FCPA Compliance and Ethics Blog

March 18, 2015

The Blue Geranium – SEC Enforcement of the FCPA – Part III

Blue GeraniumIn Christie’s The Blue Geranium a difficult and cantankerous semi-invalid wife is looked after by a succession of nurses. They changed regularly, unable to cope with their patient, with one exception Nurse Copling who somehow managed the tantrums and complaints better than others of her calling. The wife had a predilection for fortunetellers and one announced that the wallpaper in the wife’s room was evil; pronouncing she should “Beware of the Full Moon. The Blue Primrose means warning; the Blue Hollyhock means danger; the Blue Geranium means death.” Four days later, one of the primroses in the pattern of the wallpaper in the wife’s room changed color to blue in the middle of the night, when there had been a full moon.

On the morning after the next full moon, the wife was found dead in her bed with only her smelling salts beside her. Once again Miss Marple has the solution remembering that potassium cyanide resembled smelling salts in odor. The wife took what she thought were smelling salts but was in reality potassium cyanide. The flowers on the wallpaper had been treated with litmus paper which the turned the geranium in question blue, which unmasked the killer.

I found this story to be an interesting way to introduce the topic of the Securities and Exchange Commission’s (SEC’s) damage remedies. While some are obvious, such as the fines and penalties which are listed in the text of the Foreign Corrupt Practices Act (FCPA), another one, that being profit disgorgement must be seen through the lens of multiple legislations.

Monetary Fines

The damages that are available to the SEC differ in some significant aspects from those available to the Department of Justice (DOJ) in its enforcement of the criminal side of the FCPA. According to the FCPA Guidance, “For violations of the anti-bribery provisions, cor­porations and other business entities are subject to a civil penalty of up to $16,000 per violation. Individuals, including officers, directors, stockholders, and agents of companies, are similarly subject to a civil penalty of up to $16,000 per violation, which may not be paid by their employer or principal. For violations of the accounting provisions, SEC may obtain a civil penalty not to exceed the greater of (a) the gross amount of the pecuniary gain to the defendant as a result of the violations or (b) a specified dollar limitation. The specified dollar limitations are based on the egregious­ness of the violation, ranging from $7,500 to $150,000 for an individual and $75,000 to $725,000 for a company.”

As straightforward as these monetary amounts may seem, the totals can become very large very quickly. As noted by Russ Ryan in a guest post on the FCPA Professor’s blog, entitled “Former SEC Enforcement Official Throws The Red Challenge Flag, the SEC significantly multiplied those amounts in a default judgment context against former Siemens executives by claiming that “four alleged bribes should be triple-counted as three separate securities law violations – once as a bribe, again as a books-and-records violation, and yet again as an internal-controls violation – thus artificially multiplying four violations to create twelve.” Further, under the specific books-and-records and internal-controls allegations “the SEC was super aggressive, taking the position that these classically non-fraud violations involved “reckless disregard” of a regulatory requirement, thus allowing the SEC to demand the maximum $60,000 per violation in “second-tier” penalties rather than the $6,000 per violation in the “first-tier” penalties ordinarily associated with non-fraud violations.”

Profit Disgorgement

In addition to the above statutory fines and penalties, “SEC can obtain the equitable relief of disgorgement of ill-gotten gains and pre-judgment interest and can also obtain civil money penalties pursuant to Sections 21(d)(3) and 32(c) of the Exchange Act. SEC may also seek ancillary relief (such as an accounting from a defendant). Pursuant to Section 21(d)(5), SEC also may seek, and any federal court may grant, any other equitable relief that may be appropriate or necessary for the benefit of investors, such as enhanced remedial measures or the retention of an independent compliance consultant or monitor.” These remedies can be sought in a federal district court of through the SEC administrative process.

As explained by Marc Alain Bohn, in a blog post on the FCPA Blog entitled “What Exactly is Disgorgement?” profit “Disgorgement is an equitable remedy authorized by the Securities Exchange Act of 1934 that is used to deprive wrong-doers of their ill-gotten gains and deter violations of federal securities law. The Act gives the SEC the authority to enter an order “requiring accounting and disgorgement,” including reasonable interest, as part of administrative or cease and desist proceedings”. In another article Bohn co-authored with Sasha Kalb, entitled “Disgorgement – the Devil You Don’t Know” published in Corporate Compliance Insights (CCI), they set out how such damages are calculated. They said, “In calculating disgorgement, the SEC is required to distinguish between legally and illegally obtained profits. The first step in such calculations is to identify the causal link between the unlawful activity and the profit to be disgorged. Once this causal link is established, the SEC may assert its right to disgorge illicit profits that stem from this wrong-doing. Because calculations like these often prove difficult, courts tend to give the SEC considerable discretion in determining what constitutes an ill-gotten gain by requiring only a reasonable approximation of the profits which are causally connected to the violation.”

However if you read the FCPA quite closely you will not find any language regarding profit disgorgement as a remedy. Nevertheless a simple reading of the statute does not limit our inquiry as to this remedy. In a Note, published in the University of Michigan Journal of International Law, entitled “The Foreign Corrupt Practices Act, SEC Disgorgement of Profits and the Evolving International Bribery Regime: Weighing Proportionality, Retribution and Deterrence”, author David C. Weiss explained the development of the remedy of profit disgorgement. As noted by Bohn, profit disgorgement was always available to the SEC from the very beginning of its existence, through the enabling legislation of 1934. But as explained by Weiss, in the completely unrelated legislation entitled The Penny Stock Reform Act of 1990, profit disgorgement was “authorized by statute [as a remedy to the SEC] without a limitation to the FCPA.”

Finally, and what many compliance practitioners do not focus on for SEC enforcement of the FCPA, was the enactment of Sarbanes-Oxley Act of 2002 (SOX). Weiss said, “The most recent change to the way in which the SEC enforces the FCPA—and a critical development to consider—is SOX, which affects virtually all of the SEC’s prosecutions, including those under the FCPA. When assessing penalties, the SEC draws on SOX to provide great latitude in determining the types of penalties it enforces. While SOX did not amend the FCPA itself, it did amend both civil and criminal securities laws relating to compliance, internal controls, and penalties for violations of the Exchange Act. Since the enactment of SOX, the SEC has possessed the power to designate how a particular penalty that it assesses will be classified.” [citations omitted]

There has been criticism of the SEC using profit disgorgement as a remedy. As far back as 2010, the FCPA Professor criticized this development in his article “The Façade of FCPA Enforcement” where he found fault with the remedy of profit disgorgement for books and records violations or internal controls violations only, where there is no corresponding “enforcement action charging violations of the anti-bribery provisions.” He wrote “It is difficult to see how a disgorgement remedy premised solely on an FCPA books and records and internal controls case is not punitive. It is further difficult to see how the mis-recording of a payment (a payment that the SEC does not allege violated the FCPA’s anti-bribery provisions) can properly give rise to a disgorgement remedy.”

