FCPA Compliance and Ethics Blog

November 18, 2014

FIFA and Good-Faith Investigations

CautionYou know things are getting bad when the Wall Street Journal (WSJ) questions a business’ moral authority. Things certainly cannot be much better when the regulators begin nosing around your own self-indulgence. What happens when you realize all of a sudden that all those actions you have taken may actually fall under the jurisdiction of both the United Kingdom and the United States and their respective anti-corruption laws, the UK Bribery Act and the US Foreign Corrupt Practices Act (FCPA)? It turns out all of this may have come through for our friends at Fédération Internationale de Football Association (FIFA).

Last week FIFA announced that it had considered the investigation into allegations of corruption into the awarding of the 2018 World Cup tournament to Russia and the 2022 World Cup tournament to Qatar and found, as reported in the Financial Times (FT) by Roger Blitz in an article entitled “Fifa thrown into fresh turmoil over Qatar World Cup corruption claims”, that “any improper behaviour in the bidding process for the tournament was “of very limited scope.”” This conclusion was made by a FIFA appointed former judge, “Hans-Joachim Eckert, who is chairman of the adjudicatory chamber of Fifa’s ethics committee.” Eckert had reviewed a 350-page report by investigator Michael J. Garcia, who is a former US prosecutor now practicing law in New York. Eckert released a 42 page “summary study” of the Garcia report, which he claimed supported his decision.

Unfortunately for FIFA and Eckert, Blitz reported in another FT article, entitled “Garcia and Eckert set for showdown over Fifa report”, that “Mr Eckert’s summary was disowned within hours of its publication by Mr Garcia, who claimed it misrepresented his findings. He has protested to Fifa’s appeals committee.” Garcia’s statement “has blown apart Fifa’s attempt to bring to a close nearly three years of allegations of unethical behaviour and has left Mr Eckert under increasing pressure to publish the Garcia investigation.” This action by FIFA led Reinhard Rauball, president of the German football league (DFL), to say, “Europe would have to consider breaking away from Fifa unless the Garcia investigation was published in full.”

All of this came after the summary itself noted that documents and evidence surrounding the Russian bid were lost because the computers on which they were stored had been destroyed. Garcia was not even able to speak with all the relevant witness in the Qatar bid as well. Even with this lack of full investigation, Garcia issues a statement which said that Eckert’s summary contained “numerous and materially incomplete and erroneous representations of the facts and conclusions detailed in the investigatory chamber’s report.”

What does all of this mean for FIFA? Certainly if the head of the German football league says that the European soccer federations may have to pull out of the organization because it is so corrupt that portends poorly. In another article in the FT, entitled “Brussels launches sliding tackle against Fifa”, Alex Barker reported “The EU’s top sports official is urging Fifa to come clean with findings from its corruption investigation, in a warning that signals a Brussels rethink over the commercial freedoms enjoyed by football’s scandal-tarnished governing body. In a direct swipe at Fifa’s attempt to clear Russia and Qatar to run the next two World Cups, Tibor Navracsics, the EU commissioner for sports, has called for full publication of a graft report into the 2010 bidding process to “remove doubts” about its findings. While Sepp Blatter’s Fifa is an unregulated Swiss body independent from government, its lucrative business activities in the European market are subject to rules overseen by EU regulators, including sales of television rights.”

What about any criminal issues? A quick Google search reveals that FIFA has offices in both the US and the UK. Given the very broad jurisdiction of the FCPA and perhaps the UK Bribery Act, it does not seem too far a stretch for either the Department of Justice (DOJ), the FBI, the UK Serious Fraud Office (SFO) or even the Overseas anti-corruption unit of the London police might want to open an investigation. Indeed CNN reported that the FBI is investigating FIFA at this time, saying “Investigators are moving ahead with their probe, which could result in charges against senior FIFA officials, the U.S. law enforcement officials said.”

For the compliance practitioner there are a couple of important lesson in all of this. First and foremost, in your internal investigations, you need to provide access of both documents and witnesses to your counsel. If you do not that alone may certainly compromise your investigation. This point was recently re-emphasized in the ongoing General Motors (GM) scandal over its ignition switch problems. It turns out that over two months prior to the public announcement the company had ordered over 500,000 new switches from its supplier. According to Hilary Stout and Bill Vlasic, writing in the New York Times (NYT) in an article entitled “G.M. Ordered a Half-Million Replacement Switches 2 Months Before Recall”, the order was placed after an internal company committee met. But no records of the meeting were provided to company’s outside counsel investigating this matter, Anton R. Valukas. Interestingly Valukas released a statement which the article quoted, ““To my knowledge, G.M. provided me access to all information in its possession related to G.M. inquiries regarding various repair options and part availability as G.M. considered potential fixes for the ignition switch in the event that a recall would occur,” the statement said.” That is lawyer-speak for I looked at what they showed me.

Hiding or not providing access to internal or outside counsel can be a recipe for disaster with the DOJ. The reason is the same as it is a disaster for FIFA in Europe. There is no trust left for the organization. Ask any ex-DOJer and they will tell you that it is all about credibility when you self-disclose to the DOJ or when you are in negotiations with the DOJ over a potential FCPA penalty. I regularly hear Stephen Martin and Mike Volkov say precisely that when they talk about their experiences from working for the US government. If you do not allow your investigators access to all relevant documents and those witnesses under your control, the DOJ will most probably not consider the results of your investigation valid. The DOJ may not even consider your exertions worthy of a good-faith effort.

One thing is also very relevant for the compliance practitioner. If your outside counsel disavows him or herself from the company’s interpretation of it going forward, you are in big trouble. Even the WSJ, in its Op-Ed piece said, “FIFA’s moral failure stands out.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 17, 2014

Opinion Release 14-02: Dis-Linking The Illegal Conduct Going Forward

Dis-linkOne of my favorite words in the context of Foreign Corrupt Practices Act (FCPA) enforcement is dis-link. I find it a useful adjective in explaining how certain conduct by a company must be separated from the winning of business. But it works on so many different levels when discussing the FCPA. Last week I thought about this concept of dis-linking when I read the second Opinion Release of 2014, that being 14-02. One of the clearest ways that the Department of Justice (DOJ) communicates is through the Opinion Release procedure. This procedure provides to the compliance practitioner solid and specific information about what steps a company needs to take in the pre-acquisition phase of due diligence. However, 14-02 directly answers many FCPA naysayers long incorrect claim about how companies step into FCPA liability through mergers and acquisitions (M&A) activity.

From the Opinion Release it was noted that the Requestor is a multinational company headquartered in the United States. Requestor desired to acquire a foreign consumer products company and it’s wholly owned subsidiary (collectively, the “Target”), both of which are incorporated and operate in a foreign country, never issuing securities in the United States. The Target had negligible business contacts in the US, including no direct sale or distribution of their products. In the course of its pre-acquisition due diligence of the Target, Requestor identified a number of likely improper payments by the Target to government officials of Foreign Country, as well as substantial weaknesses in accounting and recordkeeping. In light of the bribery and other concerns identified in the due diligence process, Requestor also detailed a plan for remedial pre-acquisition measures and post-acquisition integration steps. Requestor sought from the DOJ an Opinion as to whether the Department would then bring an FCPA enforcement action against Requestor for the Target’s pre-acquisition conduct. It was specifically noted that the Requestor did not seek an Opinion from the Department as to Requestor’s criminal liability for any post-acquisition conduct by the Target.

Improper Payments and Compliance Program Weaknesses

In preparing for the acquisition, Requestor undertook due diligence aimed at identifying, among other things, potential legal and compliance concerns at the Target. Requestor retained an experienced forensic accounting firm (“the Accounting Firm”) to carry out the due diligence review. This review brought to light evidence of apparent improper payments, as well as substantial accounting weaknesses and poor recordkeeping. The Accounting Firm reviewed approximately 1,300 transactions with a total value of approximately $12.9 million with over $100,000 in transactions that raised compliance issues. The vast majority of these transactions involved payments to government officials related to obtaining permits and licenses. Other transactions involved gifts and cash donations to government officials, charitable contributions and sponsorships, and payments to members of the state-controlled media to minimize negative publicity. None of the payments, gifts, donations, contributions, or sponsorships occurred in the US, none were made by or through a US person or issuer and apparently none went through a US bank.

