the Alstom Foreign Corrupt Practices Act (FCPA) enforcement action. While it is more recent in the minds of many Chief Compliance Officers (CCOs) and compliance practitioners, it is still reverberating and will continue to do so for the foreseeable future. I am in the middle of a three-part blog post series exploring facets of the Alstom matter. In my first blog post, I explored the specifics of the settlement documents, the stunning criminal fine of over $772 million and the more than 10 year bribery scheme involving multiple countries. Today, I want to look at the ongoing obligations which Alstom has agreed to in the deferred prosecution agreements (DPAs) for the entities involved; Alstom Network Schweiz AG, Alstom Power Inc. and Alstom Grid Inc. (collectively herein “Alstom”). All the DPAs are identical in their Attachment Cs and all quotes below are from the DPAs.

For the CCO or compliance practitioner, one of the first stops in reviewing any DPA is always Attachment C, which lays out the corporate compliance program that each settling party agrees to in any FCPA enforcement action. It provides the Department of Justice’s (DOJ) most current thinking on what constitutes a minimum best practices compliance program, which is generally described as “(a) a system of internal accounting controls designed to ensure that the company makes and keeps fair and accurate books, records and accounts; and (b) a rigorous anti-corruption compliance program that includes policies and procedures designed to detect and deter violations of the FCPA and other relevant anti-corruption laws.” The Alstom DPAs set the following requirements:

  1. High-Level Commitment. A company must ensure that its directors and senior management provide strong, explicit and visible commitment to its corporate compliance policy. Stated differently, and again, “tone from the top.”
  2. Code of Conduct, Policies and Procedures and Internal Controls. A company should have a clearly articulated and visible corporate compliance policy memorialized in a written compliance code. The policies and procedures will address the following areas: (a) gifts, (b) hospitality, entertainment and expenses, (c) customer travel, (d) political contributions, (e) charitable donations and sponsorships, (f) facilitation payments and (g) solicitation and extortion payments. Finally, there should be a system of financial and accounting procedures, “designed to provide reasonable assurance: (a) transactions are executed with management’s general or specific authorization;” (b) transactions are “recorded as necessary to permit preparation of financial statements in conformity with generally accepted accounting principals” and to maintain accountability for the assets; (c) access to company assets is permitted only with management general or specific authorization; and (d) there is testing of assets at regular intervals.
  3. Periodic Risk-Based Reviews. The company should periodically evaluate (no less than annually) these compliance codes on the basis of a risk assessment addressing the individual circumstances of the company, including geographic organization, interactions with various types and levels of government officials, industrial sectors of operation, involvement in joint venture arrangements, importance of licenses and permits in the company’s operations, degree of government oversight and inspection and volume and importance of goods and personnel clearing through customs and immigration. It also requires the company to update its compliance program, “taking into account relevant developments in the field and evolving international and industry standards.”
  4. Proper Oversight and Independence. The company should assign responsibility to senior executives for the implementation and oversight of the compliance program. Those executives should have the authority to report directly to independent monitoring bodies, including internal audit and the Board of Directors, and should have autonomy from management. Compliance programs needed to be funded; they need to have an appropriate level of resources.
  5. Training and Guidance. The company should implement mechanisms designed to ensure that its compliance code is effectively communicated to all directors, officers and employees. This means repeated communication, frequent and effective training and an ability to provide guidance when issues arise.
  6. Internal Reporting and Investigation. Alstom should have an effective system for confidential, internal reporting of compliance violations. It must also establish an effective process with sufficient resources for responding to, investigating and documenting allegations of violations.
  7. Enforcement and Discipline. The company should implement mechanisms designed to enforce its compliance code, including appropriately incentivizing compliance and disciplining violations. This prong also includes the requirement that Alstom remedy the misconduct and take steps to ensure no recidivism.
  8. Third-Party Relationships. Alstom should institute compliance requirements pertaining to the oversight of all agents and business partners. This includes the full five steps in the lifecycle management of third parties going forward.
  9. Mergers and Acquisitions. Under this requirement, Alstom must perform pre-acquisition due diligence on any target companies it is looking at and engage in an appropriate risk assessment and due diligence by its legal, compliance and accounting functions. If an acquisition is made, the company must integrate its compliance program into the newly acquired entity as soon as is practicable, put on an appropriate level of training and “when-warranted, conduct an FCPA-specific audit of newly acquired or merged businesses.”
  10. Monitoring and Testing. A company should conduct periodic reviews and testing of its compliance code to improve its effectiveness in preventing and detecting violations. Kick the tires regularly. As I said, compliance programs must evolve with changes in the law, business practices, technology and culture.

The company also has an ongoing reporting requirement that it promptly report to the DOJ any “possible corrupt payments or possible corrupt transfers of property or interests…for any person or entity working directly for the company (including its affiliates and any agent) or that related false books and records have been maintained.”

Finally, Alstom will report to the DOJ annually and for a period of three years “regarding the remediation and implementation of the compliance program and internal controls, policies and procedures.” However, in a twist we have not seen previously, as long as Alstom “satisfies the monitoring requirements contained in the Negotiated Resolution Agreement between the company and the World Bank Group,” it will not be required to sustain an external monitor. If Alstom fails to meet this burden, then “it will be required to retain an independent monitor.”

What does this mean for the compliance practitioner? I think the key is to do as Mats Hummels suggested, and play your game for the full match. The DOJ has laid out what it expects to see in a best practices compliance program going forward. Although clearly related to the 10 Hallmarks of an Effective Compliance Program, found in the FPCA Guidance, there are some subtle differences and perhaps even shifts in emphasis. I think the two keys ones are found in number three, where the DOJ lays out not only the specific areas you need to assess your risk around, but also mandates that evolving technological and industry standards be taken into account when upgrading or enhancing your compliance regime. Finally, in number seven, I think the DOJ comes as close as it can to mandating that the CCO position and compliance function be separate and apart from the General Counsel (GC) and company’s legal function.

Next time, some concluding thoughts on Alstom.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.


Tags: Tone at the Top
Previous Post

Policies: The last mile of Risk Management

Next Post

Tackling the “Corruption Epidemic”

Thomas Fox

Thomas Fox

Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, risk management and international transactions. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units. Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan. Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets. Thomas Fox can be contacted via email at tfox@tfoxlaw.com or through his website www.tfoxlaw.com. Follow this link to see all of his articles.

Related Posts

farm silos

Siloed Thinking, Scattered Compliance: The Leadership Challenge in GRC

by Anna Muzalska
April 7, 2025

Strong leadership and integrated communication prove as critical to compliance success as policies and procedures alone

chess pieces

10 Questions That Separate Strategic Leaders From Spectators

by Jim DeLoach
February 19, 2025

From pattern recognition to emotional intelligence, key indicators reveal true boardroom influence

3d rendering representing inaccessible door

Why Your ‘Open Door’ Policy Could Be Nailing the Door Shut

by Roxanne Petraeus
November 6, 2024

When compliance training looks like it came from 1995, employees get the real message

hero as leader concept

UK Brewer’s Cultural Hangover Highlights the Perils of Hero Leadership

by Steve Hearsum
June 12, 2024

What do hotshot startups and cults often have in common? A charismatic leader. But what happens when the public face...

Next Post
Tackling the “Corruption Epidemic”

Tackling the "Corruption Epidemic"

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights