FCPA Compliance and Ethics Blog

February 13, 2013

Distributors under the FCPA

If there was ever a question that distributors were covered under the Foreign Corrupt Practices Act (FCPA), in 2012, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) made it emphatically clear that this class of entities in a company’s sales chain would be treated that same as any other sales agent, reseller or any other entity which sells a US company’s products outside the United States. While the terms agent, reseller and distributor have distinct definitions in the legal world, they no longer do for FCPA purposes.

The three enforcement actions which made clear that there were no distinctions between agents and distributors in 2012 were the Smith & Nephew, Inc., (S&N) Deferred Prosecution Agreement (DPA) for criminal FCPA violations, the Oracle SEC Complaint for books and records violations and the Eli Lilly and Company (Lilly) SEC Compliant for books and records violations. Each of these enforcement actions had different FCPA violations and they each revealed separate steps which a company should take to both prevent and detect FCPA violations in their company.

Smith & Nephew

On February 1, 2012, the DOJ announced that it entered into a DPA with Smith & Nephew, Inc., a medical equipment manufacturer, for violations of the FCPA. The violations revolved around Greek distributors of S&N who paid bribes to Greek doctors so that they would purchase and use S&N products. According to the Criminal Information, “S&N, certain of its executives, employees, and affiliates agreed to sell to [the] Greek Distributor at full list price, then pay the amount of the distributor discount – between 25 and 40 percent of the sales made by [the] Greek Distributor – to an off-shore shell company controlled by [the] Greek Distributor, in order to provide off-the-books funds for [the] Greek Distributor to pay cash incentives and other things of value to publicly-employed Greek HCPs to induce the purchase of S&N products, while concealing the payments.” Additionally, S&N “falsely recorded or otherwise accounted for the payments to the shell companies on its books and records as ‘marketing services’ in order to conceal the true nature of the payments in the consolidated books and records of S&N and GmbH.”

Oracle

Oracle got into FCPA hot water because its Indian subsidiary directed its distributor to set up a separate slush fund of monies which could be, and were, used to pay monies to persons unknown. As specified in the SEC Compliant, “certain Oracle India employees created extra margins between the end user and distributor price and directed the distributors to hold the extra margin in side funds. Oracle India’s employees made these margins large enough to ensure a side fund existed to pay third parties. “At the direction of the Oracle India employees, the distributor then made payments out of the side funds to third parties, purportedly for marketing and development expenses.” The SEC Compliant noted that “about $2.2 million in funds were improperly “parked” with the Company’s distributors.” To compound this problem, employees of Oracle India concealed the existence of this side fund from Oracle in the US and hence there was an incorrect accounting in Oracle’s books and records.

Lilly

In Brazil, Lilly used the distributor model to market its drugs through third-party distributors who then resold these products to public and private entities. As noted by Matt Ellis, in his post entitled “Eli Lilly’s Distributor in Brazil: The Non-Obvious FCPA Risk”, the discounts that distributors typically receive from manufacturers such as Lilly can be problematic under the FCPA because “enforcement officials can see these discounts as potential “loose money” that can be used for bribe payments. This is especially the case when the distributor is engaging in other activities on behalf of the producer, like marketing, licensing, and customs clearance.”

This was the situation that Lilly found itself in in Brazil, where Lilly sold drugs to distributors who then resold the products to both public and private entities. It was the classic distributor model where Lilly sold the drugs to the distributors at a discount and then the distributors would resell the products “at a higher price and then took their discount as compensation.” There was a fairly standard discount given to the distributors which generally ranged “between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount.”

However, in early 2007, at the request of a Lilly sales manager, the company awarded an unusually high discount of between 17% and 19% to a distributor for the sale of a Lilly drug to the government of one of the states of Brazil. The distributor used approximately 6% of this additional discount to create a fund to pay Brazilian government representatives to purchase the Lilly drugs from him. Further, the Lilly sales manager who requested this unusual discount was aware of the bribery scheme. Moreover, this increase in the discount was approved by the company with no further inquiry as to the reason for the request or to substantiate the basis for such an unusually high discount. If there were any internal controls they were not followed.

Prevention and Detection

These three separate bribery schemes call for three different but overlapping responses. In the case with Lilly, the SEC Complaint noted the following “Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient.” Lastly, as stated by Ellis, “It noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.”

The Lilly enforcement action also makes clear the need for internal audit to follow up with ongoing monitoring and auditing. Internal audit can be used to help determine the reasonableness of a commission rate outside the accepted corporate norm. As noted by Jon Rydberg, of Orchid Advisors, in an article entitled “Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact”, the company should be “implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption” for the distributor sales model.

The Oracle enforcement action demonstrates that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account. The Company needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. Oracle should have sought to either (1) seek transparency in its dealing with the distributor or (2) audit third party payments made by the distributors on Oracle’s behalf, both of which would have enabled the Company to check that payments were made to appropriate recipients.

What are some of the factors that demonstrate the distributors used by S&N were fraudulent and did not have a legitimate business purpose? It was clear that S&N did not perform sufficient due diligence on these distributors nor did they document any. I would note that the distributor was domiciled in a location separate and apart, the UK, from the sole location it was designed to deliver products or services into, Greece. This clearly demonstrated that the entities were used for a purpose that the company wished to hide from Greek authorities. While it is true that a distributor might sell products into a country different than its domicile, if the products are going into a single country, this should have raised several Red Flags.

However, the biggest indicium of corruption was the amount of the commission paid. The traditional sales model for a distributor has been to purchase a product, take the title, and therefore the risk, and then sell it to an end user. Based upon this sales model, there has been a commission structure more generous than those usually accorded a reseller or sales agent, who is usually only a negotiator between the Original Equipment Manufacturer (OEM) and the end user. This difference in taking title, and risk of loss, have led to a cost structure which has provided a deeper discount of pricing for distributors than commission rates paid to resellers or sales agents. The sales structure used by S&N had pricing discounts of between 26-40% off the list price. Further, this money was used precisely to pay bribes to Greek Doctors to use S&N products.

These three enforcement actions make clear that distributors will be treated like any other representative in the sales chain. This means that distributors need to go through the same rigorous due diligence and review, contracts and management going forward as agents or resellers.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

January 10, 2013

Internal Audit Review of Charitable Donations Under the FCPA

When is a rose not a rose? When it is a charitable donation not made for philanthropic purposes and it violates the Foreign Corrupt Practices Act (FCPA). I thought about that concept when reviewing the Eli Lilly and Company (Lilly) FCPA enforcement action brought by the Securities and Exchange Commission (SEC) late last month. The Lilly enforcement action discussed a bribery scheme utilized by Lilly in Poland. The scheme and FCPA violations mirrored an earlier FCPA enforcement action, also brought by the SEC as a civil matter, rather than by the Department of Justice (DOJ) as a criminal matter, against another US entity Schering-Plough, for making charitable donations in Poland which violated the FCPA. One of the remarkable things about both of these enforcement actions, brought almost eight years apart, was that they involved improper payments to the same Polish charitable foundation to wrongfully influence the same Polish government official to purchase products from both of these companies.