Bohn and Kalb said, “Over the last six years, disgorgement has served to significantly increase the financial loss that companies are exposed to in FCPA enforcement matters. In addition to the considerable civil penalties often imposed by the SEC as part of FCPA settlements, the SEC has made clear that it will not hesitate to seek recovery of large sums through disgorgement provided they are reasonably related to the alleged misconduct. Yet the methodology used by the SEC to support the amounts it seeks to disgorge has not been much discussed.  In the absence of adequate guidance as to how these sums are calculated, disgorgement poses an even greater risk in the current aggressive FCPA enforcement climate.” I would only add to their conclusion that profit disgorgement is here to stay.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 29, 2015

Welcome to COSO and the World of Internal Controls – Part I

Internal ControlsI have intentionally avoided a Top Five or Top Ten prediction list for Foreign Corrupt Practices Act (FCPA) enforcement going forward from 2014 into 2015. However there is one area of FCPA enforcement, which I think underwent a sea change in 2014 and has significant implications for the Chief Compliance Officer (CCO) and compliance practitioner in 2015 and far beyond. That change will be in the enforcement by the Securities and Exchange Commission (SEC) of the internal controls provisions of the FCPA. Last fall we saw three SEC enforcement actions, where there was no corresponding Department of Justice (DOJ) enforcement action yet there was a SEC enforcement action around either the lack or failure of internal controls. Those enforcement actions were Smith & Wesson, Layne Christensen and Bio-Rad.

Coupled with this new found robust enforcement strategy by the SEC, is the implementation of the COSO 2013 Framework, which became effective in December 2014. COSO stands for Committee of Sponsoring Organizations of the Treadway Commission, which originally adopted, in 1992, a framework for basis to design and then test the effectiveness of internal controls. It was deemed necessary to update this more than 20-year old COSO Framework, as modified in 2013, so that it provides a very supportable approach when adversarial third parties challenge whether a company has effective internal controls. While the COSO Framework is designed for financial controls, I believe that the SEC will use the 2013 Framework to review a company’s internal controls around compliance. This means that you need to understand what is required under the 2013 Framework and be able to show adherence to it or justify an exception if you receive a letter from the SEC asking for evidence of your company’s compliance with the internal controls provisions of the FCPA.

Because I believe this single area of FCPA enforcement is so important and will increase so much, I am going to dedicate several posts to an exploration of internal controls, focusing on the COSO 2013 Framework. In Part I, I begin with a review of internal controls under the FCPA.

What are internal controls?

What are internal controls in a FCPA compliance program? The starting point is the law itself. The FCPA itself requires the following:

Section 13(b)(2)(B) of the Exchange Act (15 U.S.C. § 78m(b)(2)(B)), commonly called the “internal controls” provision, requires issuers to:

devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—

(i) transactions are executed in accordance with management’s general or specific authorization;

(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and

(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any

differences ….

The DOJ and SEC, in their jointly released FCPA Guidance, stated, “Internal controls over financial reporting are the processes used by companies to provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organization regarding integrity and ethics; risk assessments; control activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring.” Moreover, “the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.”

Aaron Murphy, a partner at Foley and Lardner in San Francisco and the author the most excellent resource entitled “Foreign Corrupt Practices Act”, has said, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Well-know internal controls expert Henry Mixon has said that internal controls are systematic measures such as reviews, checks and balances, methods and procedures instituted by an organization that performs several different functions. These functions include allowing a company to conduct its business in an orderly and efficient manner; to safeguard its assets and resources, to detect and deter errors, fraud, and theft; to assist an organization ensuring the accuracy and completeness of its accounting data; to enable a business to produce reliable and timely financial and management information; and to help an entity to ensure there is adherence to its policies and plans by its employees, applicable third parties and others. Mixon adds that internal controls are entity wide; that is, they are not just limited to the accountants and auditors. Mixon also notes that for compliance purposes, controls are those measures specifically to provide reasonable assurance any assets or resources of a company cannot be used to pay a bribe. This definition includes diversion of company assets, such as by unauthorized sales discounts or receivables write-offs as well as the distribution of assets.

The FCPA Guidance goes further to specify that internal controls are a “critical component” of a best practices anti-corruption compliance program. This is because the design of an entity’s “internal controls must take into account the operational realities and risks attendant to the company’s business, such as the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption. A company’s compliance program should be tailored to these differences.” After a company analyzes its own risk, through a risk assessment, it should design its most robust internal controls around its highest risk.

COSO and Internal Controls

Larry Rittenberg, in his book COSO Internal Control-Integrated Framework said that the original COSO framework from 1992 has stood the test of time “because it was built as conceptual framework that could accommodate changes in (a) the environment, (b) globalization, (c) organizational relationship and dependencies, and (d) information processing and analysis.” Moreover, the updated 2013 Framework was based upon four general principles which including the following: (1) the updated Framework should be conceptual which allows for updating as internal controls (and compliance programs) evolve; (2) internal controls are a process which is designed to help businesses achieve their business goals; (3) internal controls applies to more than simply accounting controls, it applies to compliance controls and operational controls; and (4) while it all starts with Tone at the Top, “the responsibility for the implementation of effective internal controls resides with everyone in the organization.” For the compliance practitioner, this final statement is of significant importance because it directly speaks to the need for the compliance practitioner to be involved in the design and implementation of internal controls for compliance and not to simply rely upon a company’s accounting, finance or internal audit function to do so.

So why will all of the above be a sea change for FCPA enforcement since after all, the requirement for internal controls has been around since 1977. The Smith & Wesson case shows the reason. In its Administrative Order, the SEC stated, “Smith & Wesson failed to devise and maintain sufficient internal controls with respect to its international sales operations. While the company had a basic corporate policy prohibiting the payment of bribes, it failed to implement a reasonable system of controls to effectuate that policy.” Additionally, the company did not “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed in accordance with management’s general or specific authorization; transactions are recorded as necessary to maintain accountability for assets, and that access to assets is permitted only in accordance with management’s general or specific authorization.” All of this was laid out in the face of no evidence of the payment of bribes by Smith & Wesson to obtain or retain business. This means it was as close to strict liability as it can be without using those words. Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit, was quoted in a SEC Press Release on the matter that “This is a wake-up call for small and medium-size businesses that want to enter into high-risk markets and expand their international sales.” When a company makes the strategic decision to sell its products overseas, it must ensure that the right internal controls are in place and operating.”

In Part II we will begin our exploration of the COSO 2013 Framework and what it requires in the way of internal controls for your FCPA compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 6, 2015

Byzantium and the Alstom FCPA Settlement – Part III

ByzantiumPorphyry is a type of stone that was much favored in the Roman world. In a review of several books in the New York Review of Books, entitled “The Purple Stone of Emperors”, Peter Brown looked into the history of the lithic in the context of Byzantium as the true heir of the Roman Empire. He theorized that if “porphyry was the blood of ancient empire, then it must be to Constantinople that we should look (and not to Western Europe) if we wish to understand the heritage of Rome in the Middle Ages.” I found that an appropriate way to think about an apparent anomaly in the recent Alstom Foreign Corrupt Practices Act (FCPA) enforcement action. In Part III of my series on the Alstom natter I consider the accounting records violations that the French parent, Alstom SA, agreed to in this enforcement action.

The FCPA Professor noted in his second blog post on this matter, entitled “Issues to Consider from the Alstom Action”, “The charges against Alstom S.A. are a real head-scratcher. The conventional wisdom for why the Alstom action involved only a DOJ (and not SEC) component is that Alstom ceased being an issuer in 2004 (in other words 10 years prior to the enforcement action). Yet, the actual criminal charges Alstom pleaded guilty to – violations of the FCPA’s books and records and internal controls provisions – were based on Alstom’s status as an issuer (as only issuers are subject to these substantive provisions). In other words, Alstom pleaded guilty to substantive legal provisions in 2014 that last applied to the company in 2004.”

