Thursday, January 31, 2013


"3rd parties" Cost Lilly $29,398,734


One of my favorite clients, World Compliance, publishes an occasional email newsletter.

World Compliance ( claims it "helps mitigate risk by providing an information advantage through access to the world’s largest, most comprehensive anti-corruption database. "

World Compliance solutions are used to identify individuals and companies linked to over fifty different risk categories, such as:

  • Politically Exposed Persons (PEP)

  • Foreign Officials

  • Terrorist funding

  • Fraud

  • Money laundering

  • Corruption

  • Drug trafficking

  • Collateral crimes

  • Arms trafficking

  • Beneficial owners

  • Human trafficking

In order to provide global protection, World Compliance offers services that conform to over 100 local anti-terrorism and money-laundering laws; including, but not limited to the following legislation:

  • USA Patriot Act
  • Financial Action Task Force (FATF)
  • Bank Secrecy Act (BSA)
  • Foreign Corrupt Practices Act (FCPA)
  • 3rd EU Money Laundering Directive

So much for the commercial.

One of the articles in the most recent e-newsletter is about pharma giant Eli Lilly. Having been born in Indianapolis, I go back a long way with the company.

What got my attention?

It seems that, according to the U.S. Securities and Exchange Commission (SEC), Lilly executives apparently got a little too casual in checking out the organizations with which it was dealing in Russia. Specifically, the SEC contends:, "

The Eli Lilly subsidiary in Russia paid millions of dollars to third parties using offshore “marketing agreements”, although they had little knowledge about the third parties beyond their offshore address and bank account information. These third parties were selected by government customers or distributors and rarely provided any services. In some instances, these entities were used to funnel bribes to government officials in order to obtain business for the subsidiary. In one case, approximately $2 million was paid to an offshore entity owned by a government official. In another case, approximately $5.2 million was paid to an offshore entity closely associated with an important member of the Russian parliament.

"The SEC alleged that Lilly accepted paperwork at face value without proper assessment of the terms and circumstances of transactions that suggested the possibility of foreign bribery It further cited the company for its failure to perform any specialized review of offshore and government-affiliated entities in an attempt to detect possible FCPA violations. The SEC charged that—despite the company’s recognition that the questionable marketing agreements were being used to “create sales potential” in possible violation of the FCPA—Lilly allowed the situation to continue unabated for more than five years by not curtailing the subsidiary’s use of those agreements."

Emphasis in the above two paraagraphs mine.

Lilly's Russian adventure is not the only issue that caused the $29 million plus penalty. It also was taken to task for:

  • A Lilly subsidiary in China provided incentives in order to obtain business by falsification of employee expense reports. Some of the incentives included spa treatments, jewelry, and other improper gifts as well as cash payments to government-employed physicians
  • The Lilly subsidiary in Poland facilitated influence on behalf of its business in a creative way. In exchange for an official placing Lilly drugs on the government reimbursement list, the Lilly subsidiary made eight improper payments totaling $39,000 to a small charitable foundation founded and administered by the head of one of the regional government health authorities.
  • Lilly’s Brazilian subsidiary allowed one of its pharmaceutical distributors to pay bribes to a government health official to obtain $1.2 million in sales of a Lilly drug product for its use in state institutions

To be fair, "Lilly has not admitted or denied the allegations, but has consented to entry of a final judgment that permanently enjoins the company from violating the anti-bribery, books and records, and internal controls provisions of the FCPA."

And, still trying to be fair to Lilly, all the SEC complaints were against subsidiaries, not the parent in Indianapolis.

THE POINT in all the foregoing is simple: If you are a risk manager you need to help your client - internal or external - understand that (a) it needs to realize that for the organization, the legal "buck stops here" and (b) that it needs not only to fully vet its business partners, but to make certain the business partners remain within the applicable laws - and those laws are more than "just" US acts.

Management can claim it didn't know, but such claims fall on regulators' deaf ears; it goes back to the old saw: "Ignorance is no excuse."