I.                   The Bribery Schemes

Both companies were involved in negotiations for the sale of products with the Director of the Silesian Health Fund (Health Fund). He had also established a charitable foundation, the Chudow Foundation to engage in restoration of ancient castles in Poland. Both companies made donations to the Chudow Foundation at or near the time decisions were made regarding the purchase of their respective products by the Health Fund. The FCPA books and records violations for the donations stated that they were all mischaracterized on the respective company’s books. The donations were made by each company with the description for the donations as follows:

LILLY BOX SCORE OF DONATIONS MADE TO CHUDOW FOUNDATION

  Date Amount of Donation Listed Reason for Donation
1 6/21/2000 $2,730 Purchase of computers
2 11/13/2000 $1,855 To support the foundation in its goal to develop activities in [Chudow Castle]. It was also noted that the ‘value of the request’ was indirect support of educational efforts of foundation settled by Silesian [Health Fund]
3 5/22/2001 $8,019 Rental of castle for conferences
4 11/05/2001 $2,438 Rental of castle for conferences
5 3/27/2002 $7,779 Rental of castle for conferences
6 6/14/2002 $7,434 Rental of castle for conferences
7 11/20/2002 $5,112 Rental of castle for conferences
8 1/29/2003 $2,622 Rental of castle for conferences
  Total $37,989

Although all of these donations were approved by a team within Lilly, the “Medical Grant Committee [MGC]”, who reviewed the request for such donations, the MGC’s approval was “largely based on the justification and description in the submitted paperwork.” While Requests 1 & 2 may have had tangential value to the stated purpose of the Chudow Foundation to restore castles in Poland, even Request 3 was clearly a quid pro quo as an action to obtain business. Just as clearly, ‘rental of castle’ is not a charitable donation but an expenditure, even with that understanding, the SEC Complaint noted that Lilly held no conferences at any castles so it was an outright misrepresentation.

SCHERING-PLOUGH BOX SCORE OF DONATIONS MADE TO CHUDOW FOUNDATION

  Date Amount of Donation Listed Reason for Donation
1 2/23/1999 $777 Covering fight against viral hepatitis
2 3/17/2000 $4,909 Support of health campaign within county of Gliwice
3 7/19/2000 $8,065 Financing second stage of health prevention campaign in Gliwice
4 11/8/2000 $8,766 Financing for the Foundation
5 12/20/2000 $9,292 Financing second stage of research
6 3/19/2001 $4,340 Financing lung cancer prevention program
7 3/22/2001 $4,854 Financing screening examinations to detect skin cancer
8 4/25/2001 $4,958 Support of lung cancer prevention program
9 6/4/2001 $5,019 Support of lung cancer prevention program
10 10/29/2001 $4,878 Support of a coronary disease prevention program and promote the image of the company in the medical community
11 12/18/2001 $10,067 Support of an anti-chain smoking health program and promote the company as one that cares about the people of Silesia
12 12/19/2001 $5,067 Financing of Foundation
13 3/25/2002 $4,868 Support actions of Foundation in preventing infectious diseases of the liver
  Total $75,860

The Schering-Plough SEC Complaint noted that the company Manager involved in the payment scheme, “provided false medical justifications for most of the payments on the documents that he submitted to the company’s finance department.” Additionally, he structured the payments so that they were at or below his approval limit so that he did not have to ask for permission to make the improper payments. The Manager in question viewed the donations as “dues that were required to be paid for assistance from the Director.”

II.                The Red Flags for Charitable Donation

 a.     Schering-Plough

What were the factors which should become red flags for the review of charitable donations under the FCPA? The Schering-Plough SEC Complaint listed several items which it deemed indicia of red flags.

1.      No due diligence. The first is that no due diligence was performed on the charity to identify the Director of the Silesian Health Fund as the founder or his role in the Chudow Foundation.

2.      Donations not related to health care. While the company permitted donations to healthcare related programs there was no follow up to determine the purposes or uses of the donated funds.

3.      Outside normal range of donation. The next red flag was that the donations made to this single charitable foundation approximately 40% of the company’s promotional budget in 2000 and 20% in 2001.

4.      Disproportionate sales. The company’s sales increased disproportionately compared with its own sales of the same products in other areas of Poland. Up to 53% of one product was sold in the region run by the Director of the Silesian Health Fund.

b.  Lilly

The Lilly SEC Complaint listed several items which it deemed indicia of red flags.

1.      No due diligence. Once again there was no due diligence performed on the charity to identify the Director of the Silesian Health Fund as the founder or his role in the Chudow Foundation.

2.      Donations not related to health care. Unlike Schering-Plough, the reasons listed for the charitable donations did not relate to health care. Moreover, they were approved by a Lilly committee specifically tasked with reviewing such requests failed to investigate beyond the submitted paperwork, which was apparently not correct.

3.      Outside normal range of donation. The SEC Complaint quoted an email from a Lilly manager who said that he had decided to commit 70-75% of the [charitable donation] budget and the Director of the Silesian Health Fund was given a “free hand to manage the Lilly investment, emphasizing the fact we only doing this for him…”

4.      Suspicious Timing. The donations were made at or near the time that decisions on the purchase of Lilly products were made by the Director of the Silesian Health Fund. One donation was made two days are the Director of the Silesian Health Fund agreed to make a purchase of Lilly products.

Here Lilly used charitable donations to a charitable foundation which was, as stated in the SEC Complaint, “founded and administered by the head of one of the regional government health authorities at the same time that the subsidiary was seeking the official’s support for placing Lilly drugs on the government reimbursement list.” There were a total of eight payments made to the charitable foundation. In addition to the charitable donations made, Lilly “falsely characterized the proposed payments”. Lilly had a group which reviewed the request for such donations called the “Medical Grant Committee [MGC]” which approved the payments “largely based on the justification and description in the submitted paperwork.”

III.       The Role of Internal Audit

Jon Rydberg, Principal of Orchid Advisors, has categorized the Lilly situation as one of a failure of internal controls. I would add that there was also a failure of internal audit. What does internal audit need to review in the context of charitable donations under the FCPA? Internal audit needs to start with the DOJ FCPA Guidance regarding charitable donations. Internal audit should begin by asking the following five initial questions:

(1)   What is the purpose of the payment?

(2)   Is the payment consistent with the company’s internal guidelines on charitable giving?

(3)   Is the payment at the request of a foreign official?

(4)   Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country?

(5)   Is the payment conditioned upon receiving business or other benefits?

Next internal audit should make inquiries based upon the DOJ Opinion Releases issued regarding charitable donations. Some of the protections a company can do to comply with the FCPA regarding charitable donations are as follows:

1)      Have the donation recipients certified that they or the entity will comply with the requirements of the FCPA;

2)      Has the recipient provided audited financial statements; and

3)      Has the recipient restricted the use of the donated funds to humanitarian or charitable purposes only;

4)      Were the funds transferred to a valid bank account; and

5)      Ongoing auditing and monitoring of the efficacy of the charitable donation program.

Based upon the Schering-Plough and Lilly SEC enforcement actions, there are some additional inquiries that internal audit should make, they are as follows:

a.      What was the timing of the charitable donation or promise to make a donation in relation to the obtaining or retaining of business?

b.      Did the company follow its normal protocol for requesting, reviewing and making a charitable donation or is there a pattern of unusual donations outside the protocol?

c.       Did any one person make multiple donations just below their authority level so that it did not have to go up the line for review?

d.      Was the total amount donated to one charitable foundation out of proportion to the rest of the country or region’s charitable donation budget?

e.       Did the sales in one area, region or country spike after a pattern of charitable donations?

The information on the red flags from the prior Opinion Releases and the best practices, as set out in the FCPA Guidance, have been available for some time. I think that the information found in both the Schering-Plough and Lilly enforcement actions have a different focus for internal audit. In addition to looking at the timing of charitable donations to see if they are at or near the time of the awarding of new or continued business, I think that internal audit may now need to look at overall increases in sales to determine if they are tied to a pattern of charitable donations. I once heard my colleague Henry Mixon explain how the award of a contract may be the product of fraud or corruption. By looking at the timing and quantum of charitable donations, internal audit may be able to ascertain that a spike in sales is tied to corrupt conduct. This may not be something that is on the current radar of auditors when they review charitable donations, but may now be something they need to consider.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

October 2, 2012

Tyco NPA and Chris Economaki – Details from the Pits

“This is Chris Economaki in the pits.”