The Professor had also raised this issue in his first blog post on the resolution, entitled “All About the Alstom Enforcement Action”. After considering his thoughts on this issue, I decided to look into it a bit more deeply. Alstom SA was charged with several different FCPA violations including the following, 15 U.S.C. 78m(b)(2)(A), 15 USC §78m(b)(2)(B) and 78m(b)(5) which read in whole,

15 U.S.C. § 78m [Section 13 of the Securities Exchange Act of 1934] 

(b) Form of report; books, records, and internal accounting; directives

(2) Every issuer which has a class of securities registered pursuant to section 78l of this title and every issuer which is required to file reports pursuant to section 78o(d) of this title shall—

(A) make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer;

(B) devise and maintain a system of internal accounting controls sufficient

to provide reasonable assurances that—

(5) No person shall knowingly circumvent or knowingly fail to imple­ment a system of internal accounting controls or knowingly falsify any book, record, or account described in paragraph (2).

These provisions are generally referred to as the ‘accounting provisions’ of the FCPA. As stated in the FCPA Guidance, “In addition to the anti-bribery provisions, the FCPA contains accounting provisions applicable to public companies. The FCPA’s accounting provisions operate in tandem with the anti-bribery provisions and prohibit off-the-books accounting. Company management and investors rely on a company’s financial statements and internal accounting controls to ensure transparency in the financial health of the business, the risks undertaken, and the transactions between the company and its customers and business partners. The accounting provisions are designed to “strengthen the accuracy of the corporate books and records and the reliability of the audit process which constitute the foundations of our system of corporate disclosure.””

Moreover, these accounting provisions, including both the books and records and internal control provisions, are defined to apply to “issuers”. As set out in the FCPA Guidance, “The FCPA’s accounting provisions apply to every issuer that has a class of securities registered pursuant to Section 12 of the Exchange Act or that is required to file annual or other periodic reports pursuant to Section 15(d) of the Exchange Act.244 These provisions apply to any issuer whose securities trade on a national securities exchange in the United States, including foreign issuers with exchange traded American Depository Receipts. They also apply to companies whose stock trades in the over-the-counter market in the United States and which file periodic reports with the Commission, such as annual and quarterly reports. Unlike the FCPA’s anti-bribery provisions, the accounting provisions do not apply to private companies.”

Charging Box Score

Alstom Entity Charges Time of Criminal Conduct Issuer Status
Alstom SA 15 USC §78m(b)(2)(A)15 USC §78m(b)(2)(B)15 USC §78m(b)(5)

15 USC §78ff(a)

18 USC §2

1998-2004 Issuer until 2004
Alstom Power Inc. 18 USC §371-conspiracy to violate the FCPA 2002-2009 Subsidiary of Issuer until 2004
Alstom Grid Inc. 18 USC §371-conspiracy to violate the FCPA 2000-2010 Subsidiary of Issuer until 2004
Alstom Network Schweiz AG 18 USC §371-conspiracy to violate the FCPA 2000-2011 Subsidiary of Issuer until 2004

While I agree with the above, I do disagree with the Professor’s final statement that “This free-for-all, anything goes, as long as the enforcement agencies collect the money nature of FCPA enforcement undermines the legitimacy and credibility of FCPA enforcement.” The reason I disagree is that this was a negotiated settlement, not a dictat or court proceeding. With no doubt excellent FCPA defense counsel involved, Alstom must have had its own reasons for agreeing to such a settlement. Without any further comment by the company, we will have to speculate as to some of the reasons for this component of the resolution.

First and foremost is that clearly Alstom did engage in conduct which substantially violated the FCPA. It would further appear that the conduct reached right up into the corporate home offices in France. By agreeing to the books and records and internal control violations, Alstom may have avoided any direct admission of guilt under French law, which we now know from the Total FCPA enforcement action is significant for a French company, because what is illegal bribery and corruption under US law is not necessarily illegal under French law.

Other than the anomalous French law issue, there may be another important consideration going on here. Alstom is under acquisition by General Electric (GE). Not only does GE pride itself and very publicly inform about its anti-corruption compliance program, GE has a large number of contracts with the US and other governments which might looks askance at doing business with a business unit that admitted to substantive FCPA violations of bribery and corruption. While I do not think that GE would be in danger of being debarred, it might well be that certain governments might not want to do business with a new subsidiary which made such a court admission. I find this to be more than simply a distinction without a difference. Consider the trouble that Hewlett-Packard (HP) is in north of the border in Canada regarding potential debarment by the Canadian government for its FCPA violations as set forth in its FCPA resolution of last April. So perhaps from Alstom’s perspective, the company believed it received benefits from settling based upon accounting violations.

But whatever the reason, it is clear that Alstom did engage in substantive FCPA violations. It’s settlement is that, a settlement of outstanding issues, which the company was a willing participant. It may not have been what the company wanted but I do not find that by charging Alstom for books and records and internal controls violations for the time frame it was clearly liable in any way demeans, degrades or lessens FCPA enforcement going forward. But just as we need to look to Byzantium to determine the heritage of Rome through the Middle Ages, by looking at the facts and circumstances around Alstom’s FCPA from the Alstom perspective and what it hoped to obtain in the settlement, we might be able to glean some insights.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 2, 2015

The Alstom FCPA Enforcement Action – Part I

Welles at 100As the first blog post of 2015, I thought it appropriate to highlight two outstanding confluences. The first is that this year is the centenary of the birth of Orson Welles. While not occurring in 2015, near the end of 2014 we had the settlement of the long-standing Alstom Foreign Corrupt Practices Act (FCPA) enforcement action announced. Both are worthy on note this second day of our mid-decade mark. First Welles. Many consider him one of the most talented directors ever to come through the American film industry. Almost any cinema-goer will recognize the names of Citizen Kane and The Magnificent Ambersons as two of greatest films of all-time. But I found The Lady from Shanghai, Macbeth and most particularly Touch of Evil all to be excellent films for their respective genres. And do not forget his acting; not only in the aforementioned Citizen Kane and Touch of Evil but also as Harry Lime in The Third Man. Welles could also be a philosopher. Kristin M. Jones, writing in the Wall Street Journal (WSJ), in an article entitled “Welles at 100”, quoted him for the following, “Art is the lie that makes us realize the truth.” She ended her piece with the observations that “Searching for the truth beyond Welles’s beautiful lies is still a journey worth taking.”

All of which brings us to Alstom and the resolution of its FCPA enforcement action. Over the next couple of posts, I will be looking the enforcement action for it is certainly ‘a journey worth taking’ to try and glean nuggets for the compliance practitioner. Today I will review the amounts of money involved and some of the larger concepts that I see at play in this matter. Next I will review the specifics of the Deferred Prosecution Agreements (DPAs) and see what lessons we may draw from them. Beyond that, we will have to see where the journey takes us.

First, and foremost, is how did Alstom find itself in the position that it now occupies as Number 2 on the all-time hit parade of FCPA enforcement actions? Particularly, as noted by the FCPA Professor in his post, entitled “All About the Alstom Enforcement Action”, that “Alstom employed approximately 110,000 employees in over 70 countries. The information contains specific allegations as to 9 individuals associated with Alstom and 9 consultants associated with Alstom.”

