FCPA Compliance and Ethics Blog

November 19, 2014

Chamber of Commerce: Corporations Form the Cornerstone of FCPA Compliance

CornerstoneRecently one of the most unlikely sources for praise of the Foreign Corrupt Practices Act (FCPA) came out to inform us all that corporations are the cornerstone of FCPA compliance and enforcement. You may be surprised to find out that it came from the US Chamber of Commerce. It did not come in the form of Congressional testimony in praise of the FCPA but in the Chamber’s Amicus Curie filing in a case currently being considered by the Texas Supreme Court. Regardless of the forum, the praise was just as strong and hopefully just as lasting.

The Texas Supreme Court recently held oral arguments in the appeal of Shell v. Writt. Unusually for a state supreme court case, it touches on the FCPA. The issue before the Court is whether Shell’s internal FCPA investigation is absolutely privileged from a defamation claim by persons named in the report as having violated the FCPA. Being as this is Texas, with a state supreme court just to the right of Attila the Hun, it is easy to determine what the outcome of the case will be, the company will win.

Procedurally, Writt, the plaintiff claiming defamation from Shell’s report of its internal investigation that it provided to the Department of Justice (DOJ), lost at the trial court on summary judgment. The trial court found that Shell had an absolute privilege because the report was turned over to a government agency investigating the matter. The court of appeals reversed this decision holding that because the internal investigation was voluntary, not mandatory, that only a conditional privilege existed and sent the matter back to the trial court for further proceedings. Shell appealed this court of appeals decision to the Texas Supreme Court.

Interestingly, the US Chamber of Commerce filed an amicus brief in the appeal to the Texas Supreme Court, supporting Shell. In its brief, the Chamber came out with full guns blazing in support of the FCPA and for full internal investigations and self-disclosure by companies. At the start of its brief, the Chamber comes out four square in support of the FCPA stating, “Since 1977, and especially over the last decade, the Foreign Corrupt Practices Act (“FCPA”) has played a very significant role in the federal regulation of multinational corporations. By punishing bribery and other illicit influence of foreign officials by U.S. companies, the statute seeks to improve the integrity of American businesses, promote market efficiency, and maintain the reputation of American democracy abroad.”

The Chamber noted the importance of the FCPA to both the US government and to US businesses. It stated, “Over the past decade, the FCPA has taken on renewed importance for both the U.S. government and American businesses.” As to the importance that the US government places on FCPA enforcement, the Chamber cited to the following, “DOJ officials have publicly stated that “enforcement of the FCPA is second only to fighting terrorism in terms of priority.”” Lastly, because of this focus, “FCPA compliance is now a main focus of concern for U.S. businesses.” Moreover, US companies are now ““light years ahead of where [they were] circa the mid-to-late 1990s,” with companies “implementing more rigorous and sophisticated compliance protocols,” including thorough internal investigations and candid self reporting.”

The Chamber did not stop there with its high praise of the FCPA and the importance of the FCPA and its enforcement for US businesses. The Chamber next turned to US businesses role in FCPA enforcement and compliance when it said, “the government has always relied upon businesses to cooperate with investigations and self-report any potential violations by corporate employees. “Federal enforcement authorities have consistently encouraged, if not as a practical matter demanded, that as to the FCPA companies voluntarily conduct internal investigations, disclose potential violations and cooperate with government investigations.” With their vast resources, individualized focus, and access to documents and witnesses, “companies are actually much better positioned to gather more information more quickly overseas than the Justice Department or the SEC.”” Perhaps channeling some of the criticisms of the recent General Motors (GM) and FIFA investigations, the Chamber recognizes that more than simply results must be shared with the DOJ when it stated, “The government requires that corporations provide not just information on violations that they are certain of, but rather any “relevant information and evidence,” as well as identification of “relevant actors inside and outside the company.””

The money line from the Chamber’s brief is the following, “Corporate cooperation, internal investigation, and self-reporting thus form the cornerstone of FCPA compliance and enforcement.” It could not be clearer from this statement the importance that a robust internal investigation protocol, coupled with self-disclosure bring to FCPA compliance. The FCPA Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken. Companies will want to consider taking “lessons learned” from any reported violations and the outcome of any resulting investigation to update their internal controls and compliance program and focus future training on such issues, as appropriate.”

Thus internal investigations coupled with self-reporting provide both companies and the US government towards the same goal; greater compliance with the FCPA because the Chamber recognizes that the FPCA plays a vital role in international business and corruption prevention and prosecution. The Chamber even cites, favorably, the Congressional logic for the enactment of the FCPA by stating, “Congress determined that such practices tarnish the image of American democracy abroad, impair confidence in American businesses, hamper the efficiency of the market, anger the citizens of otherwise friendly foreign nations, and, put simply, are “morally repugnant” and “bad business.”” Finally, the Chamber acknowledges the importance of the FCPA for both US and international investors; both in the US and for companies abroad by concluding, “The FCPA is a valuable statute that helps to reduce corruption and to reinforce public and investor confidence in the markets here and abroad.”

This brief lays out one of the strongest articulations of the power of the FCPA. I did not expect the Chamber to come out so forcefully in favor of what that many business types continually bemoan. The Chamber’s recognition that FCPA compliance and enforcement are cornerstones of the protection of US businesses; US business interests and investor confidence across the globe is a welcome addition to the FCPA dialogue.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 13, 2014

Atlanta Burns – the Bio-Rad FCPA Enforcement Action – Part III

Atlanta BurningOn this date in 1864, the Union Army phase of the destruction of Atlanta began. While most Southerners credit Union General William T. Sherman with the burning of Atlanta, it was, in reality, Confederate General John Bell Hood who ordered the burning of the armament works that started the destruction. Sherman merely finished it. But whoever started or finished it, the result was horrific for the city. By one estimate, nearly 40 percent of the city was ruined, leaving, as one commentator noted, “little but a smoking shell.” Unfortunately for the Confederacy, this is not the last we will hear about either General Sherman or General Hood.

The Bio-Rad Laboratories Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action has provided a wealth of information and lessons to be learned by the compliance practitioner. In Parts I and II I reviewed the facts of the Bio-Rad enforcement action and the specified remedial steps that the company has agreed to take. Today, I want to mine the Deferred Prosecution Agreement (DPA), the company received from the Department of Justice (DOJ) and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order) and detail the specific internal controls that I think might have helped the company. (I will really try not to get carried away and have a Bio-Rad, Part IV but there is tons of great stuff in this one so there is no telling as I begin to write this post where I might end up.)

For many managers the default mode is to stay within silos and, as noted by Andrew Hill in his article in the Financial Times (FT) entitled “The default mode for managers needs a reset”, that such persons are “suspicious of ideas that are “not invented here.” This may lead them to becoming “detached from the purpose, and even values, of the company.” This can be particularly true of changes required by an anti-corruption compliance program which many business development types fear will change the status quo in a manner, which “puts at risk predictable, comfortable routines.”

Even with the three different bribery schemes used by Bio-Rad in three different countries, some general statements can be made. Obviously the use of a third party representative in Russia was fraudulent. However a robust system of internal controls might not have only detected such conduct but also prevented it if the Emerging Markets Regional Manager and/or any of the team under him knew that they would be checked by a second set of eyes on what they were doing.

I will focus on four areas of internal controls that were sorely missing from the company during its bribery scheme heyday:

  • Delegation of Authority (DOA)
  • Maintenance of the vendor master file
  • Contracts with agents
  • Movement of cash / currency.

Delegation of Authority 

Your DOA should reflect the impact of FCPA risk (transactions and geographic locations) to result in higher levels of approval for matters involving agents and for funds transfers and invoice payments to countries outside the US. If properly prepared and enforced, the DOA can be a powerful preventive tool for FCPA compliance, unfortunately this is not often the case as very often the DOA is prepared without much thought given to FCPA risks.

Properly utilized in a FCPA risk based process, the DOA takes into account the increased risk posed by certain types of transactions and by certain geographic locations. The DOA then provides for a higher level of scrutiny for higher risk transactions. This means that the DOA should specify who must give the final approval for engaging agents. Yet the DOA might distinguish between approval of vendor invoices for “routine” third party representatives and those from high-risk third party representatives, such as agents. Finally, the DOA should be integrated into the accounts payable processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. Identifying high-risk third party representatives can often be done within the vendor master file so payments to them are identified for appropriate approval BEFORE they are paid.