That was the signature line of race car announcer Chris Economaki, who died last week at the age of 91. For a generation of us who grew up watching ABC’s Wide World of Sports, Chris Economaki was the voice of the Indy 500, the Dayton 500, the Summer and Winter Nationals of the National Hot Rod Association (NHRA) and a host of other auto races. In addition to having one of the most unique names this Southerner had ever heard of, Economaki had a staccato vocal delivery that, as noted in his obituary in the New York Times (NYT) by writer Douglas Martin, “reminded some of a rumbling racing engine.”

The Bribery Schemes

I thought about Chris Economaki and the detail he brought as a track-side commentator to a generation of Wide World of Sports’ aficionados when considering the various documents released last week in connection with the Tyco International Ltd (Tyco) Foreign Corrupt Practices Act (FCPA) enforcement action. For the most comprehensive summary of the Department of Justice’s (DOJ) criminal enforcement action and the Securities and Exchange Commission’s (SEC) civil action, I recommend either of the FCPA Professor’s excellent posts on Tyco. In addition to the points raised by the Professor I believe that there are significant lessons learned for the FCPA compliance practitioner. With a tip of our collective caps to the baseball pennant races which are down to the final few days, I present the Tyco Bribery Box Score.

Tyco

Subsidiary

Bribe Amount Paid

Profits Earned by Conduct

M/A Com Not reported $71,770
TTC Huzhou and TTC Shanghai $196,267 $3,470,180
TWW Germany and Erhard $2,371,094 $4,684,966
TFC HK and Keystone $137,000 $378,088
TFCT Shanghai $24,000 $59,412
ET Thailand $292,268 $879,258
TFIS France $363,839 $1,256,389
THC China $250,000 $353,800
TVC ME $488,479 $1,153,500
ADT Thailand $78,000 $473,262
Tatra $96,000 $226,863
Eurapipe $358,000 $1,298,453
THC Saudi Arabia Not reported $1,900,600
Dulmison $68,426 $109,249

I set out the full Box Score of bribes paid by Tyco in this detail to emphasize how bad the conduct of the company is and this is in the VERY BAD CONDUCT realm, coupled with the facts that (a) Tyco is now a two-time loser under the FCPA and (b) most of the illegal conduct occurred after Tyco agreed to an initial FCPA based Deferred Prosecution Agreement (DPA) in 2006 for prior FCPA sins. Yet even with all of this Tyco was able to obtain a Non Prosecution Agreement (NPA). Such a result is fairly stunning if you think about it in a superficial basis. However, if you consider what Paul McNulty continually says, and which I continually write about, the most important question will be What did you do when you found out about it?

As noted in the letter from the DOJ to counsel for Tyco, the DOJ entered into the NPA with Tyco based upon the following factors: (1) timely and voluntary self-disclosure; (2) a full and complete global investigation by Tyco; (3) extensive remediation including implementation of an enhanced compliance program, termination of employees responsible for the conduct at issue, severing contracts with third party agents who were parties to the frauds, closing subsidiaries involved in the illegal conduct; and (4) provide annual written reports to the DOJ on progress of the company’s enhanced compliance program.

Corporate Compliance Program

Tyco agreed to a robust corporate compliance program that either currently exists or will be implemented in the future. This Corporate Compliance Program is somewhat different than most of the 13 minimum best practices compliance regimes reported in DPAs and NPAs since the Panalpina DPA of November, 2010. Tyco agreed to a point compliance regime, which consists of the following.

1. High level commitment. The Company will ensure that its senior management provides strong, explicit, and visible support and commitment to its corporate policy against violations of the anti-corruption laws and its compliance code.

2. Policies and Procedures. Tyco will promulgate compliance standards and procedures designed to reduce the prospect of violations of the anti-corruption laws and the Company’s compliance code, and the Company should take appropriate measures to encourage and support the observance of ethics and compliance standards and procedures against foreign bribery by personnel at all levels of the company. These anti-corruption standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties acting on behalf of the Company in a foreign jurisdiction, including but not limited to, agents and intermediaries, consultants, representatives, distributors, teaming partners, contractors and suppliers, consortia, and joint venture partners (collectively, “agents and business partners”), to the extent that agents and business partners may be employed under the Company’s corporate policy. The Company shall notify all employees that compliance with the standards and procedures is the duty of individuals at all levels of the company. Such standards and procedures shall include policies governing:

  1. gifts;
  2. hospitality, entertainment, and expenses;
  3. customer travel;
  4. political contributions;
  5. charitable donations and sponsorships;
  6. facilitation payments; and
  7. solicitation and extortion.

3. Internal Controls. Tyco will ensure that it has a system of financial and accounting procedures, including a system of internal controls, reasonably designed to ensure the maintenance of fair and accurate books, records, and accounts to ensure that they cannot be used for the purpose of foreign bribery or concealing such bribery. This system should be designed to provide reasonable assurance that:

  1. Transactions are executed in accordance with management’s general or specific authorization;
  2. Transactions are recorded to permit preparation of financial statements in accordance with GAAP;
  3. Access to assets is permitted only in accordance with management’s general or specific authorization; and
  4. Recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken if discrepancies are found.

4. Periodic Risk-Based Reviews. Tyco agreed to develop these compliance standards and procedures, on the basis of a risk assessment addressing the individual circumstances of Tyco, in particular the foreign bribery risks it faces including, its geographical organization, interactions with various types and levels of government officials, industrial sectors of operation, involvement in joint venture arrangements, importance of licenses and permits in the company’s operations, degree of governmental oversight and inspection, and volume and importance of goods and personnel clearing through customs and immigration.

5. Proper Oversight and Independence. Tyco will (or once again has) assign responsibility to one or more senior corporate executives of the Company for the implementation and oversight of the Company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to the Tyco’s independent monitoring bodies, including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.

6. Training and Guidance.

  1. Training. Tyco will implement mechanisms designed to ensure that its anti-corruption policies, standards, and procedures are communicated effectively to all directors, officers, employees, and where appropriate, agents and business partners. These mechanisms shall include periodic training for all directors and officers, and, all employees in positions of leadership or trust or positions which might otherwise pose a risk of corruption to the company. The training shall also be provided to agents and business partners. Lastly there shall be biannual certifications by all such directors and officers, and, where necessary and appropriate, employees, agents, and business partners, certifying compliance with the training requirements.
  2. Guidance. Tyco is required to maintain an effective system for providing guidance and advice to directors, officers, employees, and, where necessary and appropriate, agents and business partners, on complying with Tyco’s anti-corruption compliance policies, standards, and procedures, including when they need advice on an urgent basis or in any foreign jurisdiction in which Tyco operates.

7. Internal Reporting and Investigation. Tyco will provide an effective system for internal and where possible, confidential reporting by, and protection of, directors, officers, employees, and, where necessary and appropriate, agents and business partners, concerning violations of the Company’s compliance program. Tyco also agreed to dedicate sufficient resources to respond to such requests and undertaking necessary and appropriate action in response to such reports.

8. Enforcement and Discipline. Tyco will institute appropriate disciplinary procedures to address, violations of the anti-corruption laws and the Company’s anti-corruption compliance code, policies, and procedures by the Company’s directors, officers, and employees. This shall include disciplining of those within the company no matter how the position of the person or their perceived authority. In addition to discipline, Tyco agrees to add appropriate mechanisms to incentivize compliant behavior.