Usually when someone comes in at Number 2, the ranking comes with some ignominy. Though for Alstom it is not because they did not win but because they now have the second highest total FCPA monetary fine in the history of the world at a stunning $772,290,000. I say total because the current Number 1, Siemens, is at $800MM and included both a Department of Justice (DOJ) component of $450MM and Securities and Exchange Commission (SEC) component of $350MM. However with the Alstom fine, the entire amount was paid to DOJ as a fine and no monies were paid to the SEC because at the time of the resolution, Alstom was not an ‘issuer’ under the FCPA and the SEC had no jurisdiction. This makes Alstom the largest criminal FCPA fine of all-time. One interesting note is that two other French companies, Total SA and Technip SA, join Alstom on the all-time Top 10 list. Somewhere I am sure Mr. French is shaking his very well coiffured head in shame in the great TV Land in the sky.

I would say the amounts paid out and benefits received by Alstom were stunning but it might do a disservice to the word stunning. So below I have laid out information below.

Alstom Bribery Box Score

Country Bribe Amount Paid Benefit Received
Indonesia (not listed) $378MM
Saudi Arabia $51.2MM $3bn
Egypt ‘Millions and millions’ $175MM
Bahamas $1MM (not listed)
Taiwan (not listed) $15MM
Total $75MM $4bn in contracts with $296MM in profits

The FCPA Professor also noted, “at its core, the Alstom enforcement action involved inadequate controls concerning the engagement, monitoring and supervision of the consultants.” However it is most difficult to believe that Alstom suffered from a corporate culture which was at best make your numbers or at worst something much more nefarious. The amounts paid were simply so large and the bribery schemes so pervasive that there had to be much more than simply 9 persons lying, cheating and stealing all while merrily skipping home to Grandmother’s house in the woods. Indeed, as noted by WSJ reporters Joel Schechtman and Brent Kendall, in their article entitled “Alstom to Pay $772 Million to Settle Bribery Charges”, “The record criminal bribery penalty comes after more than six years of investigations into Alstom from law enforcement in 10 countries. The company and its subsidiaries’ schemes lasted for more than a decade, into at least 2011”.

Also of note is that the Alstom enforcement action was the first in 2014 where the fine was not at either the low range or even lower than calculations the Sentencing Guidelines would have suggested. The range for the fine was calculated to be between $592MM and $1.184bn. This range was a direct result of the failure of Alstom to take the investigation seriously, to cooperate with the DOJ or to even put anything like a positive step forward in the way of remedial actions during a large part of the investigative process. The DOJ Press Release quoted Assistant Attorney General Leslie R. Caldwell that “This case is emblematic of how the Department of Justice will investigate and prosecute FCPA cases – and other corporate crimes. We encourage companies to maintain robust compliance programs, to voluntarily disclose and eradicate misconduct when it is detected, and to cooperate in the government’s investigation. But we will not wait for companies to act responsibly. With cooperation or without it, the department will identify criminal activity at corporations and investigate the conduct ourselves, using all of our resources, employing every law enforcement tool, and considering all possible actions, including charges against both corporations and individuals.”

Finally, from a big picture perspective was the international scope of the investigation. In the DOJ Press Release, FBI Executive Assistant Director Robert Anderson Jr. said that “This investigation spanned years and crossed continents, as agents from the FBI Washington and New Haven field offices conducted interviews and collected evidence in every corner of the globe.” Further, the DOJ acknowledged significant cooperation from “the law enforcement colleagues in Indonesia at the Komisi Pemberantasan Korupsi (Corruption Eradication Commission), the Office of the Attorney General in Switzerland, the Serious Fraud Office in the United Kingdom, as well as authorities in Germany, Italy, Singapore, Saudi Arabia, Cyprus and Taiwan.” Truly worldwide in scope.

Next, I will look at some of the specifics in the various Alstom DPAs to determine where best practices compliance program may be headed.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

December 30, 2014

The Avon FCPA Settlement, Part II

Bad ConductI am back from my holiday break and am looking forward to many good ideas for blogs in the coming year. However before we get to 2015, I have to finish out some matters from 2014. Today I continue my look at the Avon Foreign Corrupt Practices Act (FCPA) enforcement action, which was announced earlier this month. In today’s post I will look at the bribery scheme and cover-up that Avon employed. Tomorrow I will conclude with some final lessons to be gleaned from the Avon enforcement action for both the compliance practitioner and greater corporate world. Avon Products (China) Co. Ltd. is referred to as ‘Avon China’ and Avon Products, Inc. (the US parent) is referred to as ‘Avon’.

With a sustained plan that one can only say was well thought out, Avon set out to conquer the Chinese market for door-to-door sales. To do so, Avon had to navigate a bureaucratic maze. This maze began with a Test License obtained in 2005 and later a national direct selling license together with approvals from each province and municipality where the company wanted to sell its products. To obtain the required licenses, the company set a bribery scheme which worked at all levels of the company’s China subsidiary, Avon China, and reached back to the home office in the US, Avon Products. Both of these entities were the subject of the FCPA enforcement action concluded earlier this month. The bribery scheme itself paid out over $8MM in bribes before it was concluded.

To facilitate this process Avon China set up a business unit entitled the Corporate Affairs Group and later a more focused sub-group as part of the scheme called the Direct Selling Special Task Force. These two groups led the company’s efforts to bribe its way into the China market. They did so through a variety of means, as set out in the settlement documents. Unless cited otherwise, the quotes below are from the Avon China Criminal Information.

Gifts

Avon was fond of giving very high priced gifts to various Chinese government officials. Inevitably, Avon China employees would falsely describe the gift itself in the company’s books and record. To add to this deception, Avon China would omit from the books and records not only who the gift was provided to but also the purpose of the gift. This part of the bribery scheme allowed the gifts of Louis Vuitton products to be described as a “public relations expense” and “Public Relations Business Entertainment”; while the gift of a Gucci bag was described as “business entertainment”.

Meals and Entertainment

This part of the bribery scheme was a clear favorite of Avon China. The aforementioned Direct Selling Special Task Force was ubiquitous in the meals and entertainment arena where its members simply used the term “relations” to refer to “things of value provided to government officials or goodwill that had been obtained by giving such things, including non-business meals and entertainment.” Specifically noted in this part of the bribery scheme were payments of approximately $8,100 described as “sales-business entertainment” provided to a government official so he would approve a product that did not meet Chinese government standards. Other false excuses provided were describing such payments as “business entertainment” and “employee ‘accommodation’ expenses”.

Non-Business Travel

Avon China doled out a huge amount of bribes through the mechanism of phony travel for alleged business purposes. Avon China would claim they were bringing various Chinese government officials (also Wives, Girlfriends and other family members) to locations for business-related travel but in reality the trips were mostly sight-seeing excursions, gambling junkets, a beach vacation and other entertainment which had nothing to do with business purposes. So a trip alleged to be a “site visit/study visit” to the corporate headquarters in New York City and the company’s research and development (R&D) facility in upstate New York became a $90,000, 18-day travel extravaganza to “Vancouver, Montreal, Ottawa, Toronto, Philadelphia, Seattle, Las Vegas, Los Angeles and Washington DC.” (Oh, and one half-day at the company’s upstate New York R&D facility.) Other favorite venues for Chinese government officials and their families were the gambling mecca of Macau, Hong Kong, Hainan Island, Guangzhou, Shenzhen and Sanya. Needless to say, none of these locations had any Avon corporate offices, manufacturing or R&D facilities.