Vendor Master File

The vendor master file can be one of the most powerful PREVENTIVE control tools. This file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. Electronic controls should be in place to block payments to any vendor for which vetting has not been approved. Manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all third party representatives have been approved before their information (and the vendor approval date) are input into the vendor master. Manual controls are also needed when “one time” third party representatives are submitted, when vendor name and/or vendor payment information changes are submitted.

Contracts with Third Party Representatives 

As demonstrated with the Bio-Rad enforcement action, contracts with agents are typically not integrated into an internal control system. They are left to operate on their own. Indeed in the case of Bio-Rad it is not clear if the compliance function had visibility into this process at all. However, to provide effective control, relevant terms of those contracts should be extracted and be made available to those who process and approve vendor invoices. This would also include a review of the commission rate for sales agents and the discount rate for distributors. To accomplish this, once the third party representatives are flagged as high-risk, and before any payments are made, the invoices are pulled for review and approval in accordance with the DOA. Such review would require that nonconforming service descriptions, commission rates, etc., must be approved not only by the original approver but also by the person so delegated in the DOA. This provides the necessary PREVENTIVE control to intercept questionable amounts before they are paid.

Disbursements of funds

All situations in which funds can be sent outside the US (accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances, etc.,) should be reviewed from a FCPA risk standpoint. The goal is to identify the ways in which a country manager could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system. Controls need to be in place to prevent such activities. This would require that wire transfers outside the US have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA. Moreover, wire transfer requests going out of the US should always require dual approvals. Finally, wire transfer requests going outside the US should be required to include a description of proper business purpose and over certain level, there should be an additional review (yet another ‘second set of eyes’).

What about Hill and his default mode for managers to stay in their silos and never come out or allow change in their regions, such as was the case with the Bio-Rad Emerging Markets leadership team? This can occur in the compliance arena when the compliance function receives push back and is told the controls are too burdensome and also make operations less efficient. One of the areas available to a compliance professional is benchmarking from other company’s compliance experiences. However this can be expanded into solid presentations about why it is important to assess and mitigate FCPA risks using your corporate peers that have been the subject of a FCPA enforcement action. This is some of the best sources of information a compliance practitioner can avail his or herself of to provide good insight into why it was never expected that the company would be subject to FCPA enforcement and insight into the extreme disruption, cost, and anxiety which accompanied the enforcement actions.

Another key factor, as with all FCPA compliance initiatives, is ‘Tone at the Top’. This means that you should meet with and present the case for FCPA-focused internal controls to your company’s Executive Leadership Team (ELT), Audit Committee of the Board or other appropriate group of senior executives. The presentation should include, with examples, the importance of identifying and mitigating the FCPA and fraud risks. Some of these might include the following:

  • Illustrating the examples of how the controls can prevent bribery as well as many other types of occupational fraud;
  • Illustrating that the controls needed are all sound business controls, nothing exotic or out of the ordinary;
  • With proper control design, it may be possible to eliminate some existing detect controls in favor of more useful preventive controls or even prescriptive controls;
  • As a result of your business changes and resulting changes in assessed risks, it may be that some procedures now being performed are no longer needed and the resources can be shifted to more necessary controls; and
  • It may be possible to build in more electronic controls, which can replace existing manual controls.

As we end today’s post with Atlanta burning, Andrew Hill tearing down silos so that a company like Bio-Rad can put appropriate FPCA internal controls in place and arm the compliance practitioner with a wealth of information and lessons which can be applied to your own compliance program, all courtesy of Bio-Rad, I find that there is one more significant lesson to be taking away from this enforcement action, however I will save that for another day.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 12, 2014

John Doar and the Bio-Rad FCPA Enforcement Action – Part II

John DoarJohn Doar died yesterday. He was perhaps most famously known for his role as the House Judiciary Committee Chief Counsel during the investigation of and impeachment proceedings against then President Nixon. However, it was his role in the civil rights movement in the South that in large part inspired me to become a lawyer. He rode with the Freedom Riders in Alabama; walked with James Meredith so that he could register to attend the University of Mississippi, then stayed in the same dorm room with Meredith while the campus rioted; prosecuted the KKK in Mississippi after the murder of three civil rights workers in 1964; and marched for voting rights with Dr. King in Selma. My favorite John Doar story was retold in his obituary in the New York Times (NYT), where he stopped a riot in its tracks with the following ““My name is John Doar — D-O-A-R,” he shouted to the crowd. “I’m from the Justice Department, and anybody here knows what I stand for is right.” That qualified as a full-length speech from the laconic Mr. Doar. At his continued urging, the crowd slowly melted away.”” In my book, he is right up there with Atticus Finch.

In an earlier post, I reviewed the Bio-Rad Laboratories, Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action from the perspective of the Non-Prosecution Agreement (NPA) the company was able to secure with the Department of Justice (DOJ). Today I want to review the bribery schemes that the company used to either internally fund the bribes or attempt to evade internal detection. Both the NPA and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order). The compliance practitioner can use these bribery schemes not only for FCPA training but also to see if any such schemes or their indicia may be present in your company.

Initially I need to discuss the corporate structure. It was apparently quite decentralized. According to the Order, “Bio-Rad’s international sales organization (“ISO”) oversees the company’s international sales operations; this includes all locations outside the United States and Canada. In 2009, the ISO consisted of four sub-divisions: (1) Western Europe; (2) Asia Pacific; (3) Japan; and (4) Emerging Markets. Each sub-division had a general manager, reporting to the vice-president of ISO. The Asia Pacific sub-division included Vietnam and Thailand. The Emerging Markets sub-division included Russia and other eastern European countries. Some countries within the sub-divisions had a country manager who reported to the ISO sub-division general manager.” Emerging markets is clearly a high-risk area for pharmaceutical companies. If your business development or sales organization has such a designation, I would suggest that you check and see if there are sufficient protections in place to at least raise any red flags, which might need further investigation.

However, it was more than the management structure of the business operations that was decentralized, the compliance function was similarly structured. The NPA stated, “BIO-RAD also decentralized its compliance program such that its international offices were responsible for ensuring adequate compliance with its business ethics policy and code of conduct.” This decentralization so defanged the company’s compliance program that it could not perform even the most basic functions of a compliance organization; no due diligence on third parties, indeed no management of third parties at all from the compliance perspective; no risk assessments were performed and, finally, the most damning was that the compliance function could not even ensure compliance with the company’s own business ethics policy.

The Russia Scheme

However the company used third party representatives to facilitate the bribery scheme. In addition to the lack of due diligence or usual steps that a compliance practitioner might put in place to manage third parties under the FCPA there were several other items of note which constitute lessons learned by the compliance practitioner. First and foremost was the commission rate paid to these third parties, that being between 15%-30%. This alone may well have been enough to demonstrate “a conscious disregard for the high probability that the Russian Agents were passing along at least a portion of their commissions to Russian government officials to obtain profitable public contracts for the sale of medical diagnostic equipment.” Further, the payments made to these agents were sent to countries outside Russia, where neither the alleged services were delivered nor where the agents were legally domiciled. Moreover, not only did these agents have no offices in Russia, they had no employees in Russia either.

Apparently there were contracts in place with these agents. The services these agents were specified to deliver included, “acquiring new business, creating and disseminating promotional materials to prospective customers, distributing and installing products and related equipment, and training customers.” But it really is hard to deliver services if you have no employees. Apparently there were times these agents did deliver something identified as “distribution services” for the commission rates between 15%-30%. However the estimated value of these services for the company was between 2%-2.5% of the total sales.

Another area of obvious concern should have been the pre-payment of commissions to these agents. Any time you pre-pay before a service is delivered (other than a retainer into a lawyer’s trust account) you can potentially run into trouble. But Bio-Rad took it a step further by making pre-payments before contracts with the ultimate buyer were negotiated. Any ideas where those pre-paid commissions might have gone? Another area was the amount of the commissions. They were just less than $200,000, which happened to be the authority level of the head of Bio-Rad’s Emerging Markets business unit. So there was no oversight or second set of eyes on these pre-payments because it was within the manager’s authority level. Finally, these pre-payments were actually forbidden under the contracts but they were made anyway.