The due diligence showed that the Target had significant recordkeeping deficiencies. Nonetheless, documentary records did not support the vast majority of the cash payments and gifts to government officials and the charitable contributions. There were expenses that were improperly and inaccurately classified. It was specifically noted that the accounting records were so disorganized that the Accounting Firm was unable to physically locate or identify many of the underlying records for the tested transactions. Finally, the Target had not developed or implemented a written code of conduct or other compliance policies and procedures, nor did the Target’s employees show an adequate understanding or awareness of anti-bribery laws and regulations.

Post-Acquisition Remediation

The Requestor presented several pre-closing steps to begin to remediate the Target’s weaknesses prior to the planned closing in 2015. Requestor aimed to complete the full integration of the Target into Requestor’s compliance and reporting structure within one year of the closing. Requestor has set forth an integration schedule of the Target that included various risk mitigation steps, dissemination and training with regard to compliance procedures and policies, standardization of business relationships with third parties, and formalization of the Target’s accounting and record-keeping in accordance with Requestor’s policies and applicable law.

DOJ Analysis

The DOJ noted black-letter letter when it stated, ““It is a basic principle of corporate law that a company assumes certain liabilities when merging with or acquiring another company. In a situation such as this, where a purchaser acquires the stock of a seller and integrates the target into its operations, successor liability may be conferred upon the purchaser for the acquired entity’s pre-existing criminal and civil liabilities, including, for example, for FCPA violations of the target. However this is tempered by the following from the 2012 FCPA Guidance, “Successor liability does not, however, create liability where none existed before. For example, if an issuer were to acquire a foreign company that was not previously subject to the FCPA’s jurisdiction, the mere acquisition of that foreign company would not retroactively create FCPA liability for the acquiring issuer.””

This means that because none of the payments were made in the US, none went through the US banking system and none involved a US person or entity that this would not lead to a creation of liability for the acquiring company. Moreover, there would be no continuing or ongoing illegal conduct going forward because “no contracts or other assets were determined to have been acquired through bribery that would remain in operation and from which Requestor would derive financial benefit following the acquisition.” Therefore there would be no jurisdiction under the FCPA to prosecute any person or entity involved after the acquisition.

The DOJ also provided this additional information, “To be sure, the Department encourages companies engaging in mergers and acquisitions to (1) conduct thorough risk-based FCPA and anti-corruption due diligence; (2) implement the acquiring company’s code of conduct and anti-corruption policies as quickly as practicable; (3) conduct FCPA and other relevant training for the acquired entity’s directors and employees, as well as third-party agents and partners; (4) conduct an FCPA-specific audit of the acquired entity as quickly as practicable; and (5) disclose to the Department any corrupt payments discovered during the due diligence process. See FCPA Guide at 29. Adherence to these elements by Requestor may, among several other factors, determine whether and how the Department would seek to impose post-acquisition successor liability in case of a putative violation.”

Discussion

Mike Volkov calls it ‘reading the tea leaves’ when it comes to what information the DOJ is communicating. However, sometimes I think it is far simpler. First, and foremost, 14-02 communicates that there is no such thing as ‘springing liability’ to an acquiring company in the FCPA context nor such a thing as simply buying a FCPA violation, simply through an acquisition only, there must be continuing conduct for FCPA liability to arise. Most clearly beginning with the FCPA Guidance, the DOJ and Securities and Exchange Commission (SEC) have communicated what companies need to do in any M&A environment. While many compliance practitioners had only focused on the post-acquisition integration and remediation; the clear import of 14-02 is to re-emphasize importance of the pre-acquisition phase.

Your due diligence must being in the pre-acquisition phase. The steps taken by the Requestor in this Opinion Release demonstrate some of the concrete steps that you can take. Some of the techniques you can use in the pre-acquisition phase include (1) having your internal or external legal, accounting, and compliance departments review a target’s sales and financial data, its customer contracts, and its third-party and distributor agreements; (2) performing a risk-based analysis of a target’s customer base; (3) performing an audit of selected transactions engaged in by the target; and (4) engaging in discussions with the target’s general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other major corruption-related issues that have surfaced at the target over the past ten years.

Whether you can make these inquiries or not, you will also need to engage in post-acquisition integration and remediation. 14-02 provides you with some of the steps you need to perform after the transaction is closed. If you cannot perform any or even an adequate pre-acquisition due diligence, the time frames you put in place after the acquisition closes may need to be compressed to make sure that you are not continuing any nefarious FCPA conduct going forward. But it all goes back to dis-linking. If a target is engaging in conduct that violates the FCPA but the target itself is not subject to the jurisdiction of the FCPA, you simply cannot afford to allow that conduct to continue. If you do allow such conduct to continue you will have bought a FCPA violation and your company will be actively engaging and participating in an ongoing FCPA violation. That is the final takeaway I derive from this Opinion Release; it is allowing corruption and bribery to continue which brings companies into FCPA grief. Opinion Release 14-02 provides you a roadmap of the steps you and your company can take to prevent such FCPA exposure.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 12, 2014

John Doar and the Bio-Rad FCPA Enforcement Action – Part II

John DoarJohn Doar died yesterday. He was perhaps most famously known for his role as the House Judiciary Committee Chief Counsel during the investigation of and impeachment proceedings against then President Nixon. However, it was his role in the civil rights movement in the South that in large part inspired me to become a lawyer. He rode with the Freedom Riders in Alabama; walked with James Meredith so that he could register to attend the University of Mississippi, then stayed in the same dorm room with Meredith while the campus rioted; prosecuted the KKK in Mississippi after the murder of three civil rights workers in 1964; and marched for voting rights with Dr. King in Selma. My favorite John Doar story was retold in his obituary in the New York Times (NYT), where he stopped a riot in its tracks with the following ““My name is John Doar — D-O-A-R,” he shouted to the crowd. “I’m from the Justice Department, and anybody here knows what I stand for is right.” That qualified as a full-length speech from the laconic Mr. Doar. At his continued urging, the crowd slowly melted away.”” In my book, he is right up there with Atticus Finch.

In an earlier post, I reviewed the Bio-Rad Laboratories, Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action from the perspective of the Non-Prosecution Agreement (NPA) the company was able to secure with the Department of Justice (DOJ). Today I want to review the bribery schemes that the company used to either internally fund the bribes or attempt to evade internal detection. Both the NPA and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order). The compliance practitioner can use these bribery schemes not only for FCPA training but also to see if any such schemes or their indicia may be present in your company.

Initially I need to discuss the corporate structure. It was apparently quite decentralized. According to the Order, “Bio-Rad’s international sales organization (“ISO”) oversees the company’s international sales operations; this includes all locations outside the United States and Canada. In 2009, the ISO consisted of four sub-divisions: (1) Western Europe; (2) Asia Pacific; (3) Japan; and (4) Emerging Markets. Each sub-division had a general manager, reporting to the vice-president of ISO. The Asia Pacific sub-division included Vietnam and Thailand. The Emerging Markets sub-division included Russia and other eastern European countries. Some countries within the sub-divisions had a country manager who reported to the ISO sub-division general manager.” Emerging markets is clearly a high-risk area for pharmaceutical companies. If your business development or sales organization has such a designation, I would suggest that you check and see if there are sufficient protections in place to at least raise any red flags, which might need further investigation.

However, it was more than the management structure of the business operations that was decentralized, the compliance function was similarly structured. The NPA stated, “BIO-RAD also decentralized its compliance program such that its international offices were responsible for ensuring adequate compliance with its business ethics policy and code of conduct.” This decentralization so defanged the company’s compliance program that it could not perform even the most basic functions of a compliance organization; no due diligence on third parties, indeed no management of third parties at all from the compliance perspective; no risk assessments were performed and, finally, the most damning was that the compliance function could not even ensure compliance with the company’s own business ethics policy.

