FCPA Compliance and Ethics Blog

October 7, 2014

The Positive Effects of DPAs and NPAs in FCPA Enforcement

JusticeOne of the oft-made criticisms regarding the Department of Justice (DOJ) around its enforcement of the Foreign Corrupt Practices Act (FCPA) is its the use of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) somehow pervert the course of justice. Some of the criticisms include: DPAs and NPAs are either too harsh or too lenient; DPAs and NPAs let corporations off too easily or they are too unfair to corporations; DPAs and NPAs are inherently unfair as they give the DOJ too much leverage in any negotiation or that the DOJ uses them as a way to simply seek bigger fines and to not go after the real culprits, i.e. rogue employees; the fines levied under DPAs and NPAs are too great or too small, but whichever it is, there is not appropriate judicial oversight; and my personal favorite, the DOJ needs to ‘trial-lawyer up’ and go to trial against big bad corporations which violate the FCPA to really show ‘em they mean business.

Speaking from the perspective of a former in-house type, I have argued that corporations desire DPAs and NPAs because they bring certainty. Not only in ending an enforcement action but also in knowing your obligations going forward; and they bring certainty in setting the fines and penalties to be paid for a FCPA violation. And, of course, if you enter into a DPA or NPA you bring your corporate client the certainty that you will not ‘Arthur Anderson’ your organization out of existence.

However there are other reasons why the use of DPAs and NPAs has been positive and that is the effect on companies. In a recent paper, entitled, “The Effect of Deferred and Non-Prosecution Agreements on Corporate Governance: Evidence from 1993-2013 ”, authors Wulf A. Kaal and Timothy Lacine looked precisely at that issue. In an exhaustive study they reviewed all publicly available DPAs and NPAs from 1993 to 2013. The authors found that in a wide variety of categories 97.41% of the publicly available DPAs and NPAs “mandated substantive governance improvements” in the corporations that entered into them. Any time you have 97% improvement in anything, I would say someone must have been doing something right, somewhere, somehow. From the thesis of their article, it would appear that what the DOJ is doing right is using DPAs and NPAs to positively impact corporate governance.

What were some of the changes brought about through the use of DPAs and NPAs? In the area of Board governance there were provisions including mandating changes requiring additional reporting obligations for the Board; required changes to existing Board committee structure of the entity, often creating new board committees. Other changes included increased Board monitoring obligations, the addition of independent director(s) and changes pertaining to management of the entity. In addition to more Board involvement, under a number of DPAs and NPAs, a settling company’s senior management was required to provide additional oversight and involvement with the compliance function. Similarly monitoring obligations have generally increased with many DPAs and NPAs containing specific provisions that related to ongoing monitoring requirements.

Both the Chief Compliance Officer (CCO) position and the compliance function were significantly impacted by many of the DPAs and NPAs. Many contained provisions relating to a new, improved or expanded compliance program. Additionally, many DPAs and NPAs contained provisions pertaining to improved compliance communications and training requirements in the compliance function. Internal controls and required improvements pertaining to books and records were also noted. Of course, if a company did not have a Code of Conduct or CCO, they were required.

The authors have also identified additional and continuing oversight factors. They note that DOJ “involvement suggest that prosecutors can promote an ethical corporate culture through enhanced compliance measures in N/DPAs. Under this theory, the DOJ’s expansionary tendencies in N/DPAs are a mere extension of legally mandated compliance requirements. In fact, corporate governance of the respective entity plays a major role in federal prosecutors’ charging decisions. The increased role of independent private sector oversight may help address the increased complexity of corporate crime and dwindling public funds. Given their education and experience as well as their ability to fill a void left by the system, prosecutors may be uniquely qualified to institute corporate governance changes.”

I think this ongoing DOJ oversight is not to be underestimated as a positive effect for compliance. Clearly if an external monitor is required there will be at least annual reporting to the DOJ on the company’s implementation of the terms and conditions of its settlement. But even if the DOJ does not require an external monitor there is always a requirement that the settling company report to the DOJ on the extent of its compliance efforts. The best practice would suggest that an independent third party make this assessment but even if it is not accomplished in such a manner, there is still DOJ oversight.

While the DOJ has pronounced that they are not involved in industry sweeps, the reality is that some industries have been hit with more FCPA enforcement actions than others. If there are a large number of FCPA settlements using DPAs and NPAs in one industry, it can have the effect of increasing both the knowledge of compliance and sophistication of compliance programs within that industry. I have personally witnessed this in the energy industry in Houston where compliance is now driven as a business solution to the legal problem of FCPA compliance. Scott Killingsworth calls this Private-to-Private compliance solutions. I call it business solutions to legal problems. Whatever you might wish to name it, these FCPA enforcement actions have increased the prevalence of compliance programs in the energy industry.

The authors also believe that through the use of DPAs and NPAs, the DOJ is better able to communicate its expectations of what it expects in the way of a best practices compliance program. They state that Boards, “management and corporate counsel may see these preexisting measures as a roadmap for preparing for future investigations and handling the eventual investigation.”

Finally, the authors provide a very interesting insight as to the power of DPAs and NPAs, which is not often discussed in the FCPA context. They contend that use of DPAs and NPAs, as corporate governance tools, “may be preferable to changes to federal law.” They explain, “Compared with more meaningful congressional governance reform, N/DPA-related governance reform is relatively “cheap” for corporations because comparatively few board and management positions are adversely affected. Furthermore, N/DPA-related governance reform is a measure supported by most corporate insiders as it is seen as beneficial for investors. Until regulators belatedly realize the threat posed by particular industry practices, as identified in N/DPAs, and consider acting upon it, N/DPA-related governance reform is entity specific and increases the availability of relevant, decentralized, and institution specific information for regulatory action. Preemptive remedial measures preceding the execution of N/DPAs and associated N/DPA feedback effects can create the framework for anticipatory dynamic regulation as a regulatory supplement.”

This last concept speaks to the transactional cost of changing not only laws surrounding corporate governance but the reform of a corporation for itself. The key stakeholder unit of investors certainly profits by having more and better corporate governance, as does the corporation itself. I found the authors’ work to be a welcome addition to the ongoing debate on DPAs and NPAs.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

March 21, 2014

The Destruction of Arthur Andersen and the Use of DPAs in FCPA Enforcement

Arthur AndersenThe debate over the efficiencies of Deferred Prosecution Agreements (DPAs) continued this week with additional criticism of their use. I have argued that DPAs are in a corporation’s interest because they can bring certainty to the conclusion of an enforcement action and allow it to make remedial changes and move forward. However yesterday I came across an article by Larry Katzen, a former partner at Arthur Andersen and author of “And You Thought Accountants were Boring – My Life Inside Arthur Andersen.” Katzen’s piece is entitled “A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat” and it details the destruction of the firm after it’s guilty verdict surrounding the Enron scandal. Katzen articulates the human costs for the total wipeout of the firm and sets out clearly what can happen when a company goes to trial and sustains a guilty verdict. I received permission to reprint his article in full, which is below:

==============================================================================================================================================================================================================================

A Business World Massacre – What Can Happen 
When Government Needs a Scapegoat 

It remains one of the greatest travesties in the history of American business: In 2001, the 85,000 employees of one of the world’s largest accounting firms began losing their jobs in droves. Their employer had become tainted by its loose association with Enron Corp., a financial house of cards that was imploding and taking with it billions of dollars in employee pensions and shareholder investments.