The Vietnam Scheme 

The Vietnam Country Manager had contracting authority up to $100,000 and sales commissions up to $20,000. From 2005-2009 Bio-Rad apparently paid bribes directly to health care workers so they would purchase the company’s products. When it was pointed out to the Country Manager this was illegal, he simply moved to a distributor “at a deep discount, which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes…Between 2005 and the end of 2009, the Vietnam office made improper payments of $2.2 million to agents or distributors, which was funneled to Vietnamese government officials. These bribes, recorded as “commissions,” “advertising fees,” and “training fees,” generated gross sales revenues of $23.7 million to Bio-Rad Singapore.” 

The Thailand Scheme

In Thailand, it was an almost mundane bribery scheme involved compared to Russia and Vietnam. Bio-Rad acquired an interest in a Thai Joint Venture (JV) through an acquisition where it performed “very little due diligence” on the JV. Bio-Rad acquired a minority interest in the JV and it did not communicate directly with the JV’s distributors but only through the majority owners of the JV. The bribery scheme was funded through “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” The due diligence was so poor that Bio-Rad did not know that the prime third party sales representative for the JV were the same majority owners of the JV.

Tomorrow, I will discuss some of the internal controls that a company might employ to help prevent such a compliance failure as occurred at Bio-Rad.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 10, 2014

Gordon Lightfoot, the Edmund Fitzgerald and the Bio-Rad FCPA Settlement, Part I

Wreck of the Edmund FitzgeraldThis month there are two dates that are forever tied together in the annuals of maritime tragedies and great songwriters. November 10 is the 39th anniversary of the sinking of the Great Lakes freighter the SS Edmund Fitzgerald, who sank 17 miles from the entrance to Whitefish Bay on Lake Superior taking all 29 crewmembers to the bottom with her. Next Monday, November 17, is the 76th birthday of the Canadian singer-songwriter Gordon Lightfoot, who memorialized the tragedy in the song The Wreck of the Edmund Fitzgerald, which he released on the album Summertime Dream in 1976. The song went all the way to Number 2 on the charts. I can still hear Lightfoot’s haunting tale in my head to this day and for me, it was his greatest single.

Earlier this month, Bio-Rad Laboratories Inc. (Bio-Rad) concluded a multi-year Foreign Corrupt Practices Act (FCPA) investigation and enforcement action. It was notable for many reasons. First and foremost was the stunning bribery and corruption scheme that the company engaged in; multiple bribery schemes in multiple countries. Also notable were the results that the company achieved. While we do not yet know if there will be any individual prosecutions of this matter, the company received a Non-Prosecution Agreement (NPA) from the Department of Justice (DOJ) and a relatively small fine of $14.35MM for what clearly would appear to be criminal violations of the FCPA. Perhaps equally stunning is the amount of profit disgorgement that the company agreed to with the Securities and Exchange Commission (SEC), that amount being $40.7MM.

As with the Layne Christensen FCPA enforcement action from October, both settlement documents provide a wealth of very useful information for the compliance practitioner to use to not only help create a best practices compliance program, but also review your company’s compliance program to see if there might be areas of risk which need to be assessed or have greater compliance scrutiny. Over the next couple of blog posts I want to explore the Bio-Rad FCPA settlement, discuss some of the lessons learned for the compliance practitioner and explore what this settlement may unveil for future FCPA enforcement actions.

With his usual thoroughness, the FCPA Professor went into deep dive mode to lay out the underlying facts involved in this matter, in a post entitled “Bio-Rad Laboratories Agrees To Pay $55 Million To Resolve FCPA Enforcement Action”. According to the NPA, Bio-Rad had bribery schemes running in the following countries: Russia, Vietnam and Thailand. In Russia, persons identified as ‘Manager-1’ who was a high-level manager of the company’s Emerging Markets sales region and ‘Manager-2’ who worked for Manager-1 and was described as a high-level accounting manager of the company’s Emerging Markets sales region, engaged with ‘Agent-1’ paying him “a commission of 15-30% purportedly in exchange for various services outlined in the agency contracts, including acquiring new business by creating and disseminating promotional materials to prospective customers, installing Bio-Rad products and related equipment, training customers on the installation and the use of Bio-Rad products, and delivering Bio-Rad products.”

The commission rates were approved by Manager 1 and 2 even though they were both aware that Agent 1 did not and indeed could not perform the contracted services. Payments were made to a level of $200,000 or less because that was the spending authority of the managers, which did not require a higher level of company review. Both managers communicated with Agent 1 through multiple fraudulent email addresses to avoid detection by the company. Finally, Agent 1 had a 100% success rate in obtaining sales into Russia.

In Vietnam, the system was much simpler and even more directly corrupt. The Bio-Rad country manager was authorized to approve contracts up the amount of $100,000 and to pay sales commissions up to $20,000 without further review. This un-named country manager simply authorized cash payments to officials at state-owned hospitals to obtain or retain business for the company. When the country manager was finally challenged on this direct bribery scheme, he simply “proposed a solution that entailed employing a middleman to pay the bribes to the Vietnamese government officials as a means of insulating Bio-Rad from liability.” The bribery funds were created by giving these middlemen, named distributors, deep discounts “which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes.” These bribes were recorded on the company’s books and records as “commissions”, “advertising fees” and “training fees”.

In Thailand, the company acquired a 49% interest in a joint venture (JV) through acquisition. Initially I would note that there is no record that Bio-Rad either performed pre-acquisition due diligence or engaged in any post acquisition integration or remediation so that an ongoing bribery scheme which began under a previous company’s ownership continued after Bio-Rad took control of the Thailand JV. The bribery scheme involved paying an agent “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” Just to top it all off, the agent involved in the bribery scheme was Bio-Rad’s JV partner.

I would say that all of the above is very bad conduct. Yet, Bio-Rad was able to garner a NPA from the DOJ and a civil Cease and Desist Order from the SEC. How did they accomplish this? In the DOJ Press Release, it stated, “The department entered into a non-prosecution agreement with the company due, in large part, to Bio-Rad’s self-disclosure of the misconduct and full cooperation with the department’s investigation…In addition, Bio-Rad has engaged in significant remedial actions, including enhancing its anti-corruption compliance programs globally, improving internal controls and compliance functions, developing and implementing additional due diligence and contracting procedures for intermediaries, and conducting extensive anti-corruption training throughout the organization.”

For the compliance practitioner, yet once again the DOJ and SEC are sounding a LOUD and CLEAR message that even with very bad conduct, the systemic failure of internal controls and having a culture that turned a very blind eye at best to what was going on; you can make a comeback. Moreover, you can make such a spectacular comeback that does not even sustain a Deferred Prosecution Agreement (DPA) let alone have to accept a guilty plea. It all starts with putting a best practices compliance program in place and the DPA lists the steps that any company should consider in its compliance regime.

  1. High level commitment by providing visible support by senior management.
  2. An appropriate corporate policy around anti-corruption.
  3. Specific policies and procedures in the following areas: (a) gifts, (b) hospitality, entertainment and travel, (c) customer travel, (d) political contributions, (e) charitable donations and sponsorship, (f) facilitation payments and (g) solicitation and extortion.
  4. Appropriate internal controls to ensure transactions are authorized and properly recorded.
  5. A periodic risk-based review. In other words, a risk assessment. Policies and procedures need to be reviewed no less than annually and updated as appropriate.
  6. The compliance function should have proper Board oversight, independence to act and support within the organization.
  7. Compliance shall provide training on and guidance to the business units on its anti-corruption compliance program.
  8. There should be mechanisms for employees to report internally compliance issues of concern with no fear of retaliation.
  9. A company must maintain and provide “effective and reliable” processes and resources to responding to any raised issues.
  10. A company must use both incentives to encourage behavior and discipline of those employees who violate its compliance program.
  11. Third parties must be subjected to an appropriate due diligence based vetting process, have an appropriate contract and thereafter be managed going forward after the contract is signed.
  12. There should be a protocol for evaluation of any potential acquisitions or merger candidates and then appropriate review and remediation after any acquisition is complete.
  13. There should be ongoing monitoring and testing of the compliance program going forward.

At the conclusion of its NPA, Bio-Rad agreed to ongoing compliance reporting, at annual anniversaries of the date of the NPA by reporting to the DOJ the results of its remediation efforts over the past year. This is one of the most significantly overlooked positive aspects of any FCPA resolution. This allows the DOJ to have a continued view into the company’s compliance function. It is not an ongoing monitor but it does give the DOJ a transparent view into the company’s work towards the overall goal of putting a best practices compliance program in place and not simply stopping work when the settlement is signed. It keeps the company on its toes and allows the DOJ to continue to assess the company’s actions around anti-corruption compliance.