9. Third Party Relationships. Tyco agreed to institute appropriate due diligence and compliance requirements pertaining to the retention and oversight of all agents and business partners, including: (a) properly documented risk-based due diligence pertaining to the hiring and appropriate and regular oversight of agents and business partners; (b) informing agents and business partners of the Company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the Company’s ethics and compliance standards and procedures and other measures for preventing and detecting such bribery; (c) seeking a reciprocal commitment from agents and business partners and (d) including appropriate compliance terms and conditions in the contract.

10. Mergers and Acquisitions. Tyco agreed to develop and implement appropriate compliance policies and procedures for any acquisition based upon an appropriate risk-analysis which would be completed as soon as practicable. Further such changes would be implemented as soon as practicable. Directors, officers and employees of newly acquired entities would be trained as soon as practicable.

11. Monitoring and Testing. Tyco agreed to conduct periodic review and testing of its anti-corruption compliance code, standards, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, standards and procedures, taking into account relevant developments in the field and evolving international and industry standards.

So the prior 13 point best practices program is now folded down to 11 for Tyco. Nevertheless, the general concepts are still the same for a company seeking to implement or enhance its compliance solution. Much like Chris Economaki reporting from the Pits at the Indy 500, the level of detail provided in the Tyco NPA should allow the compliance practitioner to evaluate their company’s compliance program.

============================================================================================

The Wall Street Journal has a series of articles today on the FCPA. In conjunction with these articles I will join Joe Palazzolo, Law Blog lead writer, for a conversation on the FCPA at 2:30 PM EDT. We will take your questions. To join us, click here.

===========================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

September 26, 2012

Tyco International – The Importance of the Books and Records under the FCPA

On Monday, the Securities and Exchange Commission (SEC) and Department of Justice (DOJ) announced settlement with Tyco International (Tyco) for books and records violation of the Foreign Corrupt Practices Act (FCPA). Tyco agreed to a fine of $26MM for “at least twelve different, post-injunction illicit payment schemes occurring at Tyco subsidiaries across the globe. The schemes frequently entailed illicit payments to foreign officials that were inaccurately recorded so as to conceal the nature of the payments” and failure “to devise and maintain internal controls sufficient to provide reasonable assurances that all transactions were properly recorded in the company’s books, records, and accounts”. $10,564,992 of the fine was paid in disgorgement and an additional $2,566,517 in prejudgment interest was paid to the SEC and the remainder of $13.68MM was paid as fine to the DOJ. All of this was discovered because Tyco was already a FCPA violator, having admitted to violations back in 2006 and these additional violations were discovered as a part of a companywide review required under its 2006 Deferred Prosecution Agreement (DPA). Tyco received a Non-Prosecution Agreement (NPA) from the DOJ for this post-DPA conduct and I will discuss the NPA in a subsequent post.

While a large portion of the FCPA commentaratti focused on the damning email which read “”Hell, everyone knows you have to bribe somebody to do business in Turkey. Nevertheless, I’ll play it dumb”; another portion of the commentaratti seemed somewhat amazed that hiding bribery and corruption in a company’s books and records is a stand-alone violation of the FCPA.   As part of the 2006 settlement Tyco agreed to engage in a companywide review of its operations to determine if there was “anything else”. Not only did it turn out there was something else “rotten in Denmark” but this bribery and corruption continued after the first enforcement action. This companywide review determined that Tyco had engaged in “illicit payment schemes”; that these bribery schemes “were inaccurately recorded so as to conceal the nature of the payments” and Tyco “failed to devise and maintain internal controls sufficient to provide reasonable assurances that all transactions were properly recorded in the company’s books, records, and accounts.”

So with a nod to the final week of the baseball season we present the Tyco Bribery Box Score

Subsidiary Location

Bribe Amount Paid

Inaccurate Books and Records Description

Turkey Not reported Equipment sold at a mark-up over invoice price
China $3700 Commission to sales team
Germany Not reported Commission to sales team
France Not reported Commissions to agents for ‘business introductions’
China-different sub $483K Commissions to agent
Thailand $50K Renovation work
Malaysia Not reported Commissions to agents
Egypt $282K Disguised as inflated invoices from agent
Saudi Arabia Not reported Promotional expenses and sales development
Poland Not reported Bogus service contracts

What I find so interesting about all of this is that it occurred, in large part, after the 2006 DPA. As Bill Clinton might say, “It takes some brass” to initiate or continue a bribery scheme while you are under a DPA for FCPA violations. With the above in mind I was intrigued by an article in the Navigant Quarterly, 2012 Volume 1, Issue 13, entitled “If You Think You Are Done Looking…Keep Looking”, by Eileen Felson and Nicole Wrigley. In their article, the authors note that “every fraud has to be hidden somewhere on a company’s books. Most financial statement frauds grow in size, scope and duration.” The authors also talk about “collusive fraud” which is the situation where “fraudsters work together to manipulate the balance sheet and actually launder the fraud through various accounts.” It sounds like a description of the machinations folks must go through to hide corrupt payments while under a FCPA DPA. Although the authors specifically address frauds, their concepts are certainly broad enough to include bribery and corruption.

The authors detail several types of corrupt practices and end their article with some tips on investigation. They note that the “logical start-off point in conducting a forensic investigation of how a fraud was committed includes a detailed review of revenue and expense account activity.” But more importantly, a forensic examiner must keep looking. The reason for this is simply because if evidence of bribery or corruption is found in one area the entire scheme is revealed. Therefore a forensic examiner needs to review unrelated accounts to see if there are other indicia of corruption.

What does all of this mean for a compliance program? There is some very clear guidance for the role of Internal Audit in detecting bribery and corruption in a best practices FCPA compliance program. First and foremost, if there are any types of commission payments being made, Internal Audit needs to review the documentation supporting why such payments are being made. A review of contracts or other legal requirements which may obligate a company to make such payments should be a basic undertaking in any internal audit. After an internal auditor has determined if commission payments are legally authorized, the internal auditor should review evidence that such commission payments have been earned. In other words, is there any evidence in the company’s books and records that the person or entity performed the services which might have entitled them to such commission payments? And do not forget that another role for Internal Audit is to correctly classify payments so that the books and records of the company accurately reflect them as expenses.

The Tyco SEC Compliant is chocked full of information regarding what an internal auditor needs to look for in reviewing expenses charged by employees; commissions paid to employees; invoices by agents and other third party representatives and over-inflated sales contracts; all used to disguise corrupt payments. The sad fact, as noted by authors Felson and Wrigley, is that many corruption schemes are not “committed for personal gain (such as stealing cash) but for other incentives, such as continued employment/advancement, fear of delivering bad news to investors or an intimidating supervisor, or a desire to increase the value of performance-based bonuses.” While it is not clear why it took Tyco so long to uncover these ongoing acts of bribery and corruption or why Tyco employees continued to engage in conduct violative of the FCPA while under a DPA; I think that the Tyco example speaks to the need for an overall, comprehensive robust compliance program that focuses on all factors which led to the continued bribery and corruption in the company which was reported in the SEC Complaint.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

September 9, 2012

The Five Essential Elements of a Corporate Compliance Program – Part II

Tuesday morning, at the University Club of Chicago, Stephen Martin and I will co-present at a Foreign Corrupt Practices Act (FCPA) event hosted by Kreller. If you are in or near Chicago, I hope that you can join us for this presentation. The title of our presentation is “Anti-Corruption/FCPA Developments & Best Practices” and we will focus on a concept that Stephen and his partners at the law firm of Baker & McKenzie have developed which are five essential elements of a corporate compliance program. In Part I, I discussed the background to the development of the five essential elements. In today’s installment, Part II, I will detail the remaining elements in the five elements of an essential compliance program.