In 2002, accounting firm Arthur Andersen was convicted of charges related to Enron’s fraudulent practices. The charges had nothing to do with the quality of their auditing – or any of Enron’s illicit practices. The conviction was appealed, and in 2005, the U.S. Supreme Court struck it down in a unanimous vote. But the damage had already been done.

To date, despite millions of records being subpoenaed, there is no evidence Arthur Andersen ever did anything wrong. Still, perceptions are everything: Most people are not aware that the accounting firm, which led the industry in establishing strict, high standards, became a government scapegoat.

When I speak to groups across the country, I ask the following questions. Below are the typical responses I receive – and the actual facts.

1.     What do you remember about Arthur Andersen? 

Typical Response: They were the ones that helped facilitate the Enron fraud. They deserved what they got.

Fact: Arthur Andersen was the largest and most prestigious firm in the country. It was considered the gold standard of the accounting profession by the business community.

2.     For what was Arthur Andersen indicted? 

Typical Response: They messed up the audit of Enron and signed off on false financial statements.

Fact: They were indicted for shredding documents. These documents were drafts and other items that do not support the final product. All accounting firms establish policies for routinely shredding such documents.

3.     How long was it between the Enron blowup and when Arthur Andersen went out of business? 

Typical Response: One to three years.

Fact: The largest accounting firm in the world was gone in 90 days.

4.     Was the indictment upheld? 

Typical Response: Yes, that is why they went out of business.

Fact: No. The Supreme Court overruled the lower court in a 9-0 decision, and came to the conclusion within weeks, making it one of their quickest decisions ever.

5.     How many people lost their jobs as a result of the false accusations? 

Typical Response: Have no idea, but the partners got what they deserved.

Fact: Eighty-five thousand people lost their jobs and only a few thousand were partners. Most were staff people and clericals who made modest sums of money.

6.     Who benefited from Arthur Andersen going out of business? 

Typical Response: Everyone – we finally got rid of those crooks and made a statement to the rest of business to operate ethically.

Facts: It was not the Arthur Andersen people; they lost their jobs. It was not the clients; they had to go through the stress and expense of finding a new auditing firm. It was not the business world in general: It now has fewer firms from which to choose and rates increased. It was their competitors who benefited – they got Andersen’s best people and clients and were able to increase their rates and profitability.

7.     What accounting firms now have ex Arthur Andersen partners playing leadership roles in their firms? 

Typical Response: None

Facts: The “big four,” all the large middle-tier firms and many small firms have former Arthur Andersen partners in leadership positions. Finally, many members of the new Public Accounting oversight Board (PCAOB), which oversees these firms, now have former Arthur Andersen people involved in reviewing the quality of these firms.

==============================================================================================================================================================================================================================

Was Arthur Andersen guilty of a crime? The jury said yes but the US Supreme Court said no. Were they a part of one of the biggest corporate frauds of all-time? Perhaps. Did Arthur Andersen make mistakes? Yes. Did the firm deserve to get wiped out as a result of document shredding? Are you kidding?

The destruction of Arthur Andersen is foremost on the mind of every General Counsel (GC), Chief Executive Officer (CEO) and Board of Director whose company is facing the decision of whether or not to fight in court any charges related to Foreign Corrupt Practices Act (FCPA) violations. Some have argued that DPAs pervert the course of justice but from where I sit, having seen Arthur Andersen destroyed before our collective eyes, the better practice is to enter into a DPA. Was it really in the interest of the Department of Justice (DOJ), or even the People of the United States, who after all the DOJ represent, to throw 85,000 people out of work for the document shredding engaged in by the firm’s Houston office?

Some commentators seem to argue that if a company violates the FCPA, they should get what they justly deserve. But does it serve any interest to wipeout an entire company? Finally, for those who want to tell company management to man up and go to trial, GCs, Chief Compliance Officer (CCO), Board members and others need to remember their legal obligations to their companies and shareholders and not be cowboys going to the last gunfight. Put another way, do you want to be the first GC, CCO, Board member or CEO who tells the DOJ that you are over-reaching and we are going to trial and lose everything like Arthur Andersen did?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

January 3, 2014

The FCPA Year in Reivew-the eBook

I am pleased to announce the release of my eBook, “2013-the FCPA Year in Review” available through amazon.com. The past year saw the highest number of U.S. prosecutions of corporate bribery overseas since the banner year of 2010.  Some of the key corporate cases were Parker Drilling, Total and Weatherford. 2013 also saw 13 individuals prosecuted for FCPA or related criminal or civil violations. This jump in prosecutions illustrates the government’s commitment to aggressively pursuing these cases.

In this book, I review the underlying facts which led to the FCPA enforcement actions and the key lessons to be learned by the compliance practitioner going forward. I am certain that you will find this book useful in assessing your compliance program for 2014 and beyond.

It is a great value at $4.99. You can purchase a copy of the eBook, “2013-the FCPA Year in Review” by clicking here.

January 2, 2014

The 2013 FCPA Year in Review-Corporate Enforcement Actions

In my final post of 2013, I reviewed all of the individual Foreign Corrupt Practices Act enforcement actions which occurred in the past year. In this first post of 2014, I review all the corporate enforcement actions in 2013. If you would like to have a handy reference on all of the 2013 FCPA enforcement actions, I am pleased to announce the publication of my latest book, entitled, “2013-the FCPA Year in Review”. It is available in an eBook format on Amazon.com.

A.     Total

Total SA engaged in a nearly decade long, breathtaking bribery scheme. In this scheme, Total paid approximately $60MM to an un-named Iranian Official of the National Iranian Oil Company (NIOC), who steered two major projects Total’s way. The projects for which Total paid the bribes were the Sirri A and E oil and gas fields and South Pars gas field. Total paid a criminal penalty to the DOJ of $245.2 million and civil penalty of $153 to the SEC.” Total’s agreed monetary penalty of $398MM was the fourth biggest FCPA resolution.

B.     Parker Drilling

The company was involved in a bribery scheme to pay-off judges in a Nigerian Tax Court to allow Parker Drilling to pay lower than warranted tax assessments for its drilling rigs in the country. Due to its efforts to create a gold standard compliance program all the while undergoing its own internal investigation, Parker Drilling’s conduct earned it an “approximately 20 percent reduction off the bottom of the fine range” which suggested a fine of between $14.7MM to $29.4MM. The final DOJ fine was $11,760,000. The company also agreed to pay disgorgement of $3,050MM plus pre-judgment interest of $1,040,818, to the SEC.