In the next blog post on Bio-Rad, I will review some of the specific bribery schemes that the company used and discuss how a compliance practitioner might use them for some lessons learned.

For a YouTube version of Gordon Lightfoot signing The Wreck of the Edmund Fitzgerald, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 5, 2014

A Royal Fan Responds: Russ Berland on the SEC Financial Report for FY 2014

Russ Berland

Ed. Note-today we have a guest post from KC Royals fan and Stinson Leonard Street partner Russ Berland. 

As a Kansas City Royals fan, I would like to use this opportunity to congratulate the Royals on a great season and say to them, “Ya done good.”  Despite losing an extremely close seventh World Series game to a very able and talented San Francisco Giants team, which included a pitcher whose name and face will one day be memorialized in Cooperstown, this year has been a banner, or should I say, a pennant year for the boys in blue.

The SEC likewise would like to take a moment to be congratulated on their banner year in their annual enforcement preview of their Agency Financial Report.  So here goes … The SEC wants us to know that they are using creative means to find misconduct on their own and go after it, to hold people and corporations accountable,  and to pay and protect whistleblowers.  On October 16, the SEC put out its official preview of its upcoming Agency Financial Report for FY 2014.  The SEC’s fiscal year ends September 30, so this spans every enforcement action the SEC has taken since October 1, 2013.  The report has four major themes:

  1. The SEC is enforcing the law against people, not just companies. It takes people to commit misconduct on behalf of companies so those same people should be held accountable.  And if the SEC is counting on you to watch over companies and transactions you better take it seriously.  The SEC does and they will hold you accountable.  The preview made this point in showcasing its major enforcement actions against Fifth Third Bancorp and its former CFO, Diamond Foods Inc. and its former CEO and CFO, World Capital Market and its founder, and many, many others.  The most poignant example was the enforcement action against the Chairman of the Audit Committee of AgFeed Industries, Inc.  The SEC alleges that Ivan Gothner, the chairman of AgFeed’s audit committee received information that AgFeed’s Chinese operations were conducting accounting fraud and instead of taking a fellow director’s advice to “hire professional investigators guided by outside legal counsel,” he directed internal resources to assess the situation.  When that resulted in late and inadequate information, the SEC charged him “with violating or aiding and abetting violations of the anti-fraud, reporting, books and records, and internal controls provisions of the federal securities laws” and ” with making false statements to AgFeed’s outside auditors.”  Andrew Ceresney, Director of the SEC’s Division of Enforcement, called this “a cautionary tale of what happens when an audit committee chair fails to perform his gatekeeper function in the face of massive red flags.”
  2. Corporations must admit their actions. Last year, the SEC Chairman, Mary Jo White, announced that more companies must admit their wrongdoing in settlements.  The SEC’s Admissions Policy states that the companies may be required to admit their wrongdoing when there is “(1) misconduct that harmed large numbers of investors, or placed investors or the market at risk of potentially serious harm, (2) egregious intentional misconduct, or (3) when the defendant engaged in unlawful obstruction of the commission’s investigative processes.”  Now, the Preview adds two more categories to those required to make admissions: “[4] where an admission can send a particularly important message to the markets, or [5] where the wrongdoer poses a particular future threat to investors or the markets.”  For example, in the settlement with ConvergEx for misrepresenting its commissions to brokerage customers, ConvergEx was required to admit the facts stated by the SEC and admit that it had violated Securities Laws.  In one interesting twist, Wells Fargo Advisors LLC was forced to admit its wrongdoing when one of its brokers traded on non-public information about the sale of Burger King to a private equity firm. The “wrongdoing” that Wells Fargo Advisors admitted encompassed inadequate policies, inadequate coordination among internal groups tasked with policing insider trading and the compliance officer who should have spotted the insider trading missing it. This is an interesting view of what constitutes “egregious intentional misconduct.” The message seems to be that in order to settle a matter with the SEC without admitting or denying facts or legal conclusions, the defendant will need to prove they do not fit in one of the five listed categories.  It’s possible that the SEC forced Wells Fargo Advisors to admit it’s wrongdoing because it delayed production of relevant documents or because one of the documents that they turned over had been altered by the compliance officer herself.  Or perhaps they are sending “a particularly important message” to compliance officers that they need to be vigilant in doing their jobs.
  3. Whistleblowing Pays.  In FY2014, the SEC paid $35 million to 9 whistleblowers.  One of them received $30 million by him or herself.   Because the SEC rules protect the identity of whistleblowers, we don’t know who got paid.  But the SEC whistleblowing process has multiple stages, which include bringing original information or an original analysis of existing information to the SEC, having the SEC pursue that information leading to a prosecution, and successfully prosecuting or settling that matter with a recovery of over $1 million.  This takes  a long time from beginning to end.  Dodd Frank was passed in 2010.  The first REAL money ($14 million) was paid last year.  And now someone is getting $30 million.  The pipeline took a while to fill, but it is reaching a full state and we can probably expect to see a lot more whistleblower payments in the next few years.
  4. If you don’t come to us, we’ll find you. The SEC is using more and more data analytics on financial and trading activity to find wrongdoers.   According to the SEC, ” innovative use of data and analytical tools contributed to a very strong year for enforcement marked by cases that spanned the securities industry.”   Right now, they are telling us that they are using those techniques to look at filing deficiencies, hedge fund returns, and insider trading.  But we can anticipate they are looking at more than just those categories and we should expect to see more and more use of these techniques over broader areas in the coming years.  And, the SEC is telling us that they are also currently implementing and developing “next generation tools” to review market and other data for suspicious activity.

So, this Preview of the FY2014 Agency Financial Report suggests that the SEC should not be seen as sitting back and waiting for cases to come to them.  And when companies and people violate Securities Laws, the SEC will work hard to make sure that they each take accountability, either personally through fines and penalties or corporately, through admissions.   Like the Royals, the SEC would like us to know that they have had a banner year.

Berland can be reached at russ.berland@stinsonleonard.com. He was lead investigative counsel for Layne Christensen in its recently concluded FCPA enforcement action by the SEC. In my podcast, the FCPA Compliance and Ethics Report, Episode 104, I interview Berland on how the company was able to receive a declination from the DOJ. The Episode will post Thursday, Nov. 7.

October 27, 2014

Critiquing FCPA Enforcement and the GSK Domestic Corruption Conviction

Lady Scales of JusticeRecently the FCPA Professor posted a blog, entitled “Look in the Mirror Moments, in which he used written commentary by the US Secretary of the Treasury to the Chinese government about the Chinese governments anti-trust investigations as a mechanism to explore critiques of Foreign Corrupt Practices Act (FCPA) enforcement. In this post, he compared certain aspects of FCPA enforcement to the Chinese corruption enforcement action against GlaxoSmithKline PLC (GSK). Leaving aside the differences in anti-trust enforcement (price-fixing, monopolistic behavior and illegal collusion) and anti-corruption enforcement (bribery), I wanted to review his critiques through the prism of the known facts of the GSK enforcement action.

The FCPA Professor had the following comments about FCPA enforcement, in comparison with the Chinese corruption enforcement action against GSK. He said,

Without in any way trying to comprehensively compare the overall U.S. legal system to the overall Chinese legal system, the following attributes of FCPA enforcement must at least be acknowledged. 

The vast majority of corporate FCPA enforcement actions lack transparency and the resolution documents (whether a non-prosecution agreement, deferred prosecution agreement or civil administrative order) are the result of an opaque process ultimately controlled by the same office prosecuting or bringing the action. 

As to the swiftness of FCPA enforcement actions, one can only assume that the majority of general counsels and board of directors of companies under FCPA scrutiny would be jumping for joy if the scrutiny – from start to finish – would resolve itself in 15 months rather than the typical 3-5 years (and in some instances more) of FCPA scrutiny lingering.”

The difficulty I have with both of these points is that one cannot separate the Chinese enforcement action against GSK from the Chinese legal system that produced it. Let’s start with the ‘jumping for joy’ prong. The initial difference to note is that the Chinese enforcement action was a domestic prosecution based upon Chinese domestic law for bribery and corruption of Chinese. It was not a US (or UK) company violating US (or UK) laws. This means that the relevant documents and witness were in the locality where the investigation was performed. Even when a key witness, GSK China Country Manager Mark Reilly was in the UK, he voluntarily returned to China to give evidence but was prevented from leaving the country without being charged with a crime. So as far as is known, there were no government-to-government requests for information, no Letters Rogatory or use of any other international discovery mechanism to obtain evidence.