III.             Standards and Controls

Generally, every company has three levels of standards and controls. (1) Code of Conduct. Every company should have a Code of Conduct which should express its ethical principles. However, a Code of Conduct is not enough. (2) Standards and Policies. Every company should have standards and policies in place that build upon the foundation of the Code of Conduct and articulate Code-based policies, which should cover such issues as bribery, corruption and accounting practices. (3) Procedures. Every Company should then ensure that enabling procedures are implemented to confirm those policies are implemented, followed and enforced.

FCPA compliance best practices now require companies to have additional standards and controls, including, for example, detailed due diligence protocols for screening third-party business partners for criminal backgrounds, financial stability and improper associations with government agencies. Ultimately, the purpose of establishing effective standards and controls is to demonstrate that your compliance program is more than just words on a piece of paper.

IV.              Training

Another pillar of a strong compliance program is properly training company officers, employees and third parties on relevant laws, regulations, corporate policies and prohibited conduct. Simply conducting training usually is not enough. Enforcement officials want to be certain the messages in the training actually get through to employees. The Department of Justice’s (DOJ) expectations of effectiveness are measured by who a company trains, how the training is conducted and how often training occurs.

There are several key elements to training. First is that you need to train the right people. You must prioritize which audience to educate by starting your training program in higher risk markets and focus on directors, officers and sales employees who may have direct contact with government officials or deal with state-owned entities. Again, focus initially on training country managers in your company’s high-risk markets, then expand geographically and through the ranks of employees.

Second, in high risk markets and for high risk employees or third parties you should conduct live, annual training. Enforcement officials have made it clear that live, in-person training is the preferred method in high-risk markets and also that it should be regular and frequent. Another benefit of live training is the immediate feedback from employees that would be much less likely to occur during a webinar or other remote training. Lastly, during live training, employees are more likely to make casual mention of a potentially risky practice, giving you the opportunity to address it before it becomes a larger problem.

It is important that you pay attention to what employees say during training. This is because training can alert you to potential problems based on the type of questions employees ask and their level of receptiveness to certain concepts. For example, during training employees might ask specific questions about important compliance considerations such as their interactions with government officials or gift-giving practices. Such questions can raise red flags and uncover issues that should be reviewed and addressed quickly.

Thirdly, you should tailor your training to each country. This means that employing a generic script for compliance training is a mistake. To be effective, training programs should be customized by region, country, industry, areas of compliance and types of employee. In addition to Foreign Corrupt Practices Act (FCPA), UK Bribery Act, and OECD guidelines, focus on compliance risks in the country where the employees being trained are working. For example: In China, address the many corruption risks involved in dealing with state-owned entities.

V.                 Oversight – including monitoring, auditing and responses

The issue your company should focus on here is whether employees are staying with the compliance program. Even after all the important ethical messages from management have been communicated to the appropriate audiences and key standards and controls are in place, there should still be a question of whether the company’s employees are adhering to the compliance program. Two of the seven compliance elements in the US Sentencing Guidelines call for companies to monitor, audit and respond quickly to allegations of misconduct. These three highlighted activities are key components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs.

Many companies fall short on effective monitoring. This can sometimes be attributed to confusion about the differences between monitoring and auditing. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. However, you should not assume that because your company conducts audits that it’s effectively monitoring. A robust program should include separate functions for auditing and monitoring. While unique in protocol, however, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance if you notice a trend of suspicious payments in recent monitoring reports from Indonesia, it may be time to conduct an audit of those operations to further investigate the issue.

Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they’ve noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage. Additionally the global compliance committee should meet or communicate as often as every month to discuss issues as they arise. These ongoing efforts demonstrate your company is serious about compliance.

Finally, as was emphasized again with the recent Pfizer Deferred Prosecution Agreement (DPA), your company should establish protocols for internal investigations and disciplinary action. The Pfizer “Enhanced Compliance Obligations” included the following on investigative protocols: (a) On-site visits by an FCPA review team comprised of qualified personnel from the Compliance, Audit and Legal functions who have received FCPA and anti-corruption training; (b) Review of a representative sample, appropriately adjusted for the risks of the market, of contracts with, and payments to, individual foreign government officials or health care providers, as well as other high-risk transactions in the market; (c) Creation of action plans resulting from issues identified during the proactive reviews; these action plans will be shared with appropriate senior management and should contain mandatory remedial steps designed to enhance anti-corruption compliance, repair process weaknesses, and deter violations; and (d) a review of the books and records of a sample of distributors which, in the view of the FCPA proactive review team, may present corruption risk. Prior to such an investigation, however, the company should have procedures – including document preservation protocols, data privacy policies, and communication systems designed to manage and deliver information efficiently – in place to make sure every investigation is thorough and authentic.

Finally, and consistent with Stephen Martin’s Baker & McKenzie partner Paul McNulty’s Maxim Three (What did you do about it?), is your remediation efforts. Your company should remediate problems quickly. A key concept behind the oversight element of compliance is that if companies are policing themselves on compliance-related issues, the government won’t have to do it for them. Remediation, then, is an important component of oversight. If your company’s sales force in Thailand is engaged in potentially improper activity due to a lack of adequate training, remediate the deficiency and schedule that training now. In the end, it’s not enough to just gather information and identify compliance problems through monitoring and auditing. To fulfill this essential element of compliance, you also have to respond and fix the problems.

Stephen Martin and the Baker & McKenzie team have put together an excellent resource for the compliance practitioner in their five essential elements of a corporate compliance program. I hope that you can attend our FCPA event this week. For those of you who cannot attend in person, you can email me for the slide deck and other materials after the event.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 19, 2012

Oracle India Parks Monies While the Astros Move on Down to AAA

The Houston Astros announced today that are now officially a Triple-A (AAA) ball club. How do we know this? Because last night they fired their major league Manager Brad Mills and replaced him with their current (and apparently still) AAA Manager, Tony DeFrancesco. When reached for comment, Astros owner Jim Crane, fresh from his redesign of the Astros jerseys, said “We are either (a) playing AAA players or (b) playing like AAA players so I thought it would make the guys more comfortable.” [OK, I confess I made up the quote.] However, I did not make up the letter that General Manager Jeff Luhnow sent to season ticket holders last week apologizing for the terrible play of the team this year but he hopes we will all continue to buy tickets this year and next to “support the team”. No word on whether refunds will be given with all the money the Astros are saving as a AAA club playing in the National League or even that the Astros will reduce their prices to AAA rates.

As reported by the FCPA Professor last week, the Securities and Exchange Commission (SEC) announced the settlement of an action against Oracle for violations of the books and records provisions of the Foreign Corrupt Practices Act (FCPA). Unlike the Astros, who publicly announced their move to AAA status, Oracle got into FCPA hot water because its Indian subsidiary directed its distributor to set up a separate slush fund of monies which could be and were used to pay monies to persons unknown. According to the SEC Complaint, the scheme worked as follows: Oracle India would identify and work with the end user customers in selling products and services to them and negotiating the final price. However, the purchase order would be placed by the customer with Oracle India’s distributor. This distributor would then purchase the licenses and services directly from Oracle, and resell them to the customer at the higher price than had been negotiated by Oracle India. The difference between what the government end user paid the distributor and what the distributor paid Oracle typically is referred to as “margin” which the distributor generally retains as payment for its services. That description sounds like most distributor relationships but this was not what got Oracle into trouble.