C.     Ralph Lauren

The Ralph Lauren Company received Non-Prosecution Agreements (NPA) granted by the SEC and DOJ. The illegal conduct at issue related to its Argentinian subsidiary and efforts by the General Manager of that operation, who conspired with a customs clearance agency to make payments “to assist in improperly obtaining paperwork necessary for goods to clear customs, to permit clearance of items without the necessary paperwork, to permit the clearance of prohibited items, and to avoid inspection.” For its conduct, Ralph Lauren agreed to pay $882K to the DOJ and $593K in disgorgement and $141K in pre-judgment interest to the SEC.

D.    Weatherford

In late November, Weatherford International Limited (Weatherford) concluded one of the longest running open FCPA investigations when it agreed to the ninth largest FCPA fine of all-time and one of its subsidiaries, Weatherford Services Limited (WSL), agreed to plead guilty to violating the anti-bribery provisions of the FCPA. The total amount of fines and penalties for the FCPA violations was $152.6 million. The company was also hit with another $100 million in fines and penalties for trade sanctions bringing its total amount paid to $252.6 million. The bribery schemes that Weatherford used were varied but stunning in their brazen nature. But in spite of how things began, Weatherford was able to make a turnaround and substantially improve its position by reversing this initial nose-thumbing at US regulators.

E.     Stryker

In an interesting FCPA enforcement action resolved in October, the Stryker Corporation agreed to settle with the SEC via an Administrative Order, not a criminal action filed by the DOJ. According to the FCPA Blog, “The SEC said Stryker Corporation will pay $13.2 million to resolve FCPA violations. The bribes totaled about $2 million and were ‘incorrectly described as legitimate expenses in the company’s books and records,’ according to the SEC. Stryker will disgorge to the SEC $7.5 million and prejudgment interest of $2.28 million. It is also paying a penalty of $3.5 million.” SEC Complaint. There was not even a civil Complaint filed by the SEC and Stryker is not required to have a Corporate Monitor to assess its ongoing compliance efforts or its commitment to having a compliance program.

F.     Diebold

In late October, Diebold, an Ohio company which makes ATM machines, agreed to pay a criminal fine of $25.2 million to the DOJ and $23 million in disgorgement and prejudgment interest to the SEC to resolve allegations it violated the FCPA by covering up bribes to bank officials in China, Indonesia and Russia. The total fine of just over $48MM. The DOJ charged it in a two-count information with conspiring to violate the FCPA’s anti-bribery and books and records provisions and a substantive books and records offense. There were no charges under the anti-bribery provisions, which apply only to corrupt payments to foreign officials. The Diebold resolution took the form of a DPA with the DOJ, along with a fines and a Corporate Monitor. From its resolution with the SEC in addition to the profit disgorgement and prejudgment interest paid the company agreed to an agreed injunction to stop, once again, violating the FCPA.

G.    Bilfinger SE

In early December, DOJ announced it had resolved an ongoing FCPA with German entity Bilfinger SE (Bilfinger). This case involved the same background facts and events as the Willbros corporate FCPA enforcement action and the related individual enforcement actions with some of its former employees. The facts in this case were bad, bad, bad. The Bilfinger enforcement action moves towards the ending of one of the sorriest examples of corporate malfeasance in the FCPA world. While it took a long time, justice has certainly been a long time coming. With the continued flight from justice of former Willbros employee James Tillery who renounce his US citizenship to try and escape prosecution by taking refuge in Nigeria; perhaps things are coming to an end. But with the conclusion of this corporate enforcement action against Bilfinger, perhaps there may be additional individual enforcement actions.

H.    Archer-Daniels-Midland

In late December, it was announced by the DOJ and SEC that they had settled both a criminal and civil enforcement action with Archer-Daniels-Midland Company. The DOJ resolved the criminal action when a subsidiary of ADM pled guilty and agreed to pay more than $17 million in criminal fines to resolve charges that it paid bribes through vendors to Ukrainian government officials to obtain value-added tax (VAT) refunds, in violation of the FCPA. In a parallel civil FCPA action settled with the SEC and the SEC Press Release noted that “The payments were then concealed by improperly recording the transactions in accounting records as insurance premiums and other purported business expenses. ADM had insufficient anti-bribery compliance controls and made approximately $33 million in illegal profits as a result of the bribery by its subsidiaries.” In addition to the DOJ fine of $17.8MM, ADM agreed to pay “disgorgement of $33,342,012 plus prejudgment interest of $3,125,354.”

What Did It All Mean?

The clear message from these corporate enforcement actions is that early detection and remediation can lead to a significant reduction in fines and penalties. I believe that these corporate enforcement actions make clear that a company’s actions during the pendency of the investigation, in addition to the underlying FCPA violations, will be evaluated and assessed to determine the final penalty. The DOJ and SEC continue to communicate not only what they believe constitutes a best practices compliance program but equally importantly what actions a company can engage in which will significantly reduce a company’s overall fine and penalty. Both the DOJ and SEC continue to communicate, through their enforcement actions, to the compliance practitioner what they expect from companies in the way of a best practices compliance program and what a company should do if they discover a potential FCPA violation. These communications, through enforcement actions, DPAs, NPAs and Declinations, are consistent with the information provided by the DOJ/SEC in the FCPA Guidance. These enforcement actions demonstrate that if a company gets ahead of the curve, it can significantly lessen its overall penalty and pain.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 13, 2013

More Compliance Lessons from the Asiana/SFO Crash Investigation

I have long been interested in the intersection in the changes in attitude regarding safety in the workplace by corporations and the changing attitudes on doing business through bribery and corruption. As a trial lawyer defending corporations in catastrophic accident lawsuits, I saw a sea change in the corporate attitude regarding safety, beginning in the 1980s through the 1990s. Many of the arguments used against safety during that era are used now. Some of my favorites are: (the financial excuse) it costs too much and doesn’t contribute to the bottom line; (the traditional excuse) we’ve always done it that way; and (my personal favorite) you can’t stop humans from screwing up and trying to injure themselves. But the reality is that safety at the work place did improve and now most companies not only say that safety is job No. 1 but they live and breathe that motto. Does this sea change mean that serious accidents do not happen at the workplace? Of course not, but it does not mean that companies have or even should give up the quest for zero accidents at work.

Part of the ongoing debate about compliance is whether the Department of Justice (DOJ) approach of corporate enforcement actions and the use of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) help or hurt compliance with the Foreign Corrupt Practices Act (FCPA). Some commentators remark that the simple fact that there are enforcement actions is indicia itself that the DOJ approach is not working. Mike Volkov took on this topic in his post, entitled “The Sky is the Limit: Escalating Fines, DPA/NPAs and Deterrence”, by asking if “it is important to ask the question whether the current enforcement scheme adequately punishes and deters corporations”? In his discussion he points to some who want more prosecution of individuals as a greater deterrent and others, notably the FCPA Professor, who want greater corporate protections against prosecution through the addition of a compliance defense as a mechanism to give corporations more incentive to do business in compliance with the law. Volkov ends by observing the DOJ’s current enforcement focus “will not change unless and until there is a good reason to do so – so far no one has pointed to any significant reason for the Department of Justice to change its practices.”