Cash

Always a favorite of bribers everywhere, Avon did not neglect to lay out large amounts of cash. Avon China used a variety of orchestrations to hide these payments including simply stealing it from a (apparently) huge petty cash fund, directing Avon China employees to charge for non-existent expenses and keep the reimbursements from corporate, lying in the books and records by calling such bribe payments as “management expenses-government relations expenses” and even submitting “a handwritten certificate, purportedly from a Chinese government agency, falsely stating that the official would give the funds to the government bureau.”

Payment Through Third Parties

Using an entity identified as “Consulting Company A”, Avon China paid a large number of bribes throughout the period in question. Initially it should be noted that this entity raised numerous red flags that were never investigated or cleared. These began with the fact that it was a Chinese government official who recommended the retention of Consulting Company A to perform ‘lobbying’ services for Avon China. Thereafter the company performed no background investigation into the ownership structure of the company, did not include any compliance terms and conditions in the contract, did not even communicate to this third party of Avon’s Code of Conduct prohibition against bribery of government officials. Beyond these issues, in large part Consulting Company A never performed any legitimate services for Avon China. What Consulting Company A did provide to Avon China was a way to funnel bribe payments to Chinese government officials.

Corporate Connivance in Scheme (AKA The Cover-Up)

While all of the above was bad, one thing which catapulted the Avon FCPA bribery scandal into the realm of seriously bad was the company’s discovery of the bribery scheme and resulting cover-up. According to the Criminal Information for Avon Products, in 2005 a senior auditor in Avon’s internal audit group, “reported to Avon’s Compliance Committee, which was comprised of several senior Avon executives, that Avon China executives and employees were not maintaining proper records of entertainment for government officials” and that an Avon China executive had explained the practice “was intentional because information regarding that entertainment was ‘quite sensitive.’” This led to a Draft Audit Report, reviewed at the highest levels of Avon China and Avon in the US, which concluded that Avon China’s Corporate Affairs Group’s expenses included: “(1) high value gifts and meals that were offered to Chinese government officials; (2) the majority of expenses relating to gifts, meals, sponsorship and travel of substantial monetary value was to maintain relationships with government officials; (3) a third party was paid large amounts of money to interact with Chinese government officials but was not contractually required to follow the FCPA, was not monitored by Avon China, and was paid for vague and unknown services; and (4) the payments, and the lack of accurate, detailed records may violate the FCPA or other anti-corruption laws.”

So what was the company’s response to this information? The internal auditors who prepared the report were required to remove the above language and whitewash the report. Evidence of reviewed misconduct was reduced to two hand-written pages, which were then taken out of China and hand-carried to Avon’s corporate headquarters. All copies of the Draft Audit Report were ordered to be retrieved and destroyed. Finally, as noted in the Criminal Information of Avon China, in January 2007, an Avon executive reported to the Avon Compliance Committee “that the matter reported in 2005 regarding the potential FCPA violations by AVON CHINA executives and employees had been closed as “unsubstantiated” which terminated Avon’s investigation into AVON CHINA’s corrupt conduct.”

Tomorrow we take a look at some of the key lessons to be learned from Avon FCPA enforcement action.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014The v

December 22, 2014

Alstom Joins Santa’s Naughty List – In a Very Big Way

Naughty ListThe North Pole for Foreign Corrupt Practices Act (FCPA) enforcement action announcements seems to have temporarily moved south for the month of December. Last week there was the final announcement of the long-standing Avon FCPA enforcement action. On December 22, 2014, the Department of Justice (DOJ) announced settlement of the Alstom enforcement action. Certainly the DOJ is giving out presents to companies that have been very, very naughty. I am currently exploring the Avon enforcement action over several days of blog posts but I had to interrupt those posts to write something about the Alstom resolution for it was extremely significant gift for the Chief Compliance Officer (CCO), compliance practitioner and companies going forward.

The Fine

First and foremost was the fine amount. At $772MM it is the highest criminal fine for FCPA violations in the history of the world. Siemens’ prior of a reported $800MM was a combination of DOJ and Securities and Exchange Commission (SEC) fines and penalties. Alstom was not subject to the jurisdiction of the SEC so there was no component of this amount for either civil books and records or internal controls violations. But for those few remaining dunderheads out there who think their private company status insulates them from FCPA liability; wake up and smell the mistletoe, as the DOJ will be looking for you to smack a big one on. The fine brings the 2014 fine totals up to around $1.5bn, which comes a close second to the record-setting year of 2010, where the total amount of fines was $1.8bn.

Disclosure, Cooperation and Conduct

While I am in the middle of lambasting Avon for its conduct that led to its FCPA violations, one really has to step aside and give some credit to Alstom for some of the worst actions a company can engage in when dealing with bribery and corruption. If there was anyone on the naughty list, it certainly was Alstom. First is the company’s failure to self-disclose its obvious criminal conduct. The second was the clear foot-dragging in dealing the DOJ, during the pendency of the investigation. Finally, to complete this triumvirate of idiocy was the company’s refusal to timely engage in remediation. Dick Cassin, writing in the FCPA Blog, pointed out that Alstom’s conduct included the following:

  • Alstom’s refusal to fully cooperate with the department’s investigation for several years
  • The breadth of the companies’ misconduct, which spanned many years, occurred in countries around the globe and in several business lines, and involved sophisticated schemes to bribe high-level government officials
  • Alstom’s lack of an effective compliance and ethics program at the time of the conduct, and
  • Alstom’s prior criminal misconduct, including conduct that led to resolutions with various other governments and the World Bank.

Individual Prosecutions

Alstom’s conduct was so bad during the investigation that the DOJ obtained indictments against four company executives during the pendency of the investigation. Three of these executives have pled guilty and are awaiting sentencing. Cassin wrote, “Alstom began cooperating only after the DOJ publicly charged several Alstom executives, the government said.” The UK Serious Fraud Office (SFO) has also brought charges against individuals.

Post Acquisition FCPA Liability

I promised a Christmas present for companies out there and neither Santa nor I want to disappoint those not on the naughty list, for the Alstom enforcement action makes clear that the company which is acquiring them, GE, is not responsible for the fine going forward. This enforcement action reinforces the message the DOJ presented in Opinion Release 14-02; that a company which engages in pre-acquisition due diligence, discloses and then remediates the issues after they acquire the entity, can rest easier about purchasing a FCPA violation. For if GE can purchase a company with the clear attitude about doing business in compliance with anti-corruption laws, such as Alstom, with confidence that it will not be subject to a FCPA enforcement action, it means that any other company can do so as well.

Cassin reported, “Alstom SA pleaded guilty to a two-count criminal information in federal court in Connecticut. The DOJ charged the company with violating the Foreign Corrupt Practices Act by falsifying its books and records and failing to implement adequate internal controls. Alstom admitted its criminal conduct…In addition, Alstom Network Schweiz AG, a Swiss subsidiary, pleaded guilty to a criminal information charging it with conspiracy to violate the antibribery provisions of the FCPA.” Finally, “Two U.S. subsidiaries — Alstom Power Inc. and Alstom Grid Inc. — both entered into deferred prosecution agreement with the DOJ. They admitted that they conspired to violate the antibribery provisions of the FCPA.” The settlement documents have not been released as yet but hopefully they will be by the time of the final sentencing hearing before US District Judge Janet B. Arterton in June 2015.