The Scheme

As further specified in the Compliant, “certain Oracle India employees created extra margins between the end user and distributor price and directed the distributors to hold the extra margin in side funds. Oracle India’s employees made these margins large enough to ensure a side fund existed to pay third parties. “At the direction of the Oracle India employees, the distributor then made payments out of the side funds to third parties, purportedly for marketing and development expenses.” The SEC Compliant noted that “about $2.2 million in funds were improperly “parked” with the Company’s distributors.” To compound this problem, employees of Oracle India concealed the existence of this side fund from Oracle in the US and hence there was an incorrect accounting in Oracle’s books and records.

The Complaint further noted that “Oracle India’s parked funds created a risk that they potentially could be used for illicit means, such as bribery or embezzlement” and then went on to highlight such an instance which occurred in May 2006, where Oracle India secured a $3.9 million deal with India’s Ministry of Information Technology and Communications. Oracle’s distributor accepted payment from the end user for the full $3.9 million. Under the direction of Oracle India’s then Sales Director, the distributor sent approximately $2.1 million to Oracle, which Oracle booked as revenue on the transaction. Oracle India employees then directed the distributor to keep approximately $151,000 as payment for the distributor’s services. The Oracle India employees further instructed the distributor to “park” the remaining approximately $1.7 million to be used for disbursement towards “marketing development purposes.” Some two months later, an Oracle India employee provided the distributor with eight invoices for payments to third party vendors, in amounts ranging from approximately $110,000 to $396,000. These invoices were later determined to be false. Further none of these third parties, which were just storefronts and provided no services on the deal, were on Oracle’s approved vendor list.

Failure of Internal Audit

All of the above were in violation of Oracle’s internal policies, however the Compliant specified that “Oracle lacked the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds” and prior to 2009 “the Company failed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure.” Oracle failed to either (1) seek transparency in its dealing with the distributor and (2) audit third party payments made by the distributors on Oracle’s behalf” both of which would have enabled the Company to check that payments were made to appropriate recipients. Indeed the scheme only came to Oracle’s attention during an unrelated “local tax inquiry to Oracle’s India distributor”. This sounds reminiscent of HP Germany where a routine Bavarian Provincial tax audit picked up the suspicious payments which lead to a FCPA investigation.

What Did They Do To Remedy It?

However, even with the above listed failures of Oracle’s compliance program, the Company did take Maxim Three of McNulty’s Maxim’s to heart: What did you do to remedy it? The Complaint indicated that the person in charge of Oracle’s Supply Chain at its Indian subsidiary resigned and left the company. An internal investigation was undertaken and four employees of the Indian subsidiary who had actual knowledge of the scheme were terminated. Additionally, “Oracle took other remedial measures to address the risk and controls related to parked funds, including: conducting additional due diligence in its partner transactions in India so that Oracle had greater transparency into end user pricing in government contracts; terminating its relationship with the distributor involved in the transactions at issue; directing its distributors not to allow the creation of side funds; requiring additional representations and warranties from distributors to include the fact that no side funds exist; and enhancing training for its partners and employees to address anti-corruption policies.”

So what does this mean for the compliance practitioner? This is the second matter, the first being the Smith and Nephew enforcement action, which focused on distributors. If your company uses this model to handle or supplement its sales channels, you should immediately review the entire process, from business purpose, to due diligence, to contract terms and post-contract management, to make sure that your company is following minimum best practices with regards to this sales mechanism. You should also put selective distributors on your company’s internal audit schedule for the next cycle.

And if you are an Astros fan…You think the Astros will reduce prices to AAA rates?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

April 25, 2012

Does Wal-Mart Have a Facilitation Payment Exception to the FCPA?

In an article entitled “Many Of The Bribery Allegations Against Wal-Mart May Not Be Illegal” Forbes reporter Nathan Vardi wrote that “many of the allegations reported in the New York Times could reasonably be interpreted as falling under the so-called “facilitating payments” exception.” I wondered what defense might be available to Wal-Mart where bribes of up to $244,000 could be construed as an exception to prosecution for bribery of foreign government official under the Foreign Corrupt Practices Act (FCPA). In this post we will visit the text of the FCPA and other Department of Justice (DOJ) commentary, look at some enforcement actions; one open investigation involving alleged facilitation payments and offer some guidance to the compliance practitioner on what may or may not constitute a facilitation payment under the FCPA.

I.                   The Statute and Other Guidance

 1. The Statute

Interestingly, when the FCPA was initially passed in 1977, the facilitating payment exception was found under the definition of foreign official. However, with the 1988 Amendments, a more explicit exception was written into the statute making it clear that the anti-bribery provisions “shall not apply to any facilitating or expediting payment to a foreign official, political party, or party official the purpose of which is to expedite or to secure the performance of a routine governmental action . . .” The statute itself provided a list of examples of facilitation payments in the definition of routine governmental actions. It included the following:

  • Obtaining permits, licenses, or other official documents;
  • Processing governmental papers such as visas and work orders;
  • Providing police protection, mail services, scheduling inspections;
  • Providing utilities, cargo handling; or
  • Actions of a similar nature.

It is important to note that the language of the FCPA makes it clear that a facilitation payment is not an affirmative defense but an exception to the general FCPA proscription against bribery and corruption. Unfortunately for the FCPA Practitioner there is no dollar limit articulated in the FCPA regarding facilitation payments. Even this limited exception has come under increasing criticism. The Organization for Economic Cooperation and Development (OECD) studied the issue and, in November 2009, recommended that member countries encourage their corporations to not allow the making of facilitating payments.

2. Lay Person’s Guide to the FCPA

In the Lay Person’s Guide to the FCPA is a brochure by the DOJ which is their “general explanation of the FCPA.” Within in this guidance the DOJ states:

FACILITATING PAYMENTS FOR ROUTINE GOVERNMENTAL ACTIONS

There is an exception to the anti-bribery prohibition for payments to facilitate or expedite performance of a “routine governmental action.” The statute lists the following examples: obtaining permits, licenses, or other official documents; processing governmental papers, such as visas and work orders; providing police protection, mail pick-up and delivery; providing phone service, power and water supply, loading and unloading cargo, or protecting perishable products; and scheduling inspections associated with contract performance or transit of goods across country.

Actions “similar” to these are also covered by this exception. If you have a question about whether a payment falls within the exception, you should consult with counsel. You should also consider whether to utilize the Justice Department’s Foreign Corrupt Practices Opinion Procedure, described in the guide on p. 10 and below:

“Routine governmental action” does not include any decision by a foreign official to award new business or to continue business with a particular party.

II.                Enforcement Actions

a.     Con-way

The FCPA landscape is littered with companies who sustained FCPA violations due to payments which did not fall into the facilitation payment exception. In 2008, Con-way, a global freight forwarder, paid a $300,000 penalty for making hundreds of relatively small payments to Customs Officials in the Philippines. The value of the payments Con-way was fined for making totaled $244,000 and were made to induce the officials to violate customs regulations, settle customs disputes, and reduce or not enforce otherwise legitimate fines for administrative violations.

b.     Helmerich and Payne

In 2009, Helmerich and Payne paid a penalty and disgorgement fee of $1.3 million for payments which were made to secure customs clearances in Argentina and Venezuela. The payments ranged from $2,000 to $5,000 but were not properly recorded and were made to import/export goods that were not within the respective country’s regulations; to import goods that could not lawfully be imported; and to evade higher duties and taxes on the goods.

c.     Panalpina

Finally, there is the Panalpina enforcement action. As reported in the FCPA Blog, this matter was partly resolved last year with the payment by Panalpina and six of its customers of over $257 million in fines and penalties. Panalpina, acting as freight forwarder for its customers, made payments to circumvent import laws, reduce customs duties and tax assessments and to obtain preferential treatment for importing certain equipment into various countries but primarily in West Africa.

d.     DynCorp

Then there is the DynCorp investigation matter. As reported in the FCPA Blog and others, it is related to some $300,000 in payments made by subcontractors who wished to speed up their visa processing and expedite receipt of certain licenses on behalf of DynCorp. This investigation has been going on for several years and there is no anticipated conclusion date at this time.