I thought about all of the above in the context of the hearings in Washington in front of the National Transportation Safety Board (NTSB) surrounding the crash of the Asiana jet at San Francisco’s airport last summer. Earlier this week I wrote about one of the lessons from the hearings which was the need for enhanced training by Asiana pilots on not only the specific planes they pilot but also training that they can speak up when they see something that they believe is not right.

This need for training was made even more acute when the story about the testimony given by the Captain on board the flight in question in a New York Times (NYT) article, entitled “Pilots in Crash Were Confused About Control Systems, Experts Say”, where Captain Lee said that he told investigators that any of the three pilots on the plane could have decided to break off the approach, but he said it was “very hard” for him to do so because he was a “low-level” person being supervised by an instructor pilot. But more than even the failure to raise his hand and speak up, Lee did not heed the warning of a junior officer. As reported in an article by the Associated Press, entitled “Pilot who crashed at SFO was worried about landing”, after the accident, Lee told NTSB investigators that neither he nor the instructor pilot onboard the flight said anything when the first officer raised concerns four times about the plane’s rapid descent. Further, he was very concerned about his ability to make a visual landing. So not only was Lee afraid to speak the truth to a superior, he didn’t listen when questioned by a junior. In the world of workplace or airline safety, this is a recipe for disaster.

I think the key to overcoming these problems is training, which has long been recognized as a cornerstone of any best practices ethics and compliance program. I thought it might be an appropriate time to review the training statements made regarding the FCPA. The US Sentencing Guidelines list “Conducting effective training programs” as one of the factors the DOJ will take into account when a company accused of a FCPA violation is being evaluated for a sentence reduction. The Sentencing Guidelines mandate:

(4) (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities. 

After the promulgation of the Sentencing Guidelines, the DOJ and Securities and Exchange Commission (SEC) gave their views on training in the 2012 FCPA Guidance. Their Ten Hallmarks of an Effective Compliance Program listed Training and Communication as one of the key elements. In this section they said that anti-corruption and anti-bribery compliance policies cannot work unless effectively communicated throughout a company. They advised that “a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” But more than a simple dyadic promulgation of a rule, a company should tailor its training to its needs and its risks. This means that any “information should be presented in a manner appropriate for the targeted audience, including providing training and training materials in the local language.

In addition to the FCPA Guidance, the UK Ministry of Justice (MOJ) has stated that training is one of the Six Principles of an effective compliance program. Under Principle V, it states that “The business seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the company through internal and external communication, including training, that is proportionate to the risks it faces.” The Guidance recognizes that communication and training deters bribery by companies, their employees and those persons associated with it, by enhancing awareness and understanding anti-corruption policies and procedures and the company’s commitment to their proper application. It therefore follows that making information available on legal requirements, obligations and policies and procedures for implementation of the same assists in more effective monitoring, evaluation and review of bribery prevention procedures. Anti-bribery training should provide, to company employees and those persons and entities associated with the company, the knowledge and skills needed to implement and utilize the anti-bribery procedures and handle in a satisfactory manner any bribery related problems or issues that may arise.

Fortunately violations of the FCPA rarely result in loss of life or limb. But that does not diminish the responsibility of companies to comply with the law. And just as corporate attitudes around safety changed dramatically, corporate attitudes about following the FCPA can change as well. Indeed they could even take the basic approach suggested by (the then) DOJ representative Greg Anders in testimony about attempts to amend the FCPA before the House Judiciary Committee, don’t pay bribes.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 12, 2013

What a Long Strange Trip It’s Been – The Bilfinger FCPA Settlement

Earlier this week the Department of Justice (DOJ) announced it had resolved an ongoing Foreign Corrupt Practices Act (FCPA) with German entity Bilfinger SE (Bilfinger). This case involved the same background facts and events as the Willbros corporate FCPA enforcement action and the related individual enforcement actions with some of its former employees. The facts in this case were bad, bad, bad. The FCPA Professor went into a deep dive on the case in a blog post, entitled “German Company Resolves FCPA Enforcement Action Based On Conduct From “The Distant Past””. In another blog post, entitled “Of Note From The Bilfinger Enforcement Action”, he questioned why this particular enforcement action took so long to resolve.  Whatever the answer to that question might be, there are several interesting aspects to the matter which are of significance to the compliance practitioner, which I will highlight in this post.

I.                    DOJ Fine Calculation

To resolve the criminal aspects of this case, Bilfinger agreed to pay a $32 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ. The thing that I found interesting about the fine calculation, as set out in the DPA, was the large increase in the amount due to the size of the bribery paid which increased the point calculation under the US Sentencing Guidelines by +18 and the increase for the payment of multiple bribes by +2.. The company only received a -2 for its cooperation in the investigation, clearly demonstrating recognition and affirmative acceptance of responsibility for its criminal conduct. The company did not self-disclose so it did not receive any credit under the US Sentencing Guidelines for that affirmative conduct. The calculated fine range was between $28MM to $56MM so the company received a fine at the lower end of the range. But not less than the lower end or event at the end.

II.                Landscaping Account to Pay Bribes

One of the interesting techniques that the company used to physically pay the bribes was through a petty cash account in the Joint Venture’s (JV) office in Nigeria. The DOJ has long cautioned companies about maintaining significant amounts of petty cash in offices or the undocumented use of petty cash accounts as a mechanism to funnel bribes. In this case, Bilfinger ingeniously said the cash was going to the Nigeria operation to pay “landscaping expenses”. With $6MM in bribes paid out, one might think the company was landscaping the Gardens at Versailles but the lesson learned for the compliance practitioner is that accounts which might appear to be legitimate business expenses need to be scrutinized though monitoring and auditing.

III.             Political Parties

Most compliance practitioners are well aware that the FCPA applies to government officials, their family members and similarly situated officers, directors and employees of state owned enterprises. However, in the Bilfinger enforcement action, the company paid bribes to “the dominant political party in Nigeria” which was not named in the Information of the DPA. The Anti-Bribery Provisions of the FCPA states:

§ 78dd-1. Prohibited foreign trade practices by issuers

(a)    Prohibition (b)

It shall be unlawful for any issuer which has a class of securities registered pursuant to section 78l of this title or which is required to file reports under section 78o(d) of this title, or for any officer, director, employee, or agent of such issuer or any stockholder thereof acting on behalf of such issuer, to make use of the mails or any means or instrumentality of interstate commerce corruptly in furtherance of an offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to–

(2) any foreign political party or official thereof or any candidate for foreign political office for purposes of–

(A) (i) influencing any act or decision of such party, official, or candidate in its or his official capacity, (ii) inducing such party, official, or candidate to do or omit to do an act in violation of the lawful duty of such party, official, or candidate, or (iii) securing any improper advantage; or

(B) inducing such party, official, or candidate to use its or his influence with a foreign government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality in order to assist such issuer in obtaining or retaining business for or with, or directing business to, any person; or.