The Russia Scheme

However the company used third party representatives to facilitate the bribery scheme. In addition to the lack of due diligence or usual steps that a compliance practitioner might put in place to manage third parties under the FCPA there were several other items of note which constitute lessons learned by the compliance practitioner. First and foremost was the commission rate paid to these third parties, that being between 15%-30%. This alone may well have been enough to demonstrate “a conscious disregard for the high probability that the Russian Agents were passing along at least a portion of their commissions to Russian government officials to obtain profitable public contracts for the sale of medical diagnostic equipment.” Further, the payments made to these agents were sent to countries outside Russia, where neither the alleged services were delivered nor where the agents were legally domiciled. Moreover, not only did these agents have no offices in Russia, they had no employees in Russia either.

Apparently there were contracts in place with these agents. The services these agents were specified to deliver included, “acquiring new business, creating and disseminating promotional materials to prospective customers, distributing and installing products and related equipment, and training customers.” But it really is hard to deliver services if you have no employees. Apparently there were times these agents did deliver something identified as “distribution services” for the commission rates between 15%-30%. However the estimated value of these services for the company was between 2%-2.5% of the total sales.

Another area of obvious concern should have been the pre-payment of commissions to these agents. Any time you pre-pay before a service is delivered (other than a retainer into a lawyer’s trust account) you can potentially run into trouble. But Bio-Rad took it a step further by making pre-payments before contracts with the ultimate buyer were negotiated. Any ideas where those pre-paid commissions might have gone? Another area was the amount of the commissions. They were just less than $200,000, which happened to be the authority level of the head of Bio-Rad’s Emerging Markets business unit. So there was no oversight or second set of eyes on these pre-payments because it was within the manager’s authority level. Finally, these pre-payments were actually forbidden under the contracts but they were made anyway.

The Vietnam Scheme 

The Vietnam Country Manager had contracting authority up to $100,000 and sales commissions up to $20,000. From 2005-2009 Bio-Rad apparently paid bribes directly to health care workers so they would purchase the company’s products. When it was pointed out to the Country Manager this was illegal, he simply moved to a distributor “at a deep discount, which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes…Between 2005 and the end of 2009, the Vietnam office made improper payments of $2.2 million to agents or distributors, which was funneled to Vietnamese government officials. These bribes, recorded as “commissions,” “advertising fees,” and “training fees,” generated gross sales revenues of $23.7 million to Bio-Rad Singapore.” 

The Thailand Scheme

In Thailand, it was an almost mundane bribery scheme involved compared to Russia and Vietnam. Bio-Rad acquired an interest in a Thai Joint Venture (JV) through an acquisition where it performed “very little due diligence” on the JV. Bio-Rad acquired a minority interest in the JV and it did not communicate directly with the JV’s distributors but only through the majority owners of the JV. The bribery scheme was funded through “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” The due diligence was so poor that Bio-Rad did not know that the prime third party sales representative for the JV were the same majority owners of the JV.

Tomorrow, I will discuss some of the internal controls that a company might employ to help prevent such a compliance failure as occurred at Bio-Rad.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 10, 2014

Gordon Lightfoot, the Edmund Fitzgerald and the Bio-Rad FCPA Settlement, Part I

Wreck of the Edmund FitzgeraldThis month there are two dates that are forever tied together in the annuals of maritime tragedies and great songwriters. November 10 is the 39th anniversary of the sinking of the Great Lakes freighter the SS Edmund Fitzgerald, who sank 17 miles from the entrance to Whitefish Bay on Lake Superior taking all 29 crewmembers to the bottom with her. Next Monday, November 17, is the 76th birthday of the Canadian singer-songwriter Gordon Lightfoot, who memorialized the tragedy in the song The Wreck of the Edmund Fitzgerald, which he released on the album Summertime Dream in 1976. The song went all the way to Number 2 on the charts. I can still hear Lightfoot’s haunting tale in my head to this day and for me, it was his greatest single.

Earlier this month, Bio-Rad Laboratories Inc. (Bio-Rad) concluded a multi-year Foreign Corrupt Practices Act (FCPA) investigation and enforcement action. It was notable for many reasons. First and foremost was the stunning bribery and corruption scheme that the company engaged in; multiple bribery schemes in multiple countries. Also notable were the results that the company achieved. While we do not yet know if there will be any individual prosecutions of this matter, the company received a Non-Prosecution Agreement (NPA) from the Department of Justice (DOJ) and a relatively small fine of $14.35MM for what clearly would appear to be criminal violations of the FCPA. Perhaps equally stunning is the amount of profit disgorgement that the company agreed to with the Securities and Exchange Commission (SEC), that amount being $40.7MM.

As with the Layne Christensen FCPA enforcement action from October, both settlement documents provide a wealth of very useful information for the compliance practitioner to use to not only help create a best practices compliance program, but also review your company’s compliance program to see if there might be areas of risk which need to be assessed or have greater compliance scrutiny. Over the next couple of blog posts I want to explore the Bio-Rad FCPA settlement, discuss some of the lessons learned for the compliance practitioner and explore what this settlement may unveil for future FCPA enforcement actions.

With his usual thoroughness, the FCPA Professor went into deep dive mode to lay out the underlying facts involved in this matter, in a post entitled “Bio-Rad Laboratories Agrees To Pay $55 Million To Resolve FCPA Enforcement Action”. According to the NPA, Bio-Rad had bribery schemes running in the following countries: Russia, Vietnam and Thailand. In Russia, persons identified as ‘Manager-1’ who was a high-level manager of the company’s Emerging Markets sales region and ‘Manager-2’ who worked for Manager-1 and was described as a high-level accounting manager of the company’s Emerging Markets sales region, engaged with ‘Agent-1’ paying him “a commission of 15-30% purportedly in exchange for various services outlined in the agency contracts, including acquiring new business by creating and disseminating promotional materials to prospective customers, installing Bio-Rad products and related equipment, training customers on the installation and the use of Bio-Rad products, and delivering Bio-Rad products.”

The commission rates were approved by Manager 1 and 2 even though they were both aware that Agent 1 did not and indeed could not perform the contracted services. Payments were made to a level of $200,000 or less because that was the spending authority of the managers, which did not require a higher level of company review. Both managers communicated with Agent 1 through multiple fraudulent email addresses to avoid detection by the company. Finally, Agent 1 had a 100% success rate in obtaining sales into Russia.

In Vietnam, the system was much simpler and even more directly corrupt. The Bio-Rad country manager was authorized to approve contracts up the amount of $100,000 and to pay sales commissions up to $20,000 without further review. This un-named country manager simply authorized cash payments to officials at state-owned hospitals to obtain or retain business for the company. When the country manager was finally challenged on this direct bribery scheme, he simply “proposed a solution that entailed employing a middleman to pay the bribes to the Vietnamese government officials as a means of insulating Bio-Rad from liability.” The bribery funds were created by giving these middlemen, named distributors, deep discounts “which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes.” These bribes were recorded on the company’s books and records as “commissions”, “advertising fees” and “training fees”.

In Thailand, the company acquired a 49% interest in a joint venture (JV) through acquisition. Initially I would note that there is no record that Bio-Rad either performed pre-acquisition due diligence or engaged in any post acquisition integration or remediation so that an ongoing bribery scheme which began under a previous company’s ownership continued after Bio-Rad took control of the Thailand JV. The bribery scheme involved paying an agent “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” Just to top it all off, the agent involved in the bribery scheme was Bio-Rad’s JV partner.

I would say that all of the above is very bad conduct. Yet, Bio-Rad was able to garner a NPA from the DOJ and a civil Cease and Desist Order from the SEC. How did they accomplish this? In the DOJ Press Release, it stated, “The department entered into a non-prosecution agreement with the company due, in large part, to Bio-Rad’s self-disclosure of the misconduct and full cooperation with the department’s investigation…In addition, Bio-Rad has engaged in significant remedial actions, including enhancing its anti-corruption compliance programs globally, improving internal controls and compliance functions, developing and implementing additional due diligence and contracting procedures for intermediaries, and conducting extensive anti-corruption training throughout the organization.”