The significance of this enforcement action will reverberate for a long time to come.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 8, 2014

DPAs and NPAs – Powerful Tools in the Fight Against Corruption

ToolAs readers of this blog know the FCPA Professor and I usually look at the same Foreign Corrupt Practices Act (FCPA) enforcement action, item or remark and see different things. Sometimes we even hear the same thing and come away with different interpretations. Last week, we experienced yet another instance of the former where we both looked at the same article, that being one in Global Investigations Review entitled “Caldwell: settlement a “more powerful tool” than convictions” by Rahul Rose, yet came away with different interpretations. After some to-ing and fro-ing, we decided that we would both post our interpretations on the same day. So with a nod to Dan Fogelberg and Tim Weisberg, today we have the first twin posts from different bloggers dual- blog posts. Since we agreed to write our respective posts without seeing the other’s post and hence could not comment on each other’s post, I urge that after you finish reading my blog today, you click on over to the FCPA Professor’s site and see what his thoughts on Caldwell’s remarks might be.

The specific remarks we want to focus on were apparently made by during the Q&A session of Assistant Attorney General Leslie R. Caldwell who spoke at the Launch of the Organization for Economic Co-operation and Development Foreign Bribery Report, note these remarks were not found in the printed remarks of the speech on the Department of Justice (DOJ) website. In her Q&A, Rose reported the following, “Caldwell told the audience in Paris: “Companies cannot be sent to jail, so all a court can do is say you will pay ‘x’. We can say: ‘you will also have a monitor and will do all sorts of other things for the next five years, and if you don’t do them for the next five years then you can still be prosecuted’.” [And for the money shot] “In the United States system at least it is a more powerful tool than actually going to trial,” she said.”

It turns out that I have been thinking along these lines as well. The debate over the usefulness of Deferred Prosecution Agreement (DPAs) and Non-Prosecution Agreements (NPAs) has been long attended. Yet there are a couple of key reasons that DPAs and NPAs are such powerful tools in the fight against anti-corruption and anti-bribery which I do not believe have been fully articulated or explored. The first is that by settling, the DOJ (and Securities and Exchange Commission [SEC]) will have the ability to monitor the company going forward. This process began under the practice of formally appointing a corporate monitor nominated by the company in the throes of the enforcement action and who would be agreed to by the DOJ. This practice is generally referred to as a company having mandatory monitor.

While this specific practice received a fair amount of criticism from a variety of sources, the basic concept was sound. That concept was that a neutral third party would review a company’s compliance with the terms and conditions of a DPA or NPA and report to the DOJ at intervals generally no shorter than annually. This would give the DOJ eyes and ears into a company to oversee its adherence to the terms of the settlement. But what information did Caldwell convey in her statement as to why she thinks settlements are such a powerful tool? I read three pieces of information her statement about why FCPA settlements are such powerful tools.

‘Do All Sorts of Other Things’

Under this prong a settling defendant is required to do “all sorts of other things.” We know from the DPAs and NPAs relating to FCPA enforcement over the past several years, the minimum that a company will be required to institute is a best practices anti-corruption compliance program. While the FCPA Guidance specifies ten hallmarks of an effective compliance program, the DPAs and NPAs have had between 9 to 16 items listed in the best practices anti-corruption compliance programs that settling companies’ have agreed to institute. If the DOJ went to trial and secured a conviction the company would not have to put such a compliance program in place but only pay a fine or some other monetary penalty. Further, by requiring such a best practices anti-corruption compliance program in such a public manner, through a publicly filed DPA or NPA, the DOJ can communicate its current thinking on what it believes constitutes such a program. This provides valuable information to the compliance practitioner going forward and I believe completely disabuses the argument that companies cannot know what their obligations might be to comply with the FCPA or that companies do not know what the DOJ expects from them in the area of a FCPA compliance regime.

‘You will also have a monitor’

David E. Matyas and Lynn Shapiro Snyder
from the law firm of Epstein Becker & Green P.C., described the duties of a corporate monitor in their article entitled, “Monitoring the Monitor? The Need for Further Guidance Governing Corporate Monitors Under Pre-Trial Diversion Agreements”. The monitor would meet with “the company’s board and employees. A monitor then develops a work plan which defines the scope, access, and power the monitor will have over the company. The monitor’s work involves frequent visits to the company (including possible on-site accommodations) and broad access to company documents and meetings. The monitor should be knowledgeable about the regulatory aspects of the company’s operations, but that is not necessarily a criterion for selection of the monitor. Indeed, a monitor can hire others to assist in his or her responsibilities at the company’s expense. The monitor files periodic reports with the U.S. Attorney’s Office and makes visits with that office as well as with the company. At the conclusion of a monitor’s term – often 24-36 months – the monitor files a final report that details the activities accomplished and whether the company complied with all the terms of the agreement.”

So the monitor provides the DOJ with continued insight into what the company is doing to satisfy its settlement obligations around the implementation of its compliance program. If the DOJ has high confidence that the company has and will continue to put significant resources and efforts into its compliance program, it may agree to a voluntary monitor, as we have seen with the Parker Drilling and Hewlett-Packard (HP) DPAs. If the DOJ does not have such confidence, it may require a monitor for the length of the DPA, such as we saw in the Total DPA, which was three years. The DOJ may also take an interim position on the mandatory or voluntary nature of the monitor by allowing a company to end a mandatory monitorship half-way through the pendency of a DPA as it did with the Weatherford DPA, which allowed the mandatory monitorship to end at the 18 month mark of a three year DPA, if certain criteria were met.

‘You can still be prosecuted’ 

This final point is not to be underestimated. Once again if a company is found guilty at trial, a fine and/or penalty will be assessed and payment is the end of it. While it still may be under enhanced scrutiny, it will not have the affirmative obligation to report any FCPA violations going forward, nor will it bear potential liability and prosecution for failure to implement the terms and conditions of the DPA or NPA. Indeed, the company will agree to be prosecuted if there is another violation or it fails to implement as agreed to.

So by using DPAs and NPAs as settlement tools, I believe that the DOJ is able to impact on an ongoing basis, for two to three years, the compliance program of a settling company. This continued oversight usually translates into greater enthusiasm by a settling company to get compliance right so that it does not have to go through the full FCPA investigation and enforcement process. Of course there will always be recalcitrant companies such as Marubeni Corporation, which do not take the agreed to compliance obligations seriously going forward. When they get into trouble as recidivists, the second penalty is usually much higher. But there is also benefit to the compliance practitioner and greater compliance community because the DOJ communicates its expectations in these DPAs and NPAs. So they also work as powerful communication tools. Finally, by requiring a third party to act as the monitor, whether voluntary or mandatory, the DOJ can get some independent insight into what a company is doing compliance-wise.

Not knowing what the Professor has said, I have not tried to anticipate his arguments or rebut them directly. Nonetheless, I have tried to articulate why I agree with Ms. Caldwell’s remarks and why I continue to find the DOJ’s use of DPAs and NPAs as settlement tools a powerful weapon in the fight against bribery and corruption. I also hope that you will find favor with this exercise that the FCPA Professor and I have engaged in because we both believe that ongoing debate over FCPA enforcement is worthwhile for the compliance practitioner and necessary for the long-term success of compliance moving forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 19, 2014

Chamber of Commerce: Corporations Form the Cornerstone of FCPA Compliance

CornerstoneRecently one of the most unlikely sources for praise of the Foreign Corrupt Practices Act (FCPA) came out to inform us all that corporations are the cornerstone of FCPA compliance and enforcement. You may be surprised to find out that it came from the US Chamber of Commerce. It did not come in the form of Congressional testimony in praise of the FCPA but in the Chamber’s Amicus Curie filing in a case currently being considered by the Texas Supreme Court. Regardless of the forum, the praise was just as strong and hopefully just as lasting.