IV.              Best in Class Compliance Program

During the pendency of the investigation, Bilfinger moved to create a best practices compliance program. They appear to have done so and agreed in the DPA to continue to maintain such a compliance program. Under Schedule C to the DPA, it set out the compliance program which the company had implemented and continued to keep in place, at least during the length of the DPA. It included the following components.

  1. High level commitment from company officials and senior management to do business in compliance with the FCPA.
  2. A substantive written anti-corruption compliance code of conduct.
  3. Written policies and procedures to implement this code of conduct.
  4. A robust system of internal controls, including accounting and financial controls.
  5. Risk assessments and risk reviews of its ongoing business.
  6. No less than annual assessments of its overall compliance program.
  7. Appropriate oversight and responsibility of a Chief Compliance Officer.
  8. Effective training for all employees and relevant third parties.
  9. An effective compliance function which can provide guidance to company employees.
  10. A robust internal reporting system.
  11. Effective investigations of any reported compliance issue.
  12. Appropriate incentives for employees to do business ethically and in compliance.
  13. Enforced discipline for any employee who violates the company’s compliance program.
  14. Suitable due diligence and management of third parties and business partners.
  15. A correct level of pre-acquisition due diligence for any merger or acquisition candidate, including a risk assessment and reporting to the DOJ if the company uncovers any FCPA-violative conduct during this pre-acquisition phase.
  16. As soon as practicable, Bilfinger will integrate any newly acquired entity into its compliance regime, including training of all relevant new employees, a FCPA forensic audit and reporting of any ongoing violations.
  17. Ongoing monitoring, testing and auditing of the company’s compliance function, taking into account any “relevant developments in the field and the evolving international and industry standards.”

V.                 Monitor

Bilfinger also agreed to an external monitor. However, the term of the monitor is not the entire length of the three-year DPA; the term of the monitor is only 18 months. The monitor’s primary function is to assess the company’s compliance with the terms of the DPA and report the results to the DOJ at least twice during the terms of the monitorship. After this 18 month term the DOJ will allow the company to self-report to the regulators. It should be noted that the term of the external monitor can be extended by the DOJ.

VI.              Who Pays the Cost of Bribery

The final point that I wish to raise is about the insidiousness of bribery and corruption and the true cost. To facilitate its illegal conduct Bilfinger (and Willbros) increased their charges to the various Nigerian entities which were paying for the project in question by 3%. So it was not Bilfinger and Willbros paying the bribes out of their collective corporate pocket but it was the people of Nigeria who were funding the western companies’ bribes. It does not get much worse or arrogant than that in the corporate world.

The Bilfinger enforcement action moves towards the ending of one of the sorriest examples of corporate malfeasance in the FCPA world. While it took a long time, justice has certainly been a long time coming. With the continued flight from justice of former Willbros employee James Tillery who renounce his US citizenship to try and escape prosecution by taking refuge in Nigeria; perhaps things are coming to an end. But with the conclusion of this corporate enforcement action against Bilfinger, perhaps there may be additional individual enforcement actions.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 4, 2013

The Weatherford FCPA Settlement, Part III

Yesterday, I reviewed the conduct which Weatherford International Limited (Weatherford) engaged in over a period from 2002-2011 in connection with its Foreign Corrupt Practices Act (FCPA) investigation, noted the deficiencies in its compliance program and its internal controls and even how the company intentionally impeded the investigations of both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). Today, I want to look at how the company changed course in mid-stream during the investigation, brought in a top-notch and well respected lawyer as its Chief Compliance Officer (CCO), created a best-in-class compliance program; all of which saved the company millions of dollars in potential fines and penalties.

  1. I.                    DOJ Fine Calculation

To resolve the criminal aspects of this case, Weatherford agreed to pay an $87.2 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ. There was also another $65.6 million paid to the SEC. However the figure paid to the DOJ was at the very bottom range of a potential criminal penalty. The range listed in the DPA was from $87.2 to $174.3 million. In coming up with this range under the Federal Sentencing Guidelines, it is significant for the actions that Weatherford did not receive credit for during the pendency of the investigation. The company did not receive a credit for self-reporting. The company only received a -2 for its cooperation because prior to 2008 the company engaged in activities to impede the regulators’ investigation.

So the fine range could have been more favorable to the company. But the key is that Weatherford received the low end of the range. How did they do this?

A.     New Sheriff in Town

One of the key things Weatherford did was bring in Billy Jacobson as its CCO and give him a seat at the table of the company’s Executive Board. He was a Federal Prosecutor in the Fraud Section, Criminal Division, US Department of Justice. He also served as an Assistant Chief for FCPA Enforcement Department so we can assume he understood the FCPA and how prosecutors think through issues. (Jacobson also worked as a State Prosecutor in New York City, with my former This Week in FCPA co-host Howard Sklar, so shout out to Howard.) Jacobson was not hired directly from the DOJ but after he had left the DOJ and had gone into private practice. There is nothing that shows credibility like bringing in a respected subject matter expert and giving that person the tools and resources to turn things around.

But more than simply bringing in a new sheriff, Weatherford turned this talk into action by substantially increasing its cooperation with the government, thoroughly investigating all issues, turning over the results to the DOJ and SEC and providing literally millions of pages of documents to the regulators. The company also cleaned house by terminating officers and employees who were responsible for the illegal conduct.

B.     Increase in Compliance Function

In addition to establishing Jacobson in the high level CCO position, the company significantly increased the size of its compliance department by hiring 38 compliance professionals and conducted 30 anti-corruption compliance reviews in the countries in which Weatherford operates. This included the hiring of outside consultants to assess and review the company’s compliance program and beefing up due diligence on all third parties, including those in the sales and supply chain, joint venture (JV) partners and merger or acquisition (M&A) candidates. The company also agreed to continue to enhance its internal controls and books and records to prevent and/or detect future suspect conduct.

If you have ever heard any of the current Weatherford compliance professionals speak at FCPA conferences, you can appreciate that they are first rate; that they know their stuff and the company supports their efforts on an ongoing basis.

C.     Best in Class Compliance Program

During the pendency of the investigation, Weatherford moved to create a best practices compliance program. They appear to have done so and agreed in the DPA to continue to maintain such a compliance program. Under Schedule C to the DPA, it set out the compliance program which the company had implemented and continued to keep in place, at least during the length of the DPA. It included the following components.