For the compliance practitioner, yet once again the DOJ and SEC are sounding a LOUD and CLEAR message that even with very bad conduct, the systemic failure of internal controls and having a culture that turned a very blind eye at best to what was going on; you can make a comeback. Moreover, you can make such a spectacular comeback that does not even sustain a Deferred Prosecution Agreement (DPA) let alone have to accept a guilty plea. It all starts with putting a best practices compliance program in place and the DPA lists the steps that any company should consider in its compliance regime.

  1. High level commitment by providing visible support by senior management.
  2. An appropriate corporate policy around anti-corruption.
  3. Specific policies and procedures in the following areas: (a) gifts, (b) hospitality, entertainment and travel, (c) customer travel, (d) political contributions, (e) charitable donations and sponsorship, (f) facilitation payments and (g) solicitation and extortion.
  4. Appropriate internal controls to ensure transactions are authorized and properly recorded.
  5. A periodic risk-based review. In other words, a risk assessment. Policies and procedures need to be reviewed no less than annually and updated as appropriate.
  6. The compliance function should have proper Board oversight, independence to act and support within the organization.
  7. Compliance shall provide training on and guidance to the business units on its anti-corruption compliance program.
  8. There should be mechanisms for employees to report internally compliance issues of concern with no fear of retaliation.
  9. A company must maintain and provide “effective and reliable” processes and resources to responding to any raised issues.
  10. A company must use both incentives to encourage behavior and discipline of those employees who violate its compliance program.
  11. Third parties must be subjected to an appropriate due diligence based vetting process, have an appropriate contract and thereafter be managed going forward after the contract is signed.
  12. There should be a protocol for evaluation of any potential acquisitions or merger candidates and then appropriate review and remediation after any acquisition is complete.
  13. There should be ongoing monitoring and testing of the compliance program going forward.

At the conclusion of its NPA, Bio-Rad agreed to ongoing compliance reporting, at annual anniversaries of the date of the NPA by reporting to the DOJ the results of its remediation efforts over the past year. This is one of the most significantly overlooked positive aspects of any FCPA resolution. This allows the DOJ to have a continued view into the company’s compliance function. It is not an ongoing monitor but it does give the DOJ a transparent view into the company’s work towards the overall goal of putting a best practices compliance program in place and not simply stopping work when the settlement is signed. It keeps the company on its toes and allows the DOJ to continue to assess the company’s actions around anti-corruption compliance.

In the next blog post on Bio-Rad, I will review some of the specific bribery schemes that the company used and discuss how a compliance practitioner might use them for some lessons learned.

For a YouTube version of Gordon Lightfoot signing The Wreck of the Edmund Fitzgerald, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

October 31, 2014

The Great Pumpkin and the Alternative Universe

Pumpkin Patch 1For Halloween last year, I wrote a blog post where I derided Linus and his forlorn quest to have his pumpkin patch named the most sincere by the Great Pumpkin. In response I received this rather terse message from my colleague Doug Cornelius:

Are you trying to say that the Great Pumpkin is not real? 

Just wait ’til next year, Tom Fox. You’ll see! 

Next year at this same time, I’ll find a pumpkin patch that is real sincere! And I’ll sit in that pumpkin patch until the Great Pumpkin appears. He’ll rise out of that pumpkin patch and he’ll fly through the air with his bag of toys. 

The Great Pumpkin will appear! And I’ll be waiting for him! 

I’ll be there! I’ll be sitting there in that pumpkin patch… and I’ll see the Great Pumpkin. Just wait and see, Tom Fox. I’ll see that Great Pumpkin. 

I’ll SEE the Great Pumpkin! 

Just you wait, Tom Fox. 

If Doug Cornelius, who is always right about the Patriots and most everything else, sends me such a scathing note, I thought he must also be right about the Great Pumpkin as well. So this year, I am in the same running with Linus to have the most sincere pumpkin patch and the picture you see in the corner is one that I have adopted as my own. It certainly looks sincere to me.

I thought about my new-found wisdom, appreciation of the Great Pumpkin and the sincerity of my pumpkin patch when I read a recent article in the New York Times (NYT) DealB%k column, entitled “In Turnabout, Former Top Regulators Assail Wall Street Watchdogs”, by Jesse Eisinger, where he reported on his visit to an “alternative universe” populated by former top Department of Justice (DOJ) and Securities and Exchange Commission (SEC) officials who have all now joined the private sector and are white collar defense lawyers. This alternative universe was facilitated through the Bruce Carton’s recenetly held 2014 Securities Enforcement Forum, where the ‘Director’s Panel had the following luminaries: “Robert Khuzami, President Obama’s first enforcement director who now plies his trade at Kirkland & Ellis; Linda Chatman Thomspen, who served as the George W. Bush-era S.E.C. and now works for Davis Polk & Wardell; William R. McLucas, the long-serving agency enforcement director who is now at WilmerHale; and George S. Canellos, who just left the Obama S.E.C. for Milbank Tweed. (The well-known Stanley S. Sporkin, who served the agency in the 1970s, rounded the panel out.)” All had served as Directors of the SEC. Current SEC enforcement director Andrew Ceresney chaired this “alternative universe” panel.

Why was this an “alternative universe”? These former regulators complained that the SEC is being too tough on their clients and indeed other regulators are being unfair to large banks! As reported by Eisinger, “The conference turned into a free-for-all of high-powered and influential white-collar defense lawyers hammering regulators on how unfair they have been to their clients, some of America’s largest financial companies.” I am also certain that they were SHOCKED, SHOCKED to find that gambling occurred in Rick’s Café American.

What were some of the criticisms from this “alternative universe”? First and foremost was aggressive SEC enforcement specifically focused on the ‘broken windows’ theory to corporate crime. The panel’s luminaries “argued that the commission has focused too much on smaller infractions”. Too bad the Layne Christensen Foreign Corrupt Practices Act (FCPA) SEC enforcement action had not come out before this conference; imagine how much fun the panel would have with a $4 reference as the amount of a bribe payment to show nefarious conduct. Nothing speaks to sincerity like strictly enforcing the law.

The next criticism was over the SEC moving towards “administrative proceedings to push its cases”. Eisinger said, “The critics liken it to getting a hometown judge instead of putting cases to the test of judges and juries.” But he went on to note that these same banks require customers and others go to arbitration to resolve disputes and the arbitrators on these panels are usually ex-financial sector employees. Oops. I guess what is good for the goose is not good for the gander or as Eisinger said, “When the government does it, they scream foul.” I would certainly point out to the Great Pumpkin that it is certainly sincere to argue that you should receive better treatment than your customers.

The next series of complaints was leveled by Brad S. Karp, the chairman of Paul, Weiss, which centered on the fact that the banks had to navigate many different types of regulators such as the SEC, DOJ, state attorneys general, the New York state financial regulator and others. Boy that sure seems unfair, I mean banks are like the most sincere pumpkin patches around, they want to do business in all those locations but they do not seem to want oversight in all the places they do business. I wonder what these same defense lawyers would same about domestic enforcement of the FCPA and other countries enforcement of their own domestic anti-bribery/anti-corruption laws? For a hint they might want to purchase a copy of my eBook GSK in China. I guess the message here is that there are lots of very sincere pumpkin patches across the world and the Great Pumpkin really has a hard time figuring out which one is the most sincere. Santa Claus has a comparatively much easier job with simple Nice and Naughty lists.

Interestingly Karp also expounded on some of the defense tactics that he uses when the government comes knocking. “First, he pushes to move the charges to a subsidiary. Second, he tries to lower the charge. Third, he said, he focuses “on the powerful individuals in an organization” meaning that lawyers need to put top management first as they prepare a defense.” Does that sound like the results of any FCPA enforcement actions you might have read about lately? Certainly nothing but sincerity in those defense tactics.

However, you cannot argue with the results achieved by this star-studded cast of former government prosecutors in defense of their clients. Eisinger stated, “These strategies have been employed to glittering success. The guilty pleas and admissions have been largely by subsidiaries or been rendered toothless. Entities have admitted to charges that were narrow or unspecific and did not open them up to further private litigation. And, of course, no powerful individuals at any of the large, fine-paying companies have been criminally charged.” Once again, does that sound like the results of any FCPA enforcement actions you might have read about lately? Certainly nothing but sincerity in those defense results.