Risk managers rarely, too rarely, are invited into the executive suite, and far too often, management doesn't want to hear that the organization is open to threats beyond the environment and maybe a work action. Pandemic threats are "sexy" so lots of attention is given useless pandemic-specific plans (that typically are ignored after the annual threat goes by the way).

I consider World Compliance e-newsletters to be on a par with AdvisenFPN's daily blast; both remind me of threats I might overlook were it not for the occasional "refresher." While I really don't care that

  • A Former Russian Defense Minister Subpoenaed
  • A Fugitive Judge Arrested in Chile
  • or that "Resistencia Gallega" Members Charged with Terrorism

On the other hand, Allianz SE's risk manager should be concerned that the organization is charged with Foreign Corrupt Practices Act (FCPA) violations.

Any organization that thinks having a typical business continuity plan is enough doesn't take risk management seriously.

Threats to the organization come from all points; even "trusted" partners that may, if given enough leeway, prove to be less than truly trustworthy.

If I wrote it, you may quote it.

Monday, January 28, 2013


Have they any value?


I was notified this morning that I have another endorsement on my LinkedIn page.

I am flattered.

People I've never met, with whom I have no contact, at least on a personal acquaintenance basis, have endorsed me for my skills, some of which I would suggest are skills I lack, or at least skills that need a great deal of improvement to be worthy of endorsement.

Again, I'm flattered by the endorsements, but do they have any REAL value?

If I go looking for a person on LinkedIn to fill a specific job and I see that person is endorsed by a multitude of folks, my first instinct is to think: "Wow, this person must really know his (or her) stuff."

But then I remember MY endorsers.

I don't know WHY they endorsed me.

I used to have a Web site with more opinionated articles on it than Carter had Little Liver Pills - after 1958, just "Little Pills." But I took it down several years ago. I still have a Google site, but it's gathering dust; Google simply is too limited to meet my needs. I also maintain a blog - you're here now so I know you know it's location - but even the blog is getting fewer and fewer entries. (Solomon was right; there is "nothing new under the sun," especially for risk management practitioners.)

There are, perhaps, a half dozen "legitimate" endorsements on my profile. People with whom I have labored or with whom I have had either face-to-face meetings or extended and on-going email exchanges. The best endorsements are from the folks who often disagree with me; we both benefit from the exchanges. Besides, life sans differing opinions would be terribly boring.

Did I write that I was - am - flattered by all the endorsements?

Do I endorse anyone? To date, I have not.

Why not? If anyone gives me as a reference, I will gladly, immediately, and honestly respond to whomever asks about the job applicant.

On the old, now defunct, Web site I once had a list of references from former coworkers and supervisors. I made a point to get written references since people retire, move on, or otherwise "disappear." Written references can be scanned to PDF for Web sites; email references also are good.

But a LinkedIn endorsement?

A LinkedIn "Recommendation" is another matter. With a "Recommendation" there is some evidence, perhaps "soft" evidence, that the person writing the recommendation actually KNOWS the person being recommended, and hopefully really knows the person's qualifications. "Recommendations," in my Edward Bear mind, equate to "references."

I won't object if you want to endorse me on LinkedIn, but unless I know the endorser, it neither will excite me or gain the endorser my endorsement in return. (I know it may seem unkind, but all-in-all, the think the value of an endorsement has been, by its casual use, greatly devalued.)

Tuesday, January 22, 2013


Background check


Do you use Skype, Tinychat (, or something similar for video calls?

Do you make those calls from your office, perhaps a home office?

Do you ever look at the image YOU are sending?

If not, it might be a good idea.

A fellow with who I video chat has a huge window behind his desk. When the blinds are open and the sun's bright, his features can't be discerned. When the blinds are closed, the office is dark and it's hard to discern his features.