  1. High level commitment from company officials and senior management to do business in compliance with the FCPA.
  2. A substantive written anti-corruption compliance code of conduct.
  3. Written policies and procedures to implement this code of conduct.
  4. A robust system of internal controls, including accounting and financial controls.
  5. Risk assessments and risk reviews of its ongoing business.
  6. No less than annual assessments of its overall compliance program.
  7. Appropriate oversight and responsibility of a Chief Compliance Officer.
  8. Effective training for all employees and relevant third parties.
  9. An effective compliance function which can provide guidance to company employees.
  10. A robust internal reporting system.
  11. Effective investigations of any reported compliance issue.
  12. Appropriate incentives for employees to do business ethically and in compliance.
  13. Enforced discipline for any employee who violates the company’s compliance program.
  14. Suitable due diligence and management of third parties and business partners.
  15. A correct level of pre-acquisition due diligence for any merger or acquisition candidate, including a risk assessment and reporting to the DOJ if the company uncovers and FCPA-violative conduct during this pre-acquisition phase.
  16. As soon as practicable, Weatherford will integrate any newly acquired entity into its compliance regime, including training of all relevant new employees, a FCPA forensic audit and reporting of any ongoing violations.
  17. Ongoing monitoring, testing and auditing of the company’s compliance function, taking into account any “relevant developments in the field and the evolving international and industry standards.”

D.    Monitor

Weatherford also agreed to an external monitor. However, the term of the monitor is not the entire length of the three-year DPA; the term of the monitor is only 18 months. The monitor’s primary function is to assess the company’s compliance with the terms of the DPA and report the results to the DOJ at least twice during the terms of the monitorship. After this 18 month term the DOJ will allow the company to self-report to the regulators. It should be noted that the term of the external monitor can be extended by the DOJ.

II.                Conclusion

It certainly has been a long, strange journey for Weatherford. I should note that I have not discussed at all the Oil-For-Food aspect of this settlement, which was an additional $100MM penalty to the company. However, with regard to the FCPA aspects of the matter, there are some very solid and telling lessons to be drawn from this case. First and foremost is that cooperation is always the key. But more than simply cooperating in the investigation is that a company should take a pro-active approach to putting a best-in-class compliance program in place during, rather than after the investigation concludes. Also, a company cannot simply ‘talk-the-talk’ but must come through and do the work to gain the credit. The bribery schemes that the company had engaged in and the systemic failures of its compliance program and internal controls, should serve as a good set of examples for the compliance practitioner to use in assessing a compliance program.

The settlement also sends a clear message from both the DOJ and SEC on not only what type of conduct will be rewarded under the US Sentencing Guidelines, but what they expect as a compliance program. One does not have read tea leaves or attempt to divine what might be an appropriate commitment to compliance to see what the regulators expect these day.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 3, 2013

The Weatherford FCPA Settlement, Part II

Yesterday, I reviewed the Weatherford International Limited (Weatherford) Foreign Corrupt Practices Act (FCPA) settlement. Today I will take a more focused look at the bribery schemes involved and the failure of the company to bring internal controls up to standard or even follow its own compliance program. Weatherford’s compliance program was a joke but worse was its conduct, which many in the company knew was illegal and reported internally but the company did not stop the conduct. The company also, early on in the investigation, actively impeded regulators access to personnel and documents. However, and this is one of the key messages from the Weatherford FCPA enforcement action, the company truly ‘turned it around’. Tomorrow we will explore how the company made this dramatic turnaround.

The bribery schemes had four basic scenarios and, for those of you keeping score at home, I have summarized them below.

I.                   Corrupt Conduct

Weatherford Bribery Box Score

Country Bribery Scheme Government or SOE Official Involved Amount of Bribe Paid
Angola Payments through 3rd parties Sonagol Drilling Manager $250K
Angola JV Partners Government Ministers, wives and other relatives $810K
Congo Payments thru 3rd parties SOE officials $500K
Middle East Countries Unauthorized distributor discounts SOE officials $11.8MM
Algeria Improper travel and entertainment SOE officials $35K
Albania Misappropriation of company funds Tax Auditors $41K

Angola

In Angola two separate bribery schemes were used. The first involved payment of a $250,000 bribe to the Sonagol Drilling Manager. To funnel the bribe the company retained a Swiss agent who paid the money. This Swiss agent billed Weatherford for non-existent and fraudulent services. He would retain a percentage of the total he billed as a commission and would pass the remainder to the Sonagol Drilling Manager. The bribery of the Drilling Manager also included a week long, all-expenses paid trip to Italy and Portugal, where only one of the days was business related.

The company continued this further creativity when it set up a joint venture (JV) which had two local JV partners, JV Partner A and JV Partner B. Partner A consisted of Sonagol government officials, their wives and other relatives and held a 45% stake in the overall JV. JV Partner B’s principals included the relative of an Angolan Minister, the relative’s spouse, and another Angolan official. It held 10% of the overall JV interest. Neither of these JV Partners contributed capital, expertise or labor to the JV. In addition to the straight quid pro quo of awarding Weatherford 100% of the Angolan well screens market, these JV Partners had contracts which were awarded to Weatherford competitors, revoked after the initial award and then awarded them to Weatherford.

Congo

In the Congo, Weatherford made over $500,000 in commercial bribe payments through the same Swiss Agent they had utilized in the initial Angolan bribery scheme to employees of a commercial customer, a wholly-owned subsidiary of an Italian energy company, between March 2002 and December 2008. The Swiss Agent’s role in the scheme included submitting false invoices and sending payments to individuals as directed by Weatherford Services Limited (WSL) employees and others. WSL employees created and sent false work orders to the Swiss Agent. The Swiss Agent, WSL employees and others knew the services would not be performed and that the work orders were a pretext to funnel money to the Swiss Agent. The Swiss Agent forwarded the money, less a commission, once again based on fraudulent invoices for non-existent services.

The Middle East

In certain un-named Middle Eastern countries between the years of 2005 and 2011 another Weatherford subsidiary employed another bribery scheme to funnel payments to officials of state owned National Oil Company (NOC). This bribery scheme entailed the awarding of improper “volume discounts” to a company that served as an agent, distributor and reseller which supplied Weatherford products to a state-owned and controlled NOC, believing that those discounts were being used to create a slush fund with which to make bribe payments to decision makers at the NOC.

The Securities and Exchange Commission (SEC) Complaint noted that as early as 2001, officials at the un-named national oil company directed Weatherford to sell goods to the company through a particular distributor. Prior to entering into the contract with the distributor, Weatherford did not conduct any due diligence on the distributor, despite: (a) the fact that the distributor would be furnishing Weatherford goods directly to an instrumentality of a foreign government; (b) the fact that a foreign official had specifically directed the company to contract with that particular distributor; and (c) the fact that Weatherford executives knew that a member of the country’s royal family had an ownership interest in the distributor. In late 2001, the company entered into a representation agreement with the distributor to sell its Completion and Production Systems products to the NOC.

Thereafter, the distributor created a slush fund by providing the distributor with unauthorized volume and pricing discounts, in addition to the agent’s 5% commission. Company employees intended that the slush fund would be used to pay officials at the un-named NOC. The “volume discounts” to the distributor were typically between 5-l0% of the contact price. The discounts allowed the distributor to accumulate funds which were used to pay bribes to the NOC officials.