And finally for all those who decry the ‘revolving door’ of government prosecutors going out into the private sector and being too soft in defense of their clients because, you know, they used to enforce the same laws; Eisinger ended his piece with a dismantling of that argument. He wrote, “Former top officials, whose portraits mount the walls, weigh in on matters of enforcement. Now working for the private sector, they assail regulatory “overreach”…And given what they say in public imagine what goes on behind closed doors.” As a lawyer, I can proudly attest to that kind of sincerity, you sincerely represent the one who pays your bills!

As I near the end of this Halloween piece I fear I have come to the realization that my adopted pumpkin patch may not be the most sincere in the US, let alone the planet. I also fear that once again this year Linus may not be awarded with the one piece of recognition he so earnestly desires as well. I think that the Great Pumpkin will most probably find that the recent 2014 Securities Enforcement Forum where “The conference turned into a free-for-all of high-powered and influential white-collar defense laws hammering the regulators on how unfair they have been to their clients” is certainly the most “sincere” Pumpkin Patch on the planet this year. If you are sitting outside tonight you might well see the Great Pumpkin himself in this “alternative universe”.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

October 21, 2014

Carlton Fisk, The Homer and Oversight of a Profitable Subsidiary

Fisk HomerToday we celebrate one of the great moments in World Series history. At approximately at 12:34 AM on this date in 1975, Carlton Fisk came to bat at the bottom of the 12th, in Game 6 of the World Series between the Boston Red Sox and Cincinnati Reds. He hit a pitch down the left field line. He stood at the plate, bouncing up and down and flailing at the ball as though he was helping an airplane land on a dark runway. “I was just wishing and hoping,” he said at a ceremony some years later. “Maybe, by doing it, you know, you ask something of somebody with a higher power. I like to think that if I didn’t wave, it would have gone foul.” Whether or not the waving was responsible, the ball bounced off of the bright-yellow foul pole above the Green Monster for a home run. Fenway’s organist played the Hallelujah Chorus from Handel’s Messiah while Fisk rounded the bases. One for the ages indeed as it appeared the Baseball Gods might finally be smiling on the Red Sox nation. Alas, they lost the next game and it was not to be for another 30 years.

I thought about Fisk’s homer and the ultimate heartbreak of Red Sox nation once again in 1975 when I read about several recent issues involving corruption and corporate responsibility for oversight, or perhaps more appropriately, the lack thereof. The first was an article in the New York Times (NYT), entitled “Another Scandal Hits Citigroup’s Moneymaking Mexican Division”, by Michael Corkery and Jessica Silver-Greenberg. Their article spoke about the continuing travails of Citigroup’s Mexican subsidiary Banamex. Back in February, the company revealed “a $400 million fraud involving the politically connected, but financially troubled, oil services firm Oceanografía.”

However, company investigators have unearthed another problem at the Mexico unit. The article reported “An internal investigation, begun by Citigroup in July, found evidence that the security unit was overcharging vendors and may have been taking kickbacks, a person briefed on the investigation said. The internal inquiry also found shell companies that had been set up to look like vendors and receive payments from the Banamex unit.” In a statement reported in the piece, Citigroup’s Chief Executive Officer (CEO) Michael L. Corbat “called the conduct of the individuals in the security unit ‘appalling’”.

What I found most interesting in the article was the response of Citigroup and what its implications might mean for the compliance practitioner, particularly one whose company is under scrutiny for a Foreign Corrupt Practices Act (FCPA) violation by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). The NYT piece made clear that the Mexico unit is so profitable that it figuratively “mints money” for the company. Moreover, “despite the latest headline-grabbing turmoil at Banamex, Citigroup does not want to cede any ground in Mexico where it dominates a large portion of the retail market.”

What is the responsibility for a US corporate parent when a foreign subsidiary ‘mints money’ for the company? Should the corporate parent pay closer attention to make sure the subsidiary is doing business in compliance with the FCPA and other relevant laws? In the past few posts, I have discussed some of the specific internal controls a compliance practitioner might consider for a company’s international operations. One of the problems Citigroup is facing with the conduct of its Mexico subsidiary is the company’s concern of “lax controls and oversight”. Moreover, there is concern that some part of the ongoing troubles in the Mexico unit relates to its head, Manuel Medina-Mora. Citigroup Chairman Michael O’Neill, was said to have “privately expressed concerns to board members that Mr. Medina-Mora, who is also co-president of the parent company, has not always relayed problems in the region to executives at the bank’s headquarters on Park Avenue, according to the people briefed on the matter. Instead of looping in executives in New York, Mr. Medina-Mora has at times chosen to handle the issues himself.”

How much oversight should a parent corporation have over a subsidiary? At a basic level it would seem that oversight should be enough to prevent and detect illegal conduct. Clearly, a Chief Compliance Officer (CCO) should be considering the entity-wide internal controls for a company. Under the FCPA accounting provisions, issuers can be held liable for the conduct of their foreign subsidiaries, even though the improper conduct occurred outside of the US. The scope of liability is based on the issuer’s incorporation of the subsidiary’s financial statements in its own records and SEC filings.

While a CCO should expect (and the DOJ & SEC for that matter) that internal controls at locations outside the US are of the same effectiveness as internal controls in US business units and at the US corporate office; unfortunately, that might not always be the case. It is often the case that corporate level internal controls are stronger than those in foreign business units. The Citigroup situation with its Mexican subsidiary would seem to be a clear example of the oft-cited reason that many companies were built through acquisitions, resulting in many business units (both in and outside the US) having completely different accounting and internal control systems than US corporate office. There is often a tendency to leave acquired companies in the state in which they were acquired, rather than trying to integrate their controls and conform them to those of current business units. After all, the reason for the acquisition was the profitability of the acquired company and nobody wants to be accused of negatively impacting profitability, especially one that ‘mints money’.

The second example is one a bit closer to home and it is that of the General Motors (GM) legal department. In an article in the Wall Street Journal (WSJ) entitled “GM Says Top Lawyer to Step Down”, John D. Stroll and Joseph B. White, with contributions from Christopher Matthews and Joann S. Lublin, reported that GM General Counsel (GC) Michael Millikin will retire early next year. Millikin was criticized after the GM internal investigation found that he ran the GM legal department in such a hands off manner that he did not know about his legal department’s own settlements for product liability claims involving faulty ignition switches until February of this year. His defense was that his own lawyers “left him in the dark” even though there was evidence that he had been repeatedly warned, “GM could face punitive damage awards related to its failure to address the safety defect.” Missouri Senator Claire McCaskill summed up sentiment about Milliken with her statement “This is either gross negligence or gross incompetence.” In other words if you are a GC or CCO you had better know what is going on in your own department. What would it say about a CCO who did not know that compliance department members were dealing with violations of the FCPA without informing him or her? It would say that the CCO failed to exercise leadership and oversight.

And while you are watching things closely, you may want to check out a clip of Carlton Fisk’s famous homer by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

September 8, 2014

Board of Directors and FCPA Oversight – An Internal Control Under SOX, Part II

Circle DiagramIn Part I of this two-part post regarding a Board of Director’s Role in Foreign Corrupt Practices Act (FCPA) oversight from the internal controls perspective, I reviewed how a Board might have independent liability for its failure to act as an appropriate internal control as required by Sarbanes-Oxley (SOX). Today I will review what internal controls are and what a Board’s role is within the context of internal controls.

Beginning on Tuesday, in conjunction with this two-part blog, my colleague Henry Mixon, Principal of Mixon Consulting, and myself are recording a podcast series on internal controls, which can be found on FCPA Compliance and Ethics Report. We are discussing the following areas: what are internal controls; how a company might use them and how they can be implemented? In the first of the podcast series I asked Mixon what are internal controls? He began with the textbook definition, which he said was “Internal controls are systematic measures (such as reviews, checks and balances, methods and procedures) instituted by an organization to:

  • conduct its business in an orderly and efficient manner,
  • safeguard its assets and resources,
  • deter and detect errors, fraud, and theft,
  • ensure accuracy and completeness of its accounting data,
  • produce reliable and timely financial and management information, and
  • Ensure adherence to its policies and plans.