Moreover, the procedural protections in place under US (and UK) criminal procedure simply do not exist in China. There is no right to counsel, no right against self-incrimination, no right to confront witness and not even a right to know what the charges against you might be. These lack of rights were certainly borne out in the speed in which the Chinese investigative authorities were able to obtain evidence and public confessions from GSK principals involved in the bribery and corruption. The first 30-day timeline of the GSK investigation went as follows:

  • June 28, 2013 – Local Police announced they have place GSK officials under investigation for economic crimes.
  • July 11, 2013 – Public Security Ministry issued statement accusing GSK of bribery.
  • July 15 , 2013 – Four senior company execs ‘detained’. Finance chief barred from leaving country.
  • July 16, 2013 – GSK General Counsel (GC) placed under ‘house arrest’ along with 30 other employees. One of the four GSK China executives who were detained, admited to bribery allegations on Chinese state television.
  • July 22, 2013 – GSK formally apologized for breaking Chinese law regarding domestic bribery and corruption.
  • July 26, 2013 – Peter Humphrey, a UK citizen and his wife, a naturalized US citizen, both hired by GSK in an ancillary matter related to the GSK corruption scandal were arrested but not told of the charges against them.

A little over one year later, in July, 2014 the trial of Humphrey and his wife was announced. Orignially it was to be held in secret with both Humphrey and his wife still not told of the formal charges against them. However after diplomatic protests by both the US and UK governments, Humphrey and his wife were both convicted and sentenced in an open trial, albeit lasting only one day, on August 8, 2014. The charges against them were announced at trial. Thereafter, GSK pled guilty in a secret one-day trial GSK was fined approximately $491MM and China Country Manager Mark Reilly and four other GSK China business unit executives were found gulity. They were all sentenced to jail but given suspended sentences.

How did the Chinese government develop its evidence so quickly? One of the defendant’s, admitted, on state run televison, his involvement in the bribery scheme only 18 days after the investigation was announced by Chinese authorities. Indeed, GSK itself made a public apology only 24 days after the announcement by the Chinese authorities it was under investigation. We now know that GSK was informed by a whistleblower of allegations of bribery and corruption as early as January 2013 yet in June GSK announced it had not found anything to substantiate these allegations.

I believe the answer is found in the differences in the Chinese and US legal systems. It all starts with the following: in China you are presumed guilty while in the US (and the UK), you are presumed innocent until proven guilty. In an article in the New York Times (NYT), entitled “Presumed Guilty in China’s War on Corruption”, Andrew Jacobs and Chris Buckley wrote that the “war on corruption often operates beyond the law in a secret realm of party-run agencies”. The process “Known as Shuanggui, it is a secretive, extralegal process that leaves detainees cutoff from lawyers, associates and relatives.” Moreover, even as a case moves through the Chinese criminal justice system, defendants’ counsel “have limited access to evidence, witnesses, and their clients.” It does not get any better when a defendant actually goes to court because “Lawyers say Chinese courts rarely allow them to call defense witnesses, while prosecutors frequently withhold cruical evidence.” Finally, of the 8,110 officials charged with corruption “in the first half of this year, 99.8 percent were convicted”. To this rather amazing trial court conviction rate, I would add the the prosecution does even better on appeal, never losing to a convicted defendant.

Does that sound like a system in which you would jump for joy if you were caught up in, even knowing that the time from announcment of investigation until 99.8% chance of conviction awaited you? Even if the government investigation only took 14 months? In the US, corporations have the same rights as individuals at trial; to cross-examine witness, to be made aware of the charges against it, those charges must be brought with specficity, right to counsel, right to an open trial and right to appeal. These rights are all enshrined in the US Constitution. Those rights are not present for individuals or corporations under Chinese law or jurisprudence.

But the FCPA Professor also critiqued the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in FCPA enforcements with the following observation: The vast majority of corporate FCPA enforcement actions lack transparency and the resolution documents (whether a non-prosecution agreement, deferred prosecution agreement or civil administrative order) are the result of an opaque process ultimately controlled by the same office prosecuting or bringing the action.When a company enters into negotiation with the DOJ and SEC it is with legal counsel in tow. Even if we in the general public are not privy to these negotiations over the terms and conditions of enforcement actions I am confident that there is some give and take. Further, while I only have personal knowledge of one negotiation for the specific terms of a Deferred Prosecution Agreement (DPA), the lawyer representing the company made clear it was a negotiation. It was not a Diktat with sentencing simply pronounced by the DOJ. Does the office which handles the investigation also handle the settlement negotiation? Yes but that is what prosecutors do each and every day in every city, county, town, hamlet, state and federal jurisdiction in this country.

Just as it takes two to tango, it takes two to negotiate. The DOJ does not negotiate with itself. Another party is sitting across the table and that other party is the company involved in the FCPA investigation. Why is that company there in the room negotiating? Because the company has assessed its interest and determined that it would be better off settling than going to trial. This is in the face of DOJ failures in the trial court in the Gun Sting cases, the O’Shea trial and the trial court overturning the verdict in the Lindsey Manufacturing conviction. Simply because there is a negotiation between the DOJ and a private party does not make it some nefarious process, even if the prosecutors hold the upper hand.

As far as the fines and penalites, there has been nothing to suggest the basis of the $491MM fine assessed against GSK. That amount is a bit less than the amounts initially reported that GSK China paid out as bribes, somewhere over $500MM. At least in the US, there are the Sentence Guidelines which form some basis of the calculation. Of course there is always some prosecutorial discretion to lessen a fine or penalty below the suggested amount. We have seen that occur this year with the HP enforcement action and recently Asst. Attorney General Leslie Caldwell suggested that Alcoa could have been fined over $1bn for its conduct, while the actual fine was $384MM. It is appropriate for prosecutors to have such discretion.

While the DOJ is also critiqued that DPAs (and Non-Prosecution Agreement [NPAs]) are essentially the same as going to trial with a near 100% success rate, I think this belies the number of declinations that the DOJs gives out. Unfortunately (and here the FCPA Professor and I do agree); there is not enough information given out about declinations; either regarding the raw numbers or the specific reasons for a declination. Only if a company agrees or is required to make such information public does it become known. Nevertheless, there is the recent example of Layne Christensen, which received a declination. In an article in Compliance Week, entitled “How Two Companies Got Regulators to Drop FCPA Charges”, Jaclyn Jaeger reported on the reasons the company sustained this result of receiving a declination through interviews with Christensen GC, Steve Crooke, its Chief Compliance Officer (CCO), Jennafer Watson and its outside counsel Russ Berland. Jaeger detailed the specific steps the company took and we can all see the effect it had upon the DOJ, through the declination to prosecute the company.

The debate about the costs of FCPA enforcement actions, the proper role of DPAs/NPAs and length of time of investigations is a healthy one and living in the open society that we have in the US, one that we will continue to have. Since I am not a prosecutor (or ex-prosecutor), I cannot look in the mirror at FCPA enforcement but I can review the facts of the DOJ and SEC’s FCPA enforcement, contrasted with the Chinese domestic bribery and corruption proseuction of GSK and believe that there is no basis for comparing the two systems, as they are so different in too many fundamental aspects.

I can however say one thing with absolute certainly; wherever you do want to be, a Chinese jail is not high on the list.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

October 7, 2014

The Positive Effects of DPAs and NPAs in FCPA Enforcement

JusticeOne of the oft-made criticisms regarding the Department of Justice (DOJ) around its enforcement of the Foreign Corrupt Practices Act (FCPA) is its the use of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) somehow pervert the course of justice. Some of the criticisms include: DPAs and NPAs are either too harsh or too lenient; DPAs and NPAs let corporations off too easily or they are too unfair to corporations; DPAs and NPAs are inherently unfair as they give the DOJ too much leverage in any negotiation or that the DOJ uses them as a way to simply seek bigger fines and to not go after the real culprits, i.e. rogue employees; the fines levied under DPAs and NPAs are too great or too small, but whichever it is, there is not appropriate judicial oversight; and my personal favorite, the DOJ needs to ‘trial-lawyer up’ and go to trial against big bad corporations which violate the FCPA to really show ‘em they mean business.