Algeria

Weatherford also provided improper travel and entertainment to officials of the Algerian NOC, Sonatrach, which did not have any legitimate business purpose. The SEC Complaint detailed the following improper travel and entertainment provided to Sonatrach officials:

  • June 2006 trip by two Sonatrach officials to the FIFA World Cup soccer tournament in Hanover, Germany;
  • July 2006 honeymoon trip of the daughter of a Sonatrach official; and
  • October 2005 trip by a Sonatrach employee and his family to Jeddah, Saudi Arabia, for religious reasons that were improperly booked as a donation.

In addition, on at least two other occasions, Weatherford provided Sonatrach officials with cash sums while they were visiting Houston. For example, in May 2007, Weatherford paid for four Sonatrach officials, including a tender committee official, to attend a conference in Houston. Further, the company provided an approximate $24,000 cash advance for the trip where there was no evidence of any legitimate business purpose or promotional expenses.

Albania

In Albania, Weatherford had a tax evaluation problem. To deal with this issue the general manager and financial manager of the company’s Italian subsidiary misappropriated over $200,000 of company funds, to fund a bribery scheme involving Albanian tax auditors. The general manager, financial manager and the Albania country manager made $41,000 in payments to Albanian tax auditors who questioned details of the company’s accounts and demanded payment to close out the audit or speed up the certification process in 2001, 2002 and 2004.

The general manager and financial manager misappropriated the funds by taking advantage of Weatherford’s inadequate system of internal accounting controls. They misreported cash advances, diverted payments on previously paid invoices, misappropriated government rebate checks and received reimbursement of expenses that did not relate to business activities. A memo drafted by the general manager and financial manager in the months after their co-worker confronted them discussed the misappropriated funds and indicated that funds were paid to tax auditors in Albania and others for the benefit of Weatherford. This was the bribery scheme which was reported to the company and the internal whistle-blower employee was terminated.

II.                Program Deficiencies Lack of Cooperation

The DPA laid out in equally stark terms the complete and utter disregard, non-existence of and/or complete failure of any systemic compliance program, prior to 2008. These deficiencies included:

  • Failure to establish internal accounting controls to prevent bribery and corruption;
  • Failure to perform due diligence on any prospective third parties, including who they were, ultimate beneficial ownership and business justifications;
  • Failure to perform due diligence or in any meaningful manage joint venture partners;
  • Failure to have any meaningful internal controls for gifts, travel and entertainment;
  • No effective internal reporting system for FCPA violations or issues; and
  • (Most amazingly) No Chief Compliance Officer or even compliance professionals in a multi-billion dollar, multi-national company in the energy industry.

In addition to all of the above, Weatherford engaged in active conduct to impede the investigations of both the SEC and DOJ. In one instance, the company told investigators that a key witness was dead when he was not only still alive and well but working for Weatherford. In other instances, the company, emails were deleted by employees prior to the imaging of their computers. It was also noted that Weatherford failed to secure important computers and documents and allowed potentially complicit employees to collect documents subpoenaed by the staff.

Tomorrow, the Weatherford compliance comeback.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

November 21, 2013

Edison, the Phonograph and Supply Chain Audits

Today we celebrate Thomas Edison. It is not his birthday but the 127th anniversary of Edison announcing his first recording invention, the phonograph. According to This Day in History “Edison stumbled on one of his great inventions–the phonograph– while working on a way to record telephone communication at his laboratory in Menlo Park, New Jersey. His work led him to experiment with a stylus on a tinfoil cylinder, which, to his surprise, played back the short song he had recorded, “MARY HAD A LITTLE LAMB”. Public demonstrations of the phonograph made the Yankee inventor world famous, and he was dubbed the “Wizard of Menlo Park.”” For any audiophile, the phonograph was one of the greatest inventions of all-time.

I thought about Edison and the evolution of his invention in the context of how the audit requirement has been viewed under the Foreign Corrupt Practices Act (FCPA). In my last corporate position, my company was at the cutting edge because we required compliance related audits for vendors in the supply chain. This was cutting edge in 2007-08. However, now an audit for adherence to FCPA compliance requirements has become a standard best practice in the management of business relationships with third party vendors which work with a company through the supply chain. In several settlements of enforcement actions through both Deferred Prosecution Agreements (DPA) and Non-Prosecution Agreements (NPA and, in last year’s FCPA Guidance, the Department of Justice (DOJ) made it clear that a best practices FCPA compliance program includes the right to conduct audits of the books and records of the agents, business partners and supplier or contractors to ensure compliance with the foregoing. Many companies have yet to begin their audit process for FCPA compliance on vendors in their supply chain. I thought this might be a good time to review some of the items you should consider in this area.

I.                   Right to Audit

Initially it should be noted that a company must obtain the right to audit for FCPA compliance in its contract with any third party vendor in the supply chain. Such an audit right should be a part of a company’s standard terms and conditions. A sample clause could include language such as the following:

The vendor shall permit, upon the request of and at sole discretion of the Company, audits by independent auditors acceptable to Company, and agree that such auditors shall have full and unrestricted access to, and to conduct reviews of, all records related to the work performed for, or services or equipment provided to, Company, and to report any violation of any of the United States Foreign Corrupt Practices Act, UK Bribery Act or any other applicable laws and regulations, with respect to:

a.                  the effectiveness of existing compliance programs and codes of conduct;

b.                  the origin and legitimacy of any funds paid to Company;

c.                   its books, records and accounts, or those of any of its subsidiaries, joint ventures or affiliates, related to work performed for, or services or equipment provided to, Company;

d.                  all disbursements made for or on behalf of Company; and

e.                   all funds received from Company in connection with work performed for, or services or equipment provided to, Company.

II.                Structure of the Audit

 In the December 2010 issue of the Industrial Engineer Magazine, authors Aldowaisan and Ashkanai discussed the audit program utilized by the Kuwait National Petroleum Company (KNPC) for its supply chain vendors. Although the focus of these audits is not to review FCPA compliance, the referenced audits are designed to detect and report incidents of non-compliance, which would also be the goal of a FCPA compliance audit. Utilizing ISO 19011 as the basis to set the parameters of an audit, the authors define an audit as a “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” The authors list three factors, which they believe contribute to a successful audit: (1) an effective audit program which specifies all necessary activities for the audit; (2) having competent auditors in place; and (3) an organization that is committed to being audited. In a webinar hosted by Securities Docket, entitled “Follow the Money: Using Technology to Find Fraud or Defend Financial Investigations”, noted fraud examiner expert Tracy Coenen described the process as one to (1) capture the data; (2) analyze the data; and (3) report on the data.