Mixon noted that internal controls should be instituted entity wide, not simply limited to those functions used or reviewed by accountants and auditors. For an anti-corruption compliance regime such as the FCPA or UK Bribery Act, internal controls are measures to provide reasonable assurances that any assets or resources of a company (not limited to cash) cannot be used to pay a bribe. This definition includes diversion of company assets (such as by unauthorized sales discounts or receivables write-offs) as well as the distribution of assets.

Mixon noted that the basic framework for internal controls is derived from the COSO Model developed by the Committee of Sponsoring Organizations of the Treadway Commission in 1992 (COSO). This model has become the standard for an internal control framework and provides a structure to ensure companies address the key elements that should result in an effective system of internal controls. Using the COSO Model, as modified in 2013, provides a very supportable approach when adversarial third parties challenge whether a company has effective internal controls. The COSO Model defines internal controls in a pyramid, from bottom to top, as follows: (a) Control environment, (b) Risk assessment, (c) Control activities, (d) Information and communication, and (e) Monitoring.

In the 2013 update the basic framework was retained with substantial support from user companies, and 3 specific objectives were added: (I) Operations Objectives – effectiveness and efficiency of operations, including safeguarding assets against loss; (II) Reporting objectives – internal and external financial reporting; and (III) Compliance objectives – adherence to laws and regulations to which the entity is subject. According to the guidance in the 2013 update, the system of internal controls can be considered effective only if it provides reasonable assurance the organization, among other things, complies with applicable laws, rules, regulations and external standards. With the addition of those specific objectives, the COSO framework now specifically includes the need for controls to address compliance with laws and regulations.

We then turned to the question of which internal controls does a company need to institute? Mixon said that each company defines its internal controls to fit its business by determining what the Company wishes to protect and what type of control environment does it want to have in place. This means that they can be less formal in smaller companies but still effective if the focus is on the right risks. Based upon FCPA guidance, the most common control needs have been identified as follows: (i) Dealings with third parties; (ii) Gifts and entertainment, and (iii) Charitable donations. Yet even within those categories, a wide range of risks exists, depending on a company’s business practices. Mixon emphasized that a Top Down ‘Check-the-box’ generic set of policies will not likely result in effective controls.

The process to determine which internal controls are needed will be of some familiarity to the compliance professional. It all starts with a risk assessment to establish the corporate policies which are applicable, tailored to the company, and sufficiently specific. The risk assessment will also help to identify the types of transactions across the company which should be addressed (gifts and entertainment, maintenance of bank accounts and movement of cash, dealings with third parties, etc.). The next step is to prepare a set of documents which define the control objectives to be in place for each type of transaction – example: “Controls will be in place to ensure no vendor has been added to the vendor master file until complete due diligence has been completed and the vendor has been approved in accordance with Corporate policies. Thereafter, you will need to document how the controls will be performed and how they will be evidenced and then incorporate the control procedures into applicable work instructions and job descriptions.” Mixon cautioned that for each business location, determine the specific controls needed to accomplish each control objective. In many companies, a disparity of operating practices and accounting systems will result in different controls being needed. He ended by emphasizing that while this assignment may seem overwhelming it can be done in reasonable stages, pursuant to a specific implementation plan – it does not have to be done all at once for the entire company.

As you will recall from Part I, I believe, as gleaned from Jim Doty’s remarks, that a Board must not only have a corporate compliance program in place it must also actively oversee that function. This led me to conclude that failure to perform these functions may lead to independent liability of a Board for its failure to perform its allotted tasks in an effective compliance program. Doty’s remarks drove home one of the roles that a Board performs, which fulfills those tasks. Internal controls work together with compliance policies and procedures as stated by Aaron Murphy, a partner at Akin Gump, in his book “Foreign Corrupt Practices Act”, as “an interrelated set of compliance mechanisms.” Murphy went on to say that, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Murphy breaks down internal controls into five concepts, which I have adapted for a Board or Board subcommittee role for compliance:

  1. Corporate Compliance Policy and Code of Conduct – A Board should have an overall governance document which will inform the company, its employees, stakeholders and third parties of the conduct the company expects from an employee. If the company is global/multi-national, this document should be translated into the relevant languages as appropriate.
  2. Risk Assessment – A Board should assess the compliance risks associated with its business.
  3. Implementing Procedures – A Board should determine if the company has a written set of procedures in place that instructs employees on the details of how to comply with the company’s compliance policy.
  4. Training – There are two levels of Board training. The first should be that the Board has a general understanding of what the FCPA is and it should also understand its role in an effective compliance program.
  5. Monitor Compliance – A Board should independently test, assess and audit to determine if its compliance policies and procedures are a ‘living and breathing program’ and not just a paper tiger.

There have been several FCPA enforcement actions where the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) discuss the failure of internal controls as a basis for FCPA liability. The Smith & Wesson enforcement action is but the latest. With the questions about the Walmart Board of Directors and their failure to act in the face of allegations of bribery and corruption in the company’s Mexico subsidiary, or contrasting failing to even be aware of the allegations; there may soon be an independent basis for an FCPA violation for a Board’s failure to perform its internal controls function in a best practices compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

August 8, 2014

Nixon Announces Resignation; GSK Just Resigns

Nixon Resignation SpeechOn this day, 40 years ago, President Richard Nixon announced that he would resign the Office of the President, effective the next day on August 9 at noon. I can still remember my father instructing us to watch the resignation speech on television because, as he put it, it was history in the making. Before a nationally televised address to the country, Nixon said, “By taking this action,” he said in a solemn address from the Oval Office, “I hope that I will have hastened the start of the process of healing which is so desperately needed in America.” His action was hastened along by the Articles of Impeachment voted by the House of Representatives relating to his involvement with the Watergate Affair. With his resignation, Nixon was finally bowing to pressure from the public and Congress to leave the White House.

Yet, even before this truly historic speech and spectacle the next day of Nixon helicoptering off the South Lawn of the White House, Nixon had transformed the America we all lived in. One area that resonates up to this day is his opening with China. If it had not been for Nixon and his Secretary of State Henry Kissinger’s efforts, we might have waited a long time for an opening with China. But Nixon went there and opened China up to do business with the US and indeed the rest of the western world.

Unfortunately one of the much later fallouts from this visit and opening of China has been the corruption investigation by Chinese authorizes against western companies but most publicly the British pharmaceutical giant, GlaxoSmithKline PLC (GSK). And, more unfortunately, the bad news for GSK continues to trickle out into the press.

Next week, Shanghai’s No. 1 Intermediate People’s Court is scheduled to open a trial against Peter William Humphrey, a 58-year-old British national, and his wife, Yu Yingzeng, a 61-year-old American, on charges of illegally purchasing personal information about Chinese nationals. While the trial had originally been planned to be closed to the public, last month Chinese officials announced that the trial would be ‘open’ although the degree of openness is not completely clear.

Not only will the trial be open but the couple’s son, Harvey Humphrey, was allowed visited his parents in their detention center in Pudong, Shanghai, for the first time since their arrest. The visit came after some fierce lobbying by the US and UK consulates. As reported in the online publication FiercePharma, in an article entitled “GSK private eyes’ son allowed first visit to parents in China jail as trial nears”, their son said, “They didn’t quite believe I was coming. They were quite overwhelmed. My mum was shocked. My dad held himself together,” the younger Humphrey told the paper. “It’s a bit unusual for the Chinese to do this. I feel something has changed in the Chinese approach to my parents.” Son Harvey had written to the GSK’s Chief Executive Officer (CEO) Sir Andrew Witte last December to “take a few minutes to raise my father’s case” during a visit to the country, he told the Financial Times (FT), “I understand everything is complicated in China but it seems my parents are paying a big price”. But at this point there is no word on what if any involvement GSK might have in his parent’s defense.