Speaking from the perspective of a former in-house type, I have argued that corporations desire DPAs and NPAs because they bring certainty. Not only in ending an enforcement action but also in knowing your obligations going forward; and they bring certainty in setting the fines and penalties to be paid for a FCPA violation. And, of course, if you enter into a DPA or NPA you bring your corporate client the certainty that you will not ‘Arthur Anderson’ your organization out of existence.

However there are other reasons why the use of DPAs and NPAs has been positive and that is the effect on companies. In a recent paper, entitled, “The Effect of Deferred and Non-Prosecution Agreements on Corporate Governance: Evidence from 1993-2013 ”, authors Wulf A. Kaal and Timothy Lacine looked precisely at that issue. In an exhaustive study they reviewed all publicly available DPAs and NPAs from 1993 to 2013. The authors found that in a wide variety of categories 97.41% of the publicly available DPAs and NPAs “mandated substantive governance improvements” in the corporations that entered into them. Any time you have 97% improvement in anything, I would say someone must have been doing something right, somewhere, somehow. From the thesis of their article, it would appear that what the DOJ is doing right is using DPAs and NPAs to positively impact corporate governance.

What were some of the changes brought about through the use of DPAs and NPAs? In the area of Board governance there were provisions including mandating changes requiring additional reporting obligations for the Board; required changes to existing Board committee structure of the entity, often creating new board committees. Other changes included increased Board monitoring obligations, the addition of independent director(s) and changes pertaining to management of the entity. In addition to more Board involvement, under a number of DPAs and NPAs, a settling company’s senior management was required to provide additional oversight and involvement with the compliance function. Similarly monitoring obligations have generally increased with many DPAs and NPAs containing specific provisions that related to ongoing monitoring requirements.

Both the Chief Compliance Officer (CCO) position and the compliance function were significantly impacted by many of the DPAs and NPAs. Many contained provisions relating to a new, improved or expanded compliance program. Additionally, many DPAs and NPAs contained provisions pertaining to improved compliance communications and training requirements in the compliance function. Internal controls and required improvements pertaining to books and records were also noted. Of course, if a company did not have a Code of Conduct or CCO, they were required.

The authors have also identified additional and continuing oversight factors. They note that DOJ “involvement suggest that prosecutors can promote an ethical corporate culture through enhanced compliance measures in N/DPAs. Under this theory, the DOJ’s expansionary tendencies in N/DPAs are a mere extension of legally mandated compliance requirements. In fact, corporate governance of the respective entity plays a major role in federal prosecutors’ charging decisions. The increased role of independent private sector oversight may help address the increased complexity of corporate crime and dwindling public funds. Given their education and experience as well as their ability to fill a void left by the system, prosecutors may be uniquely qualified to institute corporate governance changes.”

I think this ongoing DOJ oversight is not to be underestimated as a positive effect for compliance. Clearly if an external monitor is required there will be at least annual reporting to the DOJ on the company’s implementation of the terms and conditions of its settlement. But even if the DOJ does not require an external monitor there is always a requirement that the settling company report to the DOJ on the extent of its compliance efforts. The best practice would suggest that an independent third party make this assessment but even if it is not accomplished in such a manner, there is still DOJ oversight.

While the DOJ has pronounced that they are not involved in industry sweeps, the reality is that some industries have been hit with more FCPA enforcement actions than others. If there are a large number of FCPA settlements using DPAs and NPAs in one industry, it can have the effect of increasing both the knowledge of compliance and sophistication of compliance programs within that industry. I have personally witnessed this in the energy industry in Houston where compliance is now driven as a business solution to the legal problem of FCPA compliance. Scott Killingsworth calls this Private-to-Private compliance solutions. I call it business solutions to legal problems. Whatever you might wish to name it, these FCPA enforcement actions have increased the prevalence of compliance programs in the energy industry.

The authors also believe that through the use of DPAs and NPAs, the DOJ is better able to communicate its expectations of what it expects in the way of a best practices compliance program. They state that Boards, “management and corporate counsel may see these preexisting measures as a roadmap for preparing for future investigations and handling the eventual investigation.”

Finally, the authors provide a very interesting insight as to the power of DPAs and NPAs, which is not often discussed in the FCPA context. They contend that use of DPAs and NPAs, as corporate governance tools, “may be preferable to changes to federal law.” They explain, “Compared with more meaningful congressional governance reform, N/DPA-related governance reform is relatively “cheap” for corporations because comparatively few board and management positions are adversely affected. Furthermore, N/DPA-related governance reform is a measure supported by most corporate insiders as it is seen as beneficial for investors. Until regulators belatedly realize the threat posed by particular industry practices, as identified in N/DPAs, and consider acting upon it, N/DPA-related governance reform is entity specific and increases the availability of relevant, decentralized, and institution specific information for regulatory action. Preemptive remedial measures preceding the execution of N/DPAs and associated N/DPA feedback effects can create the framework for anticipatory dynamic regulation as a regulatory supplement.”

This last concept speaks to the transactional cost of changing not only laws surrounding corporate governance but the reform of a corporation for itself. The key stakeholder unit of investors certainly profits by having more and better corporate governance, as does the corporation itself. I found the authors’ work to be a welcome addition to the ongoing debate on DPAs and NPAs.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 15, 2014

Internal Controls for Third Party Representatives in a FCPA Compliance Program

7K0A0246This week, I am continuing my podcast series, on the FCPA Compliance and Ethics Report, on internal controls in best practices anti-corruption compliance program, under the Foreign Corrupt Practices (FCPA), UK Bribery Act or other anti-bribery legislation. In this series, I am visiting with Henry Mixon, a top notch internal controls expert, to help explain what internal controls might be needed, how to assess the need and then how to implement the needed internal controls. This week I am running a two-part episode of the internal controls related to the management of third party representatives.

Mixon suggested that a compliance practitioner should perform an analysis of any third party representative to provide insight into the pattern of dealings with such third parties and, therefore, the areas where additional controls should be considered. He listed some basic internal controls that should be a part of any financial controls system. The general internal controls, which might be appropriate, could be some or all of the following:

  • A control to correlate the approval of payments made to contracts with third party representatives and your company’s internal system for processing invoices.
  • A control to monitor all situations in which funds can be sent outside the US, in whatever form your company might use, which could include accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances or other forms.
  • A control for the approval of sales discounts to distributors.
  • A control for the approval of accounts receivable write-offs.
  • A control for the granting of credit terms to third parties or customers outside the US.
  • A control for agreements for re-purchase of inventory sold to third parties or customers.
  • A control for opening of bank accounts specifically including accounts opened at request of an agent or a customer.
  • A control for the movement / disposal of inventory.
  • A control for the movement / disposal of movable fixed assets.
  • Execution and modification of contracts and agreements outside the US.

Mixon also noted that in addition to the above there should also be internal control needs based on activities with third party representatives. These could include some or all of the following internal controls

  • A control for the structure and enforcement of the Delegation of Authority.
  • A control for the maintenance of the vendor master file.
  • A control around expense reports received from third parties.
  • A control for gifts, entertainment and business courtesy expenditures by third party representatives.
  • Charitable donations.
  • All cash / currency, inventory, fixed asset transactions, and contract execution in countries outside the US where the country manager has final authority.
  • Any other activity for which there is a defined corporate policy relating to FCPA.

While that may appear to be an overly exhaustive list, Mixon indicated that he believed there were four significant controls that he would suggest the compliance practitioner implement initially. He listed: (1) Delegation of Authority (DOA); (2) Maintenance of the vendor master file; (3) Contracts with third parties; and (4) Movement of cash / currency.

Mixon noted that a DOA should reflect the impact of FCPA risk including both transactions and geographic location so that a higher level of approval for matters involving third parties and for fund transfers and invoice payments to countries outside the US would be required inside an organization. He did concede that quite often the DOA is prepared without much thought given to FCPA risks. Unfortunately once a DOA is prepared it is not used again until it is time to update for personnel changes. Moreover, it is often not available, not kept current, and/or did not define authority in a way even the approvers could understand it. Therefore it is incumbent that the DOA be integrated into a company’s accounts payable (AP) processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. To achieve this you should identify the vendors within the vendor master file so payments are flagged for the appropriate approval BEFORE they are paid.