The Texas Supreme Court recently held oral arguments in the appeal of Shell v. Writt. Unusually for a state supreme court case, it touches on the FCPA. The issue before the Court is whether Shell’s internal FCPA investigation is absolutely privileged from a defamation claim by persons named in the report as having violated the FCPA. Being as this is Texas, with a state supreme court just to the right of Attila the Hun, it is easy to determine what the outcome of the case will be, the company will win.

Procedurally, Writt, the plaintiff claiming defamation from Shell’s report of its internal investigation that it provided to the Department of Justice (DOJ), lost at the trial court on summary judgment. The trial court found that Shell had an absolute privilege because the report was turned over to a government agency investigating the matter. The court of appeals reversed this decision holding that because the internal investigation was voluntary, not mandatory, that only a conditional privilege existed and sent the matter back to the trial court for further proceedings. Shell appealed this court of appeals decision to the Texas Supreme Court.

Interestingly, the US Chamber of Commerce filed an amicus brief in the appeal to the Texas Supreme Court, supporting Shell. In its brief, the Chamber came out with full guns blazing in support of the FCPA and for full internal investigations and self-disclosure by companies. At the start of its brief, the Chamber comes out four square in support of the FCPA stating, “Since 1977, and especially over the last decade, the Foreign Corrupt Practices Act (“FCPA”) has played a very significant role in the federal regulation of multinational corporations. By punishing bribery and other illicit influence of foreign officials by U.S. companies, the statute seeks to improve the integrity of American businesses, promote market efficiency, and maintain the reputation of American democracy abroad.”

The Chamber noted the importance of the FCPA to both the US government and to US businesses. It stated, “Over the past decade, the FCPA has taken on renewed importance for both the U.S. government and American businesses.” As to the importance that the US government places on FCPA enforcement, the Chamber cited to the following, “DOJ officials have publicly stated that “enforcement of the FCPA is second only to fighting terrorism in terms of priority.”” Lastly, because of this focus, “FCPA compliance is now a main focus of concern for U.S. businesses.” Moreover, US companies are now ““light years ahead of where [they were] circa the mid-to-late 1990s,” with companies “implementing more rigorous and sophisticated compliance protocols,” including thorough internal investigations and candid self reporting.”

The Chamber did not stop there with its high praise of the FCPA and the importance of the FCPA and its enforcement for US businesses. The Chamber next turned to US businesses role in FCPA enforcement and compliance when it said, “the government has always relied upon businesses to cooperate with investigations and self-report any potential violations by corporate employees. “Federal enforcement authorities have consistently encouraged, if not as a practical matter demanded, that as to the FCPA companies voluntarily conduct internal investigations, disclose potential violations and cooperate with government investigations.” With their vast resources, individualized focus, and access to documents and witnesses, “companies are actually much better positioned to gather more information more quickly overseas than the Justice Department or the SEC.”” Perhaps channeling some of the criticisms of the recent General Motors (GM) and FIFA investigations, the Chamber recognizes that more than simply results must be shared with the DOJ when it stated, “The government requires that corporations provide not just information on violations that they are certain of, but rather any “relevant information and evidence,” as well as identification of “relevant actors inside and outside the company.””

The money line from the Chamber’s brief is the following, “Corporate cooperation, internal investigation, and self-reporting thus form the cornerstone of FCPA compliance and enforcement.” It could not be clearer from this statement the importance that a robust internal investigation protocol, coupled with self-disclosure bring to FCPA compliance. The FCPA Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken. Companies will want to consider taking “lessons learned” from any reported violations and the outcome of any resulting investigation to update their internal controls and compliance program and focus future training on such issues, as appropriate.”

Thus internal investigations coupled with self-reporting provide both companies and the US government towards the same goal; greater compliance with the FCPA because the Chamber recognizes that the FPCA plays a vital role in international business and corruption prevention and prosecution. The Chamber even cites, favorably, the Congressional logic for the enactment of the FCPA by stating, “Congress determined that such practices tarnish the image of American democracy abroad, impair confidence in American businesses, hamper the efficiency of the market, anger the citizens of otherwise friendly foreign nations, and, put simply, are “morally repugnant” and “bad business.”” Finally, the Chamber acknowledges the importance of the FCPA for both US and international investors; both in the US and for companies abroad by concluding, “The FCPA is a valuable statute that helps to reduce corruption and to reinforce public and investor confidence in the markets here and abroad.”

This brief lays out one of the strongest articulations of the power of the FCPA. I did not expect the Chamber to come out so forcefully in favor of what that many business types continually bemoan. The Chamber’s recognition that FCPA compliance and enforcement are cornerstones of the protection of US businesses; US business interests and investor confidence across the globe is a welcome addition to the FCPA dialogue.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 13, 2014

Atlanta Burns – the Bio-Rad FCPA Enforcement Action – Part III

Atlanta BurningOn this date in 1864, the Union Army phase of the destruction of Atlanta began. While most Southerners credit Union General William T. Sherman with the burning of Atlanta, it was, in reality, Confederate General John Bell Hood who ordered the burning of the armament works that started the destruction. Sherman merely finished it. But whoever started or finished it, the result was horrific for the city. By one estimate, nearly 40 percent of the city was ruined, leaving, as one commentator noted, “little but a smoking shell.” Unfortunately for the Confederacy, this is not the last we will hear about either General Sherman or General Hood.

The Bio-Rad Laboratories Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action has provided a wealth of information and lessons to be learned by the compliance practitioner. In Parts I and II I reviewed the facts of the Bio-Rad enforcement action and the specified remedial steps that the company has agreed to take. Today, I want to mine the Deferred Prosecution Agreement (DPA), the company received from the Department of Justice (DOJ) and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order) and detail the specific internal controls that I think might have helped the company. (I will really try not to get carried away and have a Bio-Rad, Part IV but there is tons of great stuff in this one so there is no telling as I begin to write this post where I might end up.)

For many managers the default mode is to stay within silos and, as noted by Andrew Hill in his article in the Financial Times (FT) entitled “The default mode for managers needs a reset”, that such persons are “suspicious of ideas that are “not invented here.” This may lead them to becoming “detached from the purpose, and even values, of the company.” This can be particularly true of changes required by an anti-corruption compliance program which many business development types fear will change the status quo in a manner, which “puts at risk predictable, comfortable routines.”

Even with the three different bribery schemes used by Bio-Rad in three different countries, some general statements can be made. Obviously the use of a third party representative in Russia was fraudulent. However a robust system of internal controls might not have only detected such conduct but also prevented it if the Emerging Markets Regional Manager and/or any of the team under him knew that they would be checked by a second set of eyes on what they were doing.

I will focus on four areas of internal controls that were sorely missing from the company during its bribery scheme heyday:

  • Delegation of Authority (DOA)
  • Maintenance of the vendor master file
  • Contracts with agents
  • Movement of cash / currency.