III.             Some Guidance

So what does the DOJ look at when it reviews a company’s FCPA compliance program with regards to facilitation payments? Initially, if there is a pattern of such small payments, it would raise a Red Flag and cause additional investigation, but this would not be the end of the inquiry. There are several other factors which the DOJ could look towards in making a final determination on this issue. The line of inquiry the DOJ would take is as follows:

  1. Size of payment – Is there an outer limit? No, there is no outer limit but there is some line where the perception shifts. If a facilitating payment is over $100 you are arguing from a point of weakness. The presumption of good faith is against you. You might be able to persuade the government at an amount under $100. But anything over this amount and the government may well make further inquiries. So, for instance, the DOJ might say that all facilitation payments should be accumulated together and this would be a pattern and practice of bribery.
  2. What is a routine governmental action? Are we entitled to this action, have we met all of our actions or are we asking the government official to look the other way on some requirement? Are we asking the government official to give us a break? The key question here is whether you are entitled to the action otherwise.
  3. Does the seniority of the governmental official matter? This is significant because it changes the presumption of whether something is truly discretionary. The higher the level of the governmental official involved, the greater chance his decision is discretionary.
  4. Does the action have to be non-discretionary? Yes, because if it is discretionary, then a payment made will appear to obtaining some advantage that is not available to others.
  5. What approvals should be required? A facilitation payment is something that must be done with an appropriate process. The process should have thought and the decision made by people who are the experts within the company on such matters.
  6. Risk of facilitation payments and third parties? Whatever policy you have, it must be carried over to third parties acting on your behalf or at your direction. If a third party cannot control this issue, the better compliance practice would be to end the business relationship.
  7. How should facilitation payments be recorded? Facilitation payments must be recorded accurately. You should have a category entitled “Facilitation Payments” in your company’s internal accounting system. The labeling should be quite clear and they are critical to any audit trail so recording them is quite significant.
  8. Monitoring programs? There must always be ongoing monitoring programs to review your company’s internal controls, policies and procedures regarding facilitation payments.

 So we return to the question of when does a grease payment become a bribe? There is no clear line of demarcation. The test seems to turn on the amount of money involved, to whom it is paid and the frequency of the payments. Do Wal-Mart’s alleged payments to speed up the process qualify as facilitation payments or does an aggregate of over $24 million paid constitute something else?

Additionally, accurate books and records are a must. At this point it is not apparent if Wal-Mart accurately recorded these payments. If Wal-Mart really believed they were facilitation payments, why didn’t they just record them as such?

Also remember that the defense of facilitation payments is an exception to the FCPA prohibition against bribery. Any defendant which wishes to avail itself of this exception at trial would have to proffer credible evidence to support its position, but at the end of the day, it would be the trier of fact which would decide. So much like any compliance defense, the exception is only available if you use it at trial and it would be difficult to imagine that Wal-Mart will want this matter to ever see the light of a courtroom.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

July 14, 2011

Best Practices During an FCPA Enforcement Action: The Armor Holdings NPA

As reported by the FCPA Blog, Corruption Currents in the Wall Street Journal and numerous others, on July 13, 2011, Armor Holdings Inc., entered into a Non-Prosecution Agreement (NPA) with the Department of Justice (DOJ) to pay a $10.29 million penalty to resolve violations of the Foreign Corrupt Practices Act (FCPA). Contemporaneously, Armor Holdings settled a civil enforcement action brought against the company by the Securities and Exchange Commission (SEC) and agreed to pay a total of $5,690,744 in disgorgement, prejudgment interest and civil penalties in order to resolve the SEC action. These fines and penalties were in conjunction with Armor Holdings series of contracts with the United Nations (UN) for supply of body armor for use in Iraq.

An interesting side note is that the British company BAE Systems, Inc., acquired Armor Holdings but we note that it was in 2007, after the conduct in question took place. Nevertheless, this case has significant implications for the compliance practitioner. We will give some detail to the books and records scheme used by the company to disguise its bribes and then detail some of the factors listed by the DOJ in its Press Release (the NPA is not available as of the posting of this blog). These factors listed by the DOJ clearly show that a sustained, committed effort to cooperate with the DOJ and SEC in the investigation, coupled with a robust remediation program going forward can significantly help a company overcome what may appear to be clear facts which would seem to warrant a criminal penalty, in addition to a civil action.

Distributor Net Accounting

The Scheme

Armor Holdings made sales through certain unnamed third party intermediaries. The contracts were awarded from 2001 through 2006. The accounting basis of the scheme was an accounting system described as “Distributor Net” which was worked by the company to disguise more than $4.3 MM in commissions paid to these third party intermediaries. These third party intermediaries never received title to the goods in question. Under such a sales system, according to US Generally Accepted Accounting Principles (GAAP), Armor Holdings should have recorded the sale to the UN at the full or “gross” sales price – with a separate display of any commission expense for amounts paid to an intermediary.

However, Armor Holdings would send the customer a “gross” invoice, including the sales price of goods sold, plus commission, while internally recording sales at a “net” amount that did not include the commission due to the third party sales intermediary. Thus, amounts received from the customer would be greater than the amount booked internally for a sale, resulting in a credit balance in the customer’s account receivable. Armor Holdings would then transfer the “overpayment” through a series of non-commission accounts before ultimately disbursing it to the third party sales intermediary. These payments to sales intermediaries under the scheme were never recorded as a commission expense on the books and records of the company.

Notice to the Company

As early as March 2001, the company’s outside auditor “emailed comments to certain senior officers, indicating that the “distributor net” practice understated accrued liabilities and accounts receivable; and that the company should record a receivable for the gross amount due, together with an accrual for commissions.” In September, 2005, the comptroller of  “another Armor Holdings subsidiary who had refused to implement “distributor net” at his division advised senior officials at AHP and Armor Holdings of his concern that such accounting was “blown out of the water” by GAAP.” The SEC Complaint noted that even with the admonitions Armor Holdings engaged in “at least 92 transactions from 2001 through June 2007 – resulting in approximately $4,371,278 of undisclosed commissions on the books and records of Armor Holdings, and rendering those books and records inaccurate.”

Non-Prosecution Agreement

As noted above, Armor Holdings was able to negotiate an NPA for these accounting sins. Although the NPA is not currently available, the DOJ did list several factors, in its Press Release announcing the settlement, which led to the NPA. These factors included:

  • Armor Holdings complete voluntary disclosure of the conduct.
  • Armor Holdings internal investigation and cooperation with the DOJ and the SEC.
  • That the conduct took place prior to the acquisition of Armor by BAE.
  • Armor Holdings extensive remedial efforts undertaken before and after its acquisition by BAE.
  • Armor Holdings implemented BAE’s due diligence protocols and review processes.
  • Armor Holdings applied all of BAE’s compliance policies and internal controls to each of its businesses.
  • Armor Holdings had engaged in extensive remediation and improvement of its compliance systems and internal controls.

Armor Holdings also agreed to “enhanced compliance undertakings” in the NPA but we will have to wait until the NPA is released to see what those may be. While the DOJ Press Release noted that Armor Holdings would not be required to retain a corporate monitor, the company had agreed to report to the department on implementation of its remediation and enhanced compliance efforts every six months for the duration of the agreement. Lastly the NPA requires that Armor Holdings continue to implement rigorous internal controls and that it cooperate fully with the department.