My home office, on the other hand, has the window on the north side so the sun shines on me from the side. I have a "sunny side" and a "less sunny side." When the sun's behind a cloud or over the horizon, I have a light that illuminates my bearded face.

But, because it IS a "home office," the background is cluttered with non-business "stuff." I suppose I should move my BCI and Harris Institute certificates to the wall behind me, but they are big and would keep me from opening my closet door. I also could place my several clocks on the wall behind me, but then I'd have to spin around every time I wanted to see what time it is in Israel or California or …

Since I don't often have video chats with clients, I am not overly concerned about the background, although lighting and sound quality are important. (I have a Hercules camera with built-in microphone that apparently lacks decent pick-up power; people complain I cannot easily be heard. The Spouse also has a Hercules camera, but hers has an external mic so she is heard.)

As with all other things "risk management," it is well worthwhile to check how things will appear to someone else.

Is the camera focused (if it even HAS a focus mechanism)?

Does the microphone capture your voice without you having to shout?

Is the other party's voice loud enough through the computers internal speakers; what about external speakers.

It's like a car.

The gas tank if full.

But when you jump in to go someplace you find a tire is flat.

If you have a fully-inflated spare and the time, you can replace the flat with the spare.

Too many "if"s for a seasoned risk management practitioner.

Those "if"s could have been avoided by a little pre-trip inspection.

The same holds for video conferencing.

A little pre-conference check will go a long way to giving a professional appearance.

Thursday, January 3, 2013


New definition of "employee" can be costly


In an article on the JDSupraLawNews Web site ( titled New Definition Of "Employee" Promises To Result In New Workers' Compensation Risk And Cost To Maine Employers, employers in Maine are warned to expect higher workmen's compensation payments to insurers.

"Unless the employer can satisfy a very strict multi-part test that defines “independent contractor.” the test also applies for purposes of unemployment insurance, it will have a far greater effect in the area of workers’ compensation, " the article claims.

While this currently is limited to Maine, the trend may be followed by other states. Litigation also can be expected, and that, too, can encourage, or discourage, other entities' legislation.

Maine's criteria to determine if a contractor really is a contractor is set forth at .

According to the document, WCB 266:

13-A. Independent contractor. A person who performs services for remuneration is presumed to be an employee unless the employing unit proves that the person is free from the essential direction and control of the employing unit, both under the person's contract of service and in fact and the person meets specific criteria. In order for a person to be an independent contractor:

A. The following criteria must be met:

(1) The person has the essential right to control the means and progress of the work except as to final results;
(2) The person is customarily engaged in an independently established trade, occupation, profession or business;
(3) The person has the opportunity for profit and loss as a result of the services being performed for the other individual or entity;
(4) The person hires and pays the person's assistants, if any, and, to the extent such assistants are employees, supervises the details of the assistants' work; and
(5) The person makes the person's services available to some client or customer community even if the person's right to do so is voluntarily not exercised or is temporarily restricted; and

B. At least 3 of the following criteria must be met:

(1) The person has a substantive investment in the facilities, tools, instruments, materials and knowledge used by the person to complete the work;
(2) The person is not required to work exclusively for the other individual or entity;
(3) The person is responsible for satisfactory completion of the work and may be held contractually responsible for failure to complete the work;
(4) The parties have a contract that defines the relationship and gives contractual rights in the event the contract is terminated by the other individual or entity prior to completion of the work;
(5) Payment to the person is based on factors directly related to the work performed and not solely on the amount of time expended by the person;
(6) The work is outside the usual course of business for which the service is performed; or
(7) The person has been determined to be an independent contractor by the federal Internal Revenue Service.

Maine's definition may also put employers in jeopardy of long-term contractors making claims for vacation and other benefits. A situation such as this happened years past at Lucent Technologies when a long-term contractor demined vacation time. While I do not recall the outcome of the litigation, I do know Lucent changed its contractor policy and allowed a maximum contract duration of 6 months. As a consultant I encountered this with other clients as well, albeit it was not universal.