Furthermore if a DOA is properly prepared and enforced, it can be a powerful preventive tool for FCPA compliance. To support this Mixon used the following example: A wire transfer of $X between company bank accounts in the US might require approval by the Finance Manager at the initiating location and one officer. However, a wire transfer of $X to the company’s bank account in Nigeria, could require approval by the Finance Manager, a knowledgeable person in the Compliance function, and one officer. In this situation, the DOA should specify who must give the final approval for engaging third parties. Moreover, the DOA should address replenishment of petty cash funds in countries outside the US, as well as approval of expense reports for employees who work outside the US (including those who travel from the US to work outside the US).

I then asked Mixon about the vendor master file, which he believes can be one of the most powerful PREVENTIVE control tools largely because payments to fictitious vendors are one of the most common occupational frauds. The vendor master file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. There should be electronic controls in place to block payments to any vendor for which vetting has not been approved. Next manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all vendors have been approved before their information (and the vendor approval date) is input into the vendor master. Finally, manual controls are also needed when “one time” vendors are requested, when a vendor name and/or vendor payment information changes are submitted.

Near and dear to my heart as a lawyer, Mixon also indicated that contracts with third parties can be a very effective internal control which works to prevent nefarious conduct rather than simply as a detect control. He cautioned that for contracts to provide effective internal controls, relevant terms of those contracts (commission rate, whether business expenses can be reimbursed, use of subagents, etc.,) should be extracted and available to those who process and approve vendor invoices. If there are nonconforming service descriptions, commission rates, etc., present in a contract such terms must be approved not only by the original approver but also by the person so delegated in the DOA Unfortunately contracts are not typically integrated into the internal control system. They are left off to the side on their own, usually gathering dust in the legal department file room.

Mixon said that the Hewlett-Packard (HP) FCPA enforcement action was an excellent example of the lack of internal control over the disbursements of funds and movement of currency because you had the country manager delivering bags of cash to a Polish government official to obtain or retain business. Mixon believes that all situations where funds can be sent outside the US (AP computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances, etc.,) should be reviewed from a FCPA risk standpoint. He went on to say that within a given company structure you need to identify the ways in which a country manager (or a sales manager, etc.,) could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.

To prevent these types of activities internal controls need to be in place. Mixon presented the following example of how this could be managed: All wire transfers outside the US should have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA and wire transfer requests going out of the US should always require dual approvals. Lastly, wire transfer requests going outside the US should be required to include a description of proper business purpose.

Mixon continues to emphasize that internal controls are really just good financial controls. The internal controls that he detailed for third party representatives in the FCPA context will help to detect fraud, which could well lead to bribery and corruption.

You can listen to my podcast with Henry Mixon on internal controls for third parties in a FCPA compliance program, part I by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 9, 2014

Mid-Year FCPA Report, Part I

Mid Year ReportAs we are now past the halfway mark of 2014, I thought it might be a good time to look at the year in review, so over the next couple of days, I will be reviewing what I believe to be some issues and developments to the Foreign Corrupt Practices (FCPA) world. In this Part I, I will look at an enforcement action which brought a company to No. 5 on the list of highest FCPA settlements, to a company which seemingly came back from the edge of very bad FCPA conduct and finally some individual prosecutions and one interesting settlement in a SEC action against individuals. 

Alcoa

In one of the more long-running international bribery and corruption sagas, Alcoa Inc. settled a FCPA action by having one of its subsidiary’s plead guilty to bribing officials in Bahrain to win contracts to supply the raw materials for aluminum to Aluminum Bahrain BCS or Alba. As reported by the FCPA Professor, “Alcoa entities agreed to pay approximately $384 million to resolve alleged FCPA scrutiny (a criminal fine of $209 million and an administrative forfeiture of $14 million to resolve the DOJ enforcement action and $175 million in disgorgement to resolve the SEC enforcement action – of which $14 million will be satisfied by the payment of the forfeiture in the criminal action).” Alcoa now sits as No 5 on the list of all-time FCPA settlements and has the distinction of paying the largest disgorgement.

Payments were made through shell corporations, agents and distributors. As reported in the Wall Street Journal (WSJ), in an article entitled “Alcoa Snared in Bahrain Bribery Case”, although one of its subsidiaries, Alcoa World Aluminum, pled guilty to violating the FCPA, its parent Alcoa issues a statement that “neither the Department of Justice nor the SEC alleged or found that anyone at Alcoa “knowingly engaged in the conduct at issue.”” According to the WSJ article, the bribery scheme had been in place since at least 1989. Further, at least one in-house counsel had raised concerns in 1997 that the contracts around the bribery scheme when she wrote in an email to Alcoa’s corporate headquarters stating “The contract looks odd. Are these factors OK from an anti-trust and FCPA perspective?” I guess sometimes actual knowledge is really not actual knowledge.

Hewlett-Packard (HP)

In what can only be described as one of the most stunning failures of internal controls to be seen in the annuls of FCPA enforcement actions, HP resolved a matter through a guilty plea, a Deferred Prosecution Agreement (DPA) and a Non-Prosecution Agreement (NPA), for three separate bribery schemes in three countries. For a deal in Russia, HP paid a one-man agent approximately $10MM, which was simply a conduit to pay bribes. In Poland, HP’s Country Manager literally carried bags of cash in the amount of $600K to a Polish government representative for contracts. Finally, in HP’s Mexico subsidiary, according the to the Securities and Exchange Commission (SEC) Press Release, HP “paid a consultant to help the company win a public IT contract worth approximately $6 million. At least $125,000 was funneled to a government official at the state-owned petroleum company with whom the consultant had connections. Although the consultant was not an approved deal partner and had not been subjected to the due diligence required under company policy, HP Mexico sales managers used a pass-through entity to pay inflated commissions to the consultant.”

As noted by Mike Volkov, “In total the three HP entities paid $76 million in criminal penalties and forfeitures. In a related filing, the SEC and HP entered into a civil settlement under which HP agreed to pay $31 million in disgorgement, prejudgment interest, and civil penalties.”

The enforcement action is also notable for two other factors. The first is that HP did not self-disclose the conduct even after German authorities raided the company’s Germany subsidiary’s offices in connection with the Russia transaction. HP seemingly made a dramatic comeback in the eyes of the Department of Justice (DOJ), which leads to the second point of note. That involved the overall penalty assessed against HP. What are we to make of the criminal fines levied against the Russian and Polish subsidiaries of HP? The US Sentencing Guidelines for the Polish subsidiary suggested a fine range of $19MM to $38MM, yet the final fine was $15MM. The US Sentencing Guidelines for HP’s Russian subsidiary suggested a fine range of $87MM to $174MM, yet the final fine was $58MM.

What does it all mean? It would seem that a company could come back from the brink of very bad facts and no self-disclosure. How did HP do it? The resolution documents only reference HP’s ‘extraordinary cooperation’ and installation of a best practices compliance program. My hope is that HP will publicize the steps it took so that the rest of us might learn how they accomplished the results they received.

Individual Indictments, Arrests and Settlements

As reported in the FCPA Blog, there were a number of individuals who fell under FCPA criminal scrutiny in the first half of 2014.

PetroTiger

Joseph Sigelman, the former co-CEO of PetroTiger Ltd., was charged with conspiracy to violate the FCPA and to commit wire fraud, conspiracy to launder money, and substantive FCPA and money laundering offenses. He is accused of bribing an official at Ecopetrol SA, Colombia’s state-controlled oil company, and defrauding PetroTiger by taking kickbacks. As reported by Joel Schectman in the WSJ, two other PetroTiger executives, Sigelman’s co-CEO, Knut Hammarskjold and the company’s former General Counsel (GC), Gregory Weisman, have already pled guilty to the charges.

It is alleged that Sigelman bribed an official in Colombia to help win an oil contract worth $39 million and of seeking kickback payments during the acquisition of another company, in exchange for a better price. Most interestingly, even after the company conducted an internal investigation, which uncovered the conduct and self-disclosed its findings to the DOJ, Sigelman has said he will go to trial and contest the charges.