There is no one specific list of transactions or other items which should be audited, however some of the audit best practices would suggest the following:

  •  Review of contracts with supply chain vendors to confirm that the appropriate FCPA compliance terms and conditions are in place.
  • Determine that actual due diligence took place on the third party vendor.
  • Review FCPA compliance training program; both the substance of the program and attendance records.
  • Does the third party vendor have a hotline or any other reporting mechanism for allegations of compliance violations? If so how are such reports maintained. Review any reports of compliance violations or issues that arose through anonymous, hotline or any other reporting mechanism.
  • Does the third party vendor have written employee discipline procedures? If so have any employees been disciplined for any compliance violations? If yes review all relevant files relating to any such violations to determine the process used and the outcome reached.
  • Review expense reports for employees in high risk positions or high risk countries.
  • Testing for gifts, travel and entertainment which were provided to, or for, foreign governmental officials.
  • Review the overall structure of the third party vendor’s compliance program. If the company has a designated compliance officer to whom, and how, does that compliance officer report? How is the third party vendor’s compliance program designed to identify risks and what has been the result of any so identified.
  • Review a sample of employee commission payments and determine if they follow the internal policy and procedure of the third party vendor.
  • With regard to any petty cash activity in foreign locations, review a sample of activity and apply analytical procedures and testing. Analyze the general ledger for high-risk transactions and cash advances and apply analytical procedures and testing.

III.             Conclusion

 As noted the above list is not exhaustive. For instance, there could be an audit focus on internal controls or segregation of duties (SODs). Any organization which audits a business partner in its supply chain should consult with legal, audit, financial and supply chain professionals to determine the full scope of the audit and a thorough and complete work plan should be created based upon all these professional inputs. At the conclusion of an audit, an audit report should be issued. This audit report should detail incidents of non-compliance with the FCPA compliance program and recommendations for improvements. Any reported incidents of non-compliance should reference the basis of any incidents of non-compliance such as contractual clauses, legal requirement or company policies.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

November 14, 2013

Are DPAs Morally Suspect?

7K0A0223You know it is going to be a bad day when you are excoriated in public by a sitting federal district judge. It is even worse when the comments of that federal judge make it into one of the most prominent international business dailies around; the UK based Financial Times (FT). Both of the events occurred this week when US District Judge Jed Rakoff spoke to the New York City Bar Association with his thoughts on the use of Deferred Prosecution Agreements (DPAs) by the Department of Justice (DOJ) to resolve criminal matters involving corporations and his speech was reported by Kara Scannell for the FT in an article entitled “Judge says DOJ agreements are ‘morally suspect’”.

As usual Judge Rakoff pulled no punches when he declared that the DOJ’s “Use of deferred prosecution agreements to resolve criminal investigations without holding individuals accountable is technically and morally suspect.” This criticism was levelled as the “DOJ has signaled to leading banks that it will bring civil charges against them for allegedly mis-selling mortgage backed securities in the lead-up to the financial crisis.” Judge Rakoff noted that the DOJ has “not prosecuted any top Wall Street executive in relation to the financial crisis but has struck deals with companies using deferred prosecution agreement over sanction violations and money laundering without charging any individuals.” Judge Rakoff said that if prosecutors can prove a company violated laws “but do not charge individuals then its application is technically suspect.” He then went on to add that it is “morally suspect because a company is made up of sometimes hundreds of innocent employees.” But Judge Rakoff had further criticisms. He charged that DOJ prosecutors no longer have the “experience or resolve” to pursue individuals and that the current DOJ tactic of only going after individuals is “not the best way to proceed.” Pretty strong words, indeed.

This is not the first time that Judge Rakoff leveled charges at regulators for what he believed were practices “which fell short of legal standards.” Indeed, Judge Rakoff was particularly critical about the shift from the criminal prosecution of individuals to the use of DPAs to allow corporations to settle matters as he charged this change “has led to lax and dubious behaviour on the part of prosecutors.” There was much commentary when the Judge “challenged several Securities and Exchange Commission [SEC] deals that allowed companies and individuals to settle civil fraud charges while not admitting or denying wrongdoing.” These comments and court cases (apparently) led the SEC to change its policy and begin to “require admissions in certain cases that were in the public interest.” Scannell’s article concluded by noting that Judge Rakoff’s dismissed the DOJ claims that “it is hard to prove criminal wrong-doing in the packaging of mortgage-backed securities and that charging entities could have a negative effect on the national economy” as simply “excuses”.

The article on Judge Rakoff’s comments indicated that they were only concerning criminal prosecutions against Wall Street executives. But his comments eerily parallel some of the ongoing debate about the use of DPAs in the Foreign Corrupt Practices Act (FCPA) context. The FCPA Professor has consistently criticized both the use of DPAs and lack of individual prosecutions under the FCPA by the DOJ. He has also said that he believes that the DOJ have become “uncomfortable with traditional notions of corporate criminal liability”. Another commentator, David Uhlmann, has agreed with this notion by the FCPA Professor when stating, “This is about a profound ambivalence in parts of the Department about the very notion of corporate criminality.” Yet another commentator, Anthony Barkow, has said that “getting DPAs and NPAs is easy. It’s a lot easier than charging a company.”

Whether they were answering any of these criticisms or not, I think that the DOJ has certainly made clear that it will prosecute individuals who engage in FCPA violation. I agree with Mike Volkov that 2013 may well go down as “Year of the Individual Prosecution” in the FCPA context. Last spring saw prosecutions against individuals from BizJet, BSGR, Willbros and Alstom. This summer there were prosecutions against individuals in the Direct Access Partners (DAP) matter and only this fall was a prosecution against an individual involved in the Maxwell Technology matter. Based on this, at least in the FCPA context, I would have to say that the DOJ has and will continue to prosecute individuals in the context of foreign bribery.

Additionally, in the area of other types of securities fraud cases, the DOJ has very recently shown that it will aggressively pursue companies for criminal sanctions. Recently SAC Capital pled guilty to criminal fraud charges for insider trading and criminal wire fraud. There was a hefty fine of $1.8bn for this conduct.

Interestingly this week the SEC announced that it had entered into its first DPA. In a SEC Press Release, the agency announced that it had entered into a DPA “with a former hedge fund administrator who helped the agency take action against a hedge fund manager who stole investor assets.” This was due to the cooperation by the Administrator; Scott Herckis, even though Herckis aided and abetted the hedge fund at which he worked with securities law violations. The DPA also specified that Herckis “comply with certain prohibitions and undertakings.  Herckis cannot serve as a fund administrator or otherwise provide any services to any hedge fund for a period of five years, and he also cannot associate with any broker, dealer, investment adviser, or registered investment company.” He also had to “disgorge approximately $50,000 in fees he received for serving as the fund administrator.”

What does all of the above mean for the compliance practitioner? I think that when a federal judge says there should be more individual prosecutions in a certain area and his reasons echo noted commentators, it engages the debate. In the FCPA context, the debate centers around the use of DPAs and NPAs (Non-Prosecution Agreements) to settle matters with corporations. I am on record as favoring the continued use of such instruments by prosecutors to help raise compliance generally. Others feel that more individuals should be prosecuted. One thing I can say with certainty is that if you take a DPA/NPA for FCPA violations into Judge Rakoff’s court, you had better be ready to defend it, from both sides – the prosecution and the defense.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,744 other followers