It may be that GSK is way too busy right now worrying about all the other issues surrounding bribery and corruption. In an article in the Wall Street Journal (WSJ), entitled “FBI, SEC Start Glaxo Inquiries Over China”, Christopher M. Matthews and Hester Plumridge reported that in late July “Glaxo received an anonymous email claiming its employees in Syria bribed doctors and pharmacists over the past five years to promote products including painkiller Panadol and toothpaste Sensodyne. The bribes took the form of cash payments, speaking fees, trips, free dinners and free samples, said the email, which was reviewed by The Wall Street Journal. The email cited names and dates. Syrian health officials allegedly received bribes from Glaxo employees to fast-track registration of its Sensodyne dental products, including cash payments and a trip to a 2011 conference in Rome, the email maintains. Glaxo employees also were involved in smuggling a narcotic product from Syria into Iran, the email alleges. The product in question, pseudoephedrine, is a raw ingredient of Glaxo’s congestion medicine Actifed.”

GSK once again reiterated its previously announced position that it was firmly against the payments of bribes by its employees. In response to the allegations of bribes paid in Syria the WSJ article said, “Glaxo said it would thoroughly investigate all claims made in the Syria email, and said it has asked the sender for more information. The company said it has zero tolerance for unethical behavior, adding, “We welcome people speaking up if they have concerns about alleged misconduct.”” Too bad GSK didn’t seek more information about its Chinese operations when the company’s internal investigation came up with no evidence of bribery and corruption.

Much more problematic for GSK is the fact that both the SEC and DOJ have opened formal investigations into allegations of bribery and corruption by the company. The WSJ piece notes, “Federal Bureau of Investigation agents have been interviewing current and former GlaxoSmithKline employees in connection with bribery allegations in China, according to a person familiar with the matter, as fresh claims of corruption surfaced against Glaxo’s operations in Syria. The interviews have taken place in Washington, D.C., in the past few months and are part of a Justice Department investigation into Glaxo’s activities in China, the person added. The U.S. Securities and Exchange Commission also is investigating the company’s business in China, according to people familiar with the matter.”

As readers of this blog will recall from previous posts, in 2012 GSK pled guilty and paid $3 billion to resolve fraud allegations and failure to report safety. The press release noted that the resolution was the largest health care fraud settlement in US history and the largest payment ever by a drug company for legal violations. The criminal plea agreement also included certain non-monetary compliance commitments and certifications by GSK’s US president and Board of Directors, which specifically included an executed five-year Corporate Integrity Agreement (CIA) with the Department of Health and Human Services, Office of Inspector General. The plea agreement and CIA included provisions which required that GSK implement and/or maintain major changes to the way it does business, including changing the way its sales force is compensated to remove compensation based on sales goals for territories, one of the driving forces behind much of the conduct at issue in the prior enforcement action. Under the CIA, GSK is required to change its executive compensation program to permit the company to recoup annual bonuses and long-term incentives from covered executives if they or their subordinates, engaged in significant misconduct. GSK may recoup monies from executives who are current employees and those who have left the company. Additionally, the CIA also required GSK to implement and maintain transparency in its research practices and publication policies and to follow specified policies in its contracts with various health care payors.

The importance of the CIA for this anti-corruption investigation is that it not only applied to the specific pharmaceutical regulations that GSK violated but all of the GSK compliance obligations, including the Foreign Corrupt Practices Act (FCPA). In addition to requiring a full and complete compliance program, the CIA specified that the company would have a Compliance Committee, to include the Compliance Officer and other members of senior management necessary to meet the requirements of the CIA; the Compliance Committee’s job was to oversee full implementation of the CIA and all compliance functions at the company. These additional functions required a Deputy Compliance Officer for each commercial business unit, Integrity Champions within each business unit and management accountability and certifications from each business unit. Training of GSK employees was specified as a key component. Further, the CIA specifically state that all compliance obligations applied to “contractors, subcontractors, agents and other persons (including, but not limited to, third party vendors)”.

GSK is now under investigation, either internally or by anti-corruption regulators across the globe in at least four countries. Unlike other companies that have found systemic issues of bribery and corruption or systemic failures in internal controls, the allegations of bribery and corruption are not 10-15 years old. So today we commemorate Nixon’s resignation; and for GSK it may simply mean just resignation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

July 9, 2014

Mid-Year FCPA Report, Part I

Mid Year ReportAs we are now past the halfway mark of 2014, I thought it might be a good time to look at the year in review, so over the next couple of days, I will be reviewing what I believe to be some issues and developments to the Foreign Corrupt Practices (FCPA) world. In this Part I, I will look at an enforcement action which brought a company to No. 5 on the list of highest FCPA settlements, to a company which seemingly came back from the edge of very bad FCPA conduct and finally some individual prosecutions and one interesting settlement in a SEC action against individuals. 

Alcoa

In one of the more long-running international bribery and corruption sagas, Alcoa Inc. settled a FCPA action by having one of its subsidiary’s plead guilty to bribing officials in Bahrain to win contracts to supply the raw materials for aluminum to Aluminum Bahrain BCS or Alba. As reported by the FCPA Professor, “Alcoa entities agreed to pay approximately $384 million to resolve alleged FCPA scrutiny (a criminal fine of $209 million and an administrative forfeiture of $14 million to resolve the DOJ enforcement action and $175 million in disgorgement to resolve the SEC enforcement action – of which $14 million will be satisfied by the payment of the forfeiture in the criminal action).” Alcoa now sits as No 5 on the list of all-time FCPA settlements and has the distinction of paying the largest disgorgement.

Payments were made through shell corporations, agents and distributors. As reported in the Wall Street Journal (WSJ), in an article entitled “Alcoa Snared in Bahrain Bribery Case”, although one of its subsidiaries, Alcoa World Aluminum, pled guilty to violating the FCPA, its parent Alcoa issues a statement that “neither the Department of Justice nor the SEC alleged or found that anyone at Alcoa “knowingly engaged in the conduct at issue.”” According to the WSJ article, the bribery scheme had been in place since at least 1989. Further, at least one in-house counsel had raised concerns in 1997 that the contracts around the bribery scheme when she wrote in an email to Alcoa’s corporate headquarters stating “The contract looks odd. Are these factors OK from an anti-trust and FCPA perspective?” I guess sometimes actual knowledge is really not actual knowledge.

Hewlett-Packard (HP)

In what can only be described as one of the most stunning failures of internal controls to be seen in the annuls of FCPA enforcement actions, HP resolved a matter through a guilty plea, a Deferred Prosecution Agreement (DPA) and a Non-Prosecution Agreement (NPA), for three separate bribery schemes in three countries. For a deal in Russia, HP paid a one-man agent approximately $10MM, which was simply a conduit to pay bribes. In Poland, HP’s Country Manager literally carried bags of cash in the amount of $600K to a Polish government representative for contracts. Finally, in HP’s Mexico subsidiary, according the to the Securities and Exchange Commission (SEC) Press Release, HP “paid a consultant to help the company win a public IT contract worth approximately $6 million. At least $125,000 was funneled to a government official at the state-owned petroleum company with whom the consultant had connections. Although the consultant was not an approved deal partner and had not been subjected to the due diligence required under company policy, HP Mexico sales managers used a pass-through entity to pay inflated commissions to the consultant.”

As noted by Mike Volkov, “In total the three HP entities paid $76 million in criminal penalties and forfeitures. In a related filing, the SEC and HP entered into a civil settlement under which HP agreed to pay $31 million in disgorgement, prejudgment interest, and civil penalties.”

The enforcement action is also notable for two other factors. The first is that HP did not self-disclose the conduct even after German authorities raided the company’s Germany subsidiary’s offices in connection with the Russia transaction. HP seemingly made a dramatic comeback in the eyes of the Department of Justice (DOJ), which leads to the second point of note. That involved the overall penalty assessed against HP. What are we to make of the criminal fines levied against the Russian and Polish subsidiaries of HP? The US Sentencing Guidelines for the Polish subsidiary suggested a fine range of $19MM to $38MM, yet the final fine was $15MM. The US Sentencing Guidelines for HP’s Russian subsidiary suggested a fine range of $87MM to $174MM, yet the final fine was $58MM.

What does it all mean? It would seem that a company could come back from the brink of very bad facts and no self-disclosure. How did HP do it? The resolution documents only reference HP’s ‘extraordinary cooperation’ and installation of a best practices compliance program. My hope is that HP will publicize the steps it took so that the rest of us might learn how they accomplished the results they received.