Firtash and His Associates

In what may be an early preview of the corrupt doings of the old guard in Ukraine, there were a number of individuals arrested or indicted in connection with an alleged scheme to pay $18.5 million in bribes to officials in India to gain titanium mining rights. They include team leader, Dmitry Firtash, a Ukrainian national, who was arrested in Vienna, Austria, March 12, 2014, and the following were indicated with Firtash and charged with conspiracy to violate the FCPA, and who are still at large: Andras Knopp, a Hungarian businessman,; Suren Gevorgyan a Ukrainian national,; Gajendra Lal, an Indian national and permanent resident of the US; Periyasamy Sunderalingam, a Sri Lankan. K.V.P. Ramachandra Rao, a member of parliament in India and former official of the state of Andhra Pradesh, has been charged along with the other five defendants with one count each of a racketeering conspiracy and a money laundering conspiracy, and two counts of interstate travel in aid of racketeering. Although he was not charged under the FCPA, the DOJ has asked India to arrest him.

Direct Access Partners

Continuing the investigation into the first investment bank, Direct Access Partners LLC (DAP), to be charged with FCPA violations, there were two more individuals charged, in addition to the four from 2013 who all pled guilty. Benito Chinea, former CEO of DAP, was charged in federal court in New York for bribery involving Venezuela’s state bank and Joseph Demeneses, a former managing director, was also charged in the 15-count indictment of paying kickbacks to a vice President of the Venezuelan Nation Bank BANDES, in exchange for the bank’s bond-trading business.

Noble Energy Executives

While it is not entirely clear if these cases belong in the first half or second half of the their, the Securities and Exchange Commission (SEC) rather unceremoniously dropped its enforcement action against one former and one current Noble Energy executives. The SEC had claimed that former Noble Corporation CEO Mark A. Jackson along with James J. Ruehlen, had bribed customs officials to process false paperwork purporting to show the export and re-import of oil rigs, when in fact the rigs never moved. These actions led to allegations that Jackson and Ruehlen directly violated the anti-bribery provisions, internal controls and false records provisions relating to the FCPA. For all of these claims the SEC sought injunctive relief and monetary damages.

But as reported in the FCPA Blog, “A docket entry from July 1 for the U.S. federal district court in Houston said all deadlines in the SEC’s civil FCPA enforcement action against two former Noble executives have been vacated “pending final settlement documents.”” Both defendants agreed not to violate or aid and abet any violation of the FCPA going forward. Pretty stout stuff when you consider that all US citizens have that obligation going forward, whether they agree to it in a court filed documents or not.

Tomorrow we continue with Part II.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

 

June 26, 2014

Coolness in Being the Bad Guy? Eli Wallach and GSK

Eli WallachEli Wallach died Tuesday. For my money, he was about the coolest bad guy out there. Not tough like Lee Marvin, just cool. My favorite Wallach roles were as Calvera in The Magnificent Seven and as Tuco in The Good, The Bad and The Ugly. An early proponent of method acting, Wallach performed on the stage and in films for over 60 years. Although originally from Brooklyn, Wallach was also a fellow Texas Longhorn, having attended the University of Texas. He served in France as a Second Lieutenant in France during World War II.

I thought about Wallach’s über coolness when considering the most decided uncool position of the UK pharmaceutical giant GlaxoSmithKline PLC (GSK) recently. Last month the Chinese government issued a most very stern warning to GSK when it accused the former head of GSK’s China business of direct involvement in bribery and corruption. But more than this direct accusation, the move was a clear warning shot across the bow of not only western pharmaceutical companies doing business in China but also all western companies. In an article in the Wall Street Journal (WSJ), entitled “Beijing Warns Sernly on Glaxo”, Laurie Birkett quoted Helen Chen, a director and partner at consultancy L.E.K., as saying “Focusing much of the blame on a foreigner sends a strong message to all. Companies will see that if authorities are willing to accuse even a foreigner, who is in senior management, the issue is being taken seriously, it’s a clear message that bribery is unacceptable in the market.” Burkitt went on to say, “Experts say China’s medical system is deeply underfunded, giving doctors, hospitals and administrators an incentive to overcharge and overprescribe. Glaxo, in the past, organized trips for doctors around China and to places such as Budapest and Greece as part of a broader effort involving perks and cash to get doctors to boost drug prescriptions, according to documents previously reviewed by The Wall Street Journal.”

Such reports of endemic corruption are not new. An article, entitled “GSK China probe flags up wider worries”, in the Wednesday edition of the Financial Times (FT) reporters Andrew Jack and Patti Waldmeir discussed not only the endemic nature of corruption in China but how, in many ways, the Chinese health care system is based on such corruption. The piece quoted George Baeder, an independent drug industry advisor, for the following, “Financial flows – both legal and illegal – tied to drug and device sales are funding perhaps 60-80 per cent of total hospital costs. Without this funding, the current system would collapse.” Further, “central and provincial Chinese governments cannot afford to pay doctors a living wage, and may patients cannot afford to pay the true cost of care.” And finally, “Up to now, Beijing has turned a blind eye as pharma companies find ways to subsidise doctor salaries and underwrite their medical education.” How about that for structural corruption?

Intertwined with this structural issue is the problem of the quantity and quality of the drug supply. Many Chinese doctors do not feel that there is an acceptable alternative to foreign pharmaceutical products. This drives up the cost of prescribed medicines, as this quantity is therefore limited. But even where indigenous Chinese generic drugs are available as alternatives, many patients do not trust these medicines. This restricts the quality of drugs available.

But with this recent round of accusations against GSK it appears that the Chinese government has opened a new front. In an article in The Telegraph, entitled “GSK bribery scan could cause ‘irreparable damage’, says China”, Denise Roland reported that “Beijing has apparently issued a warning to all foreign firms, cautioning that the corruption charges against GlaxoSmithKline executives could cause “irreparable damage” to the drug maker’s Chinese operations.” She quoted from the state news agency Xinhua for the following, “GSK’s practices eroded its corporate integrity and could cause irreparable damage to the company in China and elsewhere. The case is a warning to other multinationals in China that ethics matter.”

In addition to these charges against a senior GSK executive, which could lead liability up to the GSK boardroom, Jonathan Russell, also writing in The Telegraph, in an article entitled “GlaxoSmithKline is facing more than double jeopardy”, said that “GlaxoSmithKline’s problems are multiplying fast. In China authorities have identified 46 individuals connected to the company they claim were involved in “massive and systemic bribery”. In the UK the Serious Fraud Office (SFO) marked out its pitch this week, revealing it has opened an official investigation into allegations of bribery; and an internal GSK probe is looking at potential wrongdoing in Jordan and Lebanon.” More ominously, he also noted that “Given the slew of allegations so far it seems a fair assumption that other international law enforcement agencies, notably the US Department of Justice, will be taking a long, close look at the allegations.”

While Russell points to the general UK prohibition against prosecutions, which might invoke double jeopardy, he says “As ever with the law there are exceptions to the principle. However they are limited in scope and rare in number. It may also be the case that the principle of double jeopardy may not be invoked in this case if the alleged offences the SFO is investigating are separate to those under investigation in China. They could relate to matters that took place in Jordan or Lebanon.” Russell also pointed out that “international prosecutors carving up parts of prosecutions so they can all have their pound of flesh. A very painful prospect for GSK.” It will also be interesting to see if GSK is charged under the UK Bribery Act, under the prior law or both. If charges are brought under the Bribery Act, which became effective on July 1, 2011, do you think GSK would try and raise a compliance defense based on the Six Principals of Adequate Procedures? I guess having a compliance defense is pretty useless if your company engages in bribery and corruption.

While Russell talks about the aggressiveness of US prosecutors under the Foreign Corrupt Practices Act (FCPA), he does not discuss what may be GSK’s greatest exposure in the US. GSK was under the equivalent of a Deferred Prosecution Agreement (DPA) called a Corporate Integrity Agreement (CIA) for its prior sins related to off-label marketing. This CIA not only applied to the specific pharmaceutical regulations that GSK violated but all of the GSK compliance obligations, including the FCPA. In addition to requiring a full and complete compliance program, the CIA specified that the company would have a Compliance Committee, inclusive of the Compliance Officer (CO) and other members of senior management necessary to meet the requirements of this CIA, whose job was to oversee full implementation of the CIA and all compliance functions at the company. These additional functions required Deputy Compliance Officers for each commercial business unit, Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified. Further, there was detail down to specifically state that all compliance obligations applied to “contractors, subcontractors, agents and other persons (including, but not limited to, third party vendors)”.

For the compliance practitioner, one clear message from the GSK matter is to monitor, audit and continuously review your Chinese operations. I will have more to say about the China corruption crackdown in an upcoming blog post but just like Eli Wallach as Calvera in The Magnificent Seven told the gunmen hired to protect the Mexican village, you have been warned.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,824 other followers