The clear import of this NPA is that a company can come back from the edge of the abyss through thorough and sustained cooperation with the DOJ. Armor Holdings had 92 separate instances of disguising bribes yet was able to obtain a NPA. The lesson learned is clear: self-disclose, clean house, remediate and implement a best practices compliance program and your company may well be able to extricate itself without landing on the “Top Ten of All Time FCPA Settlement List”.

View the DOJ’s July 13, 2011 Press Release here.

View the SEC’s Litigation Press Release here.

Download the SEC’s civil complaint against Armor Holdings here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

June 30, 2011

Creating a “Gap” Analysis and Sharing Issues with Management

Our colleague, Michael Portorti continues his series on risk assessments from a CPA perspective. He has previously provided guest posts on The Auditor’s Role in FCPA and UK Bribery Act Compliance and  Performing a Risk Assessment for FCPA and UK Bribery Act Compliance .

A formalized risk assessment should be completed to identify the areas where the Company is exposed under the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act (UKBA). Subsequent to this identification, specific and detailed questions should be asked of relevant risk area management/employees to determine if “Best Practice” controls are in place. 

Interviews should be scheduled between responsible parties and an objective interviewer. A tool that can be used by the interviewer to track responses would be a document containing the following:

• Area Being Investigated
• Model Control Description
• Control Risk
• Actual Control
• Individual Responsible
• Deficiencies Identified

The deficiencies identified should be accumulated in a “Gap Analysis” document. This document should contain the following:

• Area Being Investigated
• Description of Deficiency
• Action Plan to Remediate Deficiency
• Individual Responsible
• Action Plan Due Date

The Gap Analysis document can then be used to track status of deficiencies and used as a source to update Executive Management as necessary. It also can expose bottlenecks and identify potential revisions for controls that need additional tailoring to fit in with the Company’s operational environment.

Accumulating deficiencies in this manner keeps all parties up-to-date on remediation progress so overall compliance efforts can move along at an acceptable rate.

Micheal Potorti can be reached at mpotorti@mp-audit.com. 

=============================================================================================

Episode 9 of This Week in the FCPA is now up and available for viewing. Check out Howard Sklar and myself with our weekly commentary on all things FCPA.

This Week’s Show Notes include the following topics:

1.  Three Articles on FCPA and International Rule of Law issues
2.  Tyson Foods case (one of the three articles)
3.  Private Equity and the UK Bribery Act
4.  Niko Resources

June 29, 2011

Four Steps to Resolving Your FCPA Compliance Issues

As regular readers of this blog know I often cite the three maxims of Paul McNutly as the basis for a good compliance program. They are the questions that the government will ask when they come knocking: (1) What did you do to prevent it?; (2) What did you find when you looked into it?; and (3) What did you do when you found out about it?. One of the keys of these ideas is that if you look for something, through investigation or audit, you cannot be afraid to find something, recognize that it is a problem, then move forward to remedy the problem and use it as a lesson learned going forward. I recently saw an advertisement in the Harvard Business Review for the Columbia Business School which was entitled, “How to realize leadership potential” it occurred to me that it was a way to think through and act upon McNulty’s point 3. So with some modification I present a practical method to implement McNulty.

1.     Recognize Compliance Problem

The key here is to provide the tools to company employees through training that allow them to recognize when a compliance problem has arisen. Your compliance program must have a written Code of Conduct or other formation document which clearly articulates what is expected from the compliance perspective. However, because compliance programs also have a requisite financial controls component, as required by the books and records portion of the Foreign Corrupt Practices Act (FCPA), there also needs to be a clear policy statement which employees can read and understand. This does not mean a compliance policy written by lawyers for lawyers, with lengthy citations to the FCPA, direct cut-out quotes from the US Sentencing Guidelines and other terminology on a lawyer can read and understand. The compliance policy needs to written in plain English or at least in language that a business person can understand. There should also be a detailed statement of the compliance procedures which explain the financial process by which your company will manage the compliance risk.

All of this should be encapsulated in a training program. There are various and numerous approaches to training. It can be live, via video, through a Webex, via audio, computer based or any combination thereof. The key is to provide sufficient training to allow employees to recognize compliance problems. I tell employees that they do not have to understand all the nuances of FCPA law or make a decision on whether the FCPA has been violated. I ask them that if something strikes them as wrong; their gut tells them its an issue; or the hair on the back of their neck stands up-recognize this as a problem and move to Step 2…

2.     Call for Help

So what should you do if you recognize a compliance problem? I train employees to raise there and escalate the problem. Tell your boss, call the compliance or legal department, use the hotline or do something to escalate the problem so that it can be investigated. Here the actions of the company are critical. A company must provide the training for an employee on what they are to do; where they can go. This message must be reinforced by emails, posters, reminders by management and any other form of media to communicate and keep communicating this message.

But this next part is absolutely critical. Your company must be absolutely, positively committed to accepting the employees concern and there must be NO RETALIATION. I know that every company in America will swear up and down that they embrace this basic of compliance; just as they do for all other areas where employees can bring claims, such as harassment, discrimination, SOX concerns or a myriad of others. But if there is one hint or even a whiff of retaliation, it will end, for all time, employees bringing compliance concerns up the line. All of which leads to Step 3, which is…

3.     Address the Issue

There must be a thorough and competent investigation. Do not wait one or two months to perform the investigation. In addition to the mundane concern of evidence becoming stale or disappearing, the reporting employee or other witnesses being harassed; you will lose credibility the longer you wait. Employees who make such reports expect, and I believe reasonably so, for their concerns to be taken seriously. Here I do not mean have the President of your company go in front of the national press to announce the termination of the alleged wrong-doers, well before your President has the correct facts in hand, such as was the case with the recent Renault matter.

My colleague Jim McGrath, author of the Internal Investigations Blog, writes about the use and need for specialized investigative counsel to assist a company at this juncture. Even if you do not follow Jim’s advice, you must get a lawyer on the ground as soon as is possible. This lawyer should be trained in how to investigate; he/she must have an investigation protocol and a good understanding of the facts through a comprehensive review of all documents, before the interviews begin. So perhaps you do need specialized investigative counsel as Jim suggested so as not to any conflict of interest in pursuing any leads in the compliance investigation. With that we move on to Step 4, which is…

4.     Apply Resolution

Here your company must be fearless. It must be not afraid of what may be found in the investigation, it must not be afraid to remedy the issue. Remember McNulty’s Maxims? The third question the government will ask is “What did you do when you found out about it?” You must follow your compliance policy. If discipline is warranted, you must administer it. The discipline must be administered fairly but equally across the globe. I once was at a company which fired Brazilian employees for making mis-statements on their expense accounts but gave a US employee a “Letter of Warning”. What kind of message do you think that action sent?

There may be other resolutions which may not require the administration of discipline. It may be that your internal controls need to be strengthened. Although not in the compliance world, how do you think Citigroup is feeling about its internal controls today; as it had an ex-employee charged with embezzling over $19MM for over a year before he was caught? But the key is to resolve the matter. Use it as a lesson learned and as a teaching tool. Do not hide the issue and if it is a FCPA violation, consult with counsel regarding a self-disclosure to the Department of Justice (DOJ) and Securities and Exchange Commission. If all this happened in your UK subsidiary and your complete your investigation after July 1st, self-disclose to the Serious Fraud Office.

I hope you can use these four steps to assist you in implementing McNulty’s Maxims. This is what the DOJ wants to see if they come knocking.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

« Previous PageNext Page »

Blog at WordPress.com.