Individual Indictments, Arrests and Settlements

As reported in the FCPA Blog, there were a number of individuals who fell under FCPA criminal scrutiny in the first half of 2014.

PetroTiger

Joseph Sigelman, the former co-CEO of PetroTiger Ltd., was charged with conspiracy to violate the FCPA and to commit wire fraud, conspiracy to launder money, and substantive FCPA and money laundering offenses. He is accused of bribing an official at Ecopetrol SA, Colombia’s state-controlled oil company, and defrauding PetroTiger by taking kickbacks. As reported by Joel Schectman in the WSJ, two other PetroTiger executives, Sigelman’s co-CEO, Knut Hammarskjold and the company’s former General Counsel (GC), Gregory Weisman, have already pled guilty to the charges.

It is alleged that Sigelman bribed an official in Colombia to help win an oil contract worth $39 million and of seeking kickback payments during the acquisition of another company, in exchange for a better price. Most interestingly, even after the company conducted an internal investigation, which uncovered the conduct and self-disclosed its findings to the DOJ, Sigelman has said he will go to trial and contest the charges.

Firtash and His Associates

In what may be an early preview of the corrupt doings of the old guard in Ukraine, there were a number of individuals arrested or indicted in connection with an alleged scheme to pay $18.5 million in bribes to officials in India to gain titanium mining rights. They include team leader, Dmitry Firtash, a Ukrainian national, who was arrested in Vienna, Austria, March 12, 2014, and the following were indicated with Firtash and charged with conspiracy to violate the FCPA, and who are still at large: Andras Knopp, a Hungarian businessman,; Suren Gevorgyan a Ukrainian national,; Gajendra Lal, an Indian national and permanent resident of the US; Periyasamy Sunderalingam, a Sri Lankan. K.V.P. Ramachandra Rao, a member of parliament in India and former official of the state of Andhra Pradesh, has been charged along with the other five defendants with one count each of a racketeering conspiracy and a money laundering conspiracy, and two counts of interstate travel in aid of racketeering. Although he was not charged under the FCPA, the DOJ has asked India to arrest him.

Direct Access Partners

Continuing the investigation into the first investment bank, Direct Access Partners LLC (DAP), to be charged with FCPA violations, there were two more individuals charged, in addition to the four from 2013 who all pled guilty. Benito Chinea, former CEO of DAP, was charged in federal court in New York for bribery involving Venezuela’s state bank and Joseph Demeneses, a former managing director, was also charged in the 15-count indictment of paying kickbacks to a vice President of the Venezuelan Nation Bank BANDES, in exchange for the bank’s bond-trading business.

Noble Energy Executives

While it is not entirely clear if these cases belong in the first half or second half of the their, the Securities and Exchange Commission (SEC) rather unceremoniously dropped its enforcement action against one former and one current Noble Energy executives. The SEC had claimed that former Noble Corporation CEO Mark A. Jackson along with James J. Ruehlen, had bribed customs officials to process false paperwork purporting to show the export and re-import of oil rigs, when in fact the rigs never moved. These actions led to allegations that Jackson and Ruehlen directly violated the anti-bribery provisions, internal controls and false records provisions relating to the FCPA. For all of these claims the SEC sought injunctive relief and monetary damages.

But as reported in the FCPA Blog, “A docket entry from July 1 for the U.S. federal district court in Houston said all deadlines in the SEC’s civil FCPA enforcement action against two former Noble executives have been vacated “pending final settlement documents.”” Both defendants agreed not to violate or aid and abet any violation of the FCPA going forward. Pretty stout stuff when you consider that all US citizens have that obligation going forward, whether they agree to it in a court filed documents or not.

Tomorrow we continue with Part II.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

 

 

May 28, 2014

What Does an Effective Compliance Program Look Like? – The Regulators Perspective

Compliance ProgramWhat does an effective compliance program look like? Is it one that follows the Ten Hallmarks of an Effective Compliance Program as set out in the 2012 FCPA Guidance? How about one that uses the Six Principals of Adequate Procedures relating to the UK Bribery Act as its guideposts? Or should a company follow the OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance? More importantly, for anti-corruption enforcement under the Foreign Corrupt Practices Act (FCPA), what does the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) look for when assessing a compliance program?

Over the years, we have heard various formulations of inquiries that regulators might use when reviewing a compliance program. While not exactly a review of a compliance protocol, one of my favorites is what I call McNulty’s Maxims or the three questions that former United States Deputy Attorney General, and  Baker & McKenzie LLP partner, Paul McNulty said were three general areas of inquiry the he would assess regarding an enforcement action when he was at the DOJ. They are: first: “What did you do to stay out of trouble?” second: “What did you do when you found out?” and third: “What remedial action did you take?”

Paul’s former partner at Baker & McKenzie, Stephen Martin, who still runs Baker & McKenzie Compliance Consulting LLC, said that an inquiry he might make was along the lines of the following. First he would ask someone who came in before the DOJ what the company’s annual compliance budget was for the past year. If the answer started with something like, “We did all we could with what we had ($100K, $200K, name the figure), he would then ask, “How much was the corporate budget for Post-It Notes last year?” The answer was always in the 7-figure range. His next question would then be, “Which is more business critical for your company; complying with the FCPA or Post-It Notes?” Unfortunately, it has been Martin’s experience that most companies spent far more on the Post-It Notes than they were willing to invest into their compliance program.

Last week at Compliance Week 2014, Andrew Ceresney, Director of the Division of Enforcement of the SEC, gave one of the Keynote Addresses. In his remarks he talked about the importance that the SEC is putting into compliance. He said “I start from the premise that the companies that have done well in avoiding significant regulatory issues typically have prioritized legal and compliance issues, and developed a strong culture of compliance across their business lines and throughout the management chain. This is something I observed firsthand while in private practice and have come to fully appreciate from my perch at the SEC.”

But, more importantly, he said that he has “found that you can predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s legal and compliance departments in the firm.” He then went on to detail some rather straightforward questions that he believes can show just how much a company is committed to having a robust compliance regime.

  • Are legal and compliance personnel included in critical meetings?
  • Are their views typically sought and followed?
  • Do legal and compliance officers report to the CEO and have significant visibility with the board?
  • Are the legal and compliance departments viewed as an important partner in the business and not simply as support functions or a cost center?

Beyond simply going into the DOJ or SEC and claiming that your company is very ethical and does business in compliance with the FCPA, how can a company demonstrate the above? This is where the Tom Fox Mantra of Document, Document and Document comes into play. No matter how much input the compliance function has into the above suggested inquiries if the inputs are not documented, it is if they did not exist. So for meetings, you should keep attendance sheets or notations. A compliance representative can put a short, three to four sentence memo into the file about the recommendations and the response thereto. If the compliance department advise was not followed, there should be a business reason documented for the decision. Moreover, if there is a rejection of the compliance function advise and the course of action leads to some type of FCPA issue, it may well be assumed the company knew or should have known that the course of action taken could reasonably lead to a FCPA issue if not full blown violation. As to the issues of compliance visibility at the Board level, once again the documentation of any presentation and their substance can provide evidence to answer the query in the affirmative. But the key to all of these questions is if there is documentation to prove the assertions that they actually occurred.

Near the end of his presentation, Cerensey said that “Far too often, the answer to these questions is no, and the absence of real legal and compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues. When I was in private practice, I always could detect a significant difference between companies that prioritized legal and compliance and those that did not. When legal and compliance were not equal partners in the business, and were not consulted as a matter of course, problems were inevitable.”

McNulty’s Maxims, Martin’s question on budget and now Cerensey’s questions all provide significant guideposts to how regulators think about FCPA compliance programs. For me, I think the point is that companies which actually Do Compliance are easy to spot. For all the gnashing of teeth about how hard it is to comply with what the DOJ and SEC want to see in FCPA compliance, when the true focus can be distilled into whether a company actually does compliance as opposed to saying how ethical they are, I think it simplifies the inquiry and the issues senior management and a Board of Directors really needs to pay attention to.

For a copy of the full text of Director Cerensey’s remarks, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,815 other followers