Delegation of Authority 

Your DOA should reflect the impact of FCPA risk (transactions and geographic locations) to result in higher levels of approval for matters involving agents and for funds transfers and invoice payments to countries outside the US. If properly prepared and enforced, the DOA can be a powerful preventive tool for FCPA compliance, unfortunately this is not often the case as very often the DOA is prepared without much thought given to FCPA risks.

Properly utilized in a FCPA risk based process, the DOA takes into account the increased risk posed by certain types of transactions and by certain geographic locations. The DOA then provides for a higher level of scrutiny for higher risk transactions. This means that the DOA should specify who must give the final approval for engaging agents. Yet the DOA might distinguish between approval of vendor invoices for “routine” third party representatives and those from high-risk third party representatives, such as agents. Finally, the DOA should be integrated into the accounts payable processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. Identifying high-risk third party representatives can often be done within the vendor master file so payments to them are identified for appropriate approval BEFORE they are paid.

Vendor Master File

The vendor master file can be one of the most powerful PREVENTIVE control tools. This file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. Electronic controls should be in place to block payments to any vendor for which vetting has not been approved. Manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all third party representatives have been approved before their information (and the vendor approval date) are input into the vendor master. Manual controls are also needed when “one time” third party representatives are submitted, when vendor name and/or vendor payment information changes are submitted.

Contracts with Third Party Representatives 

As demonstrated with the Bio-Rad enforcement action, contracts with agents are typically not integrated into an internal control system. They are left to operate on their own. Indeed in the case of Bio-Rad it is not clear if the compliance function had visibility into this process at all. However, to provide effective control, relevant terms of those contracts should be extracted and be made available to those who process and approve vendor invoices. This would also include a review of the commission rate for sales agents and the discount rate for distributors. To accomplish this, once the third party representatives are flagged as high-risk, and before any payments are made, the invoices are pulled for review and approval in accordance with the DOA. Such review would require that nonconforming service descriptions, commission rates, etc., must be approved not only by the original approver but also by the person so delegated in the DOA. This provides the necessary PREVENTIVE control to intercept questionable amounts before they are paid.

Disbursements of funds

All situations in which funds can be sent outside the US (accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances, etc.,) should be reviewed from a FCPA risk standpoint. The goal is to identify the ways in which a country manager could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system. Controls need to be in place to prevent such activities. This would require that wire transfers outside the US have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA. Moreover, wire transfer requests going out of the US should always require dual approvals. Finally, wire transfer requests going outside the US should be required to include a description of proper business purpose and over certain level, there should be an additional review (yet another ‘second set of eyes’).

What about Hill and his default mode for managers to stay in their silos and never come out or allow change in their regions, such as was the case with the Bio-Rad Emerging Markets leadership team? This can occur in the compliance arena when the compliance function receives push back and is told the controls are too burdensome and also make operations less efficient. One of the areas available to a compliance professional is benchmarking from other company’s compliance experiences. However this can be expanded into solid presentations about why it is important to assess and mitigate FCPA risks using your corporate peers that have been the subject of a FCPA enforcement action. This is some of the best sources of information a compliance practitioner can avail his or herself of to provide good insight into why it was never expected that the company would be subject to FCPA enforcement and insight into the extreme disruption, cost, and anxiety which accompanied the enforcement actions.

Another key factor, as with all FCPA compliance initiatives, is ‘Tone at the Top’. This means that you should meet with and present the case for FCPA-focused internal controls to your company’s Executive Leadership Team (ELT), Audit Committee of the Board or other appropriate group of senior executives. The presentation should include, with examples, the importance of identifying and mitigating the FCPA and fraud risks. Some of these might include the following:

  • Illustrating the examples of how the controls can prevent bribery as well as many other types of occupational fraud;
  • Illustrating that the controls needed are all sound business controls, nothing exotic or out of the ordinary;
  • With proper control design, it may be possible to eliminate some existing detect controls in favor of more useful preventive controls or even prescriptive controls;
  • As a result of your business changes and resulting changes in assessed risks, it may be that some procedures now being performed are no longer needed and the resources can be shifted to more necessary controls; and
  • It may be possible to build in more electronic controls, which can replace existing manual controls.

As we end today’s post with Atlanta burning, Andrew Hill tearing down silos so that a company like Bio-Rad can put appropriate FPCA internal controls in place and arm the compliance practitioner with a wealth of information and lessons which can be applied to your own compliance program, all courtesy of Bio-Rad, I find that there is one more significant lesson to be taking away from this enforcement action, however I will save that for another day.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

November 12, 2014

John Doar and the Bio-Rad FCPA Enforcement Action – Part II

John DoarJohn Doar died yesterday. He was perhaps most famously known for his role as the House Judiciary Committee Chief Counsel during the investigation of and impeachment proceedings against then President Nixon. However, it was his role in the civil rights movement in the South that in large part inspired me to become a lawyer. He rode with the Freedom Riders in Alabama; walked with James Meredith so that he could register to attend the University of Mississippi, then stayed in the same dorm room with Meredith while the campus rioted; prosecuted the KKK in Mississippi after the murder of three civil rights workers in 1964; and marched for voting rights with Dr. King in Selma. My favorite John Doar story was retold in his obituary in the New York Times (NYT), where he stopped a riot in its tracks with the following ““My name is John Doar — D-O-A-R,” he shouted to the crowd. “I’m from the Justice Department, and anybody here knows what I stand for is right.” That qualified as a full-length speech from the laconic Mr. Doar. At his continued urging, the crowd slowly melted away.”” In my book, he is right up there with Atticus Finch.

In an earlier post, I reviewed the Bio-Rad Laboratories, Inc. (Bio-Rad) Foreign Corrupt Practices Act (FCPA) enforcement action from the perspective of the Non-Prosecution Agreement (NPA) the company was able to secure with the Department of Justice (DOJ). Today I want to review the bribery schemes that the company used to either internally fund the bribes or attempt to evade internal detection. Both the NPA and the Securities and Exchange Commission’s (SEC) Order Instituting Cease-and-Desist Proceedings (Order). The compliance practitioner can use these bribery schemes not only for FCPA training but also to see if any such schemes or their indicia may be present in your company.

Initially I need to discuss the corporate structure. It was apparently quite decentralized. According to the Order, “Bio-Rad’s international sales organization (“ISO”) oversees the company’s international sales operations; this includes all locations outside the United States and Canada. In 2009, the ISO consisted of four sub-divisions: (1) Western Europe; (2) Asia Pacific; (3) Japan; and (4) Emerging Markets. Each sub-division had a general manager, reporting to the vice-president of ISO. The Asia Pacific sub-division included Vietnam and Thailand. The Emerging Markets sub-division included Russia and other eastern European countries. Some countries within the sub-divisions had a country manager who reported to the ISO sub-division general manager.” Emerging markets is clearly a high-risk area for pharmaceutical companies. If your business development or sales organization has such a designation, I would suggest that you check and see if there are sufficient protections in place to at least raise any red flags, which might need further investigation.

However, it was more than the management structure of the business operations that was decentralized, the compliance function was similarly structured. The NPA stated, “BIO-RAD also decentralized its compliance program such that its international offices were responsible for ensuring adequate compliance with its business ethics policy and code of conduct.” This decentralization so defanged the company’s compliance program that it could not perform even the most basic functions of a compliance organization; no due diligence on third parties, indeed no management of third parties at all from the compliance perspective; no risk assessments were performed and, finally, the most damning was that the compliance function could not even ensure compliance with the company’s own business ethics policy.

The Russia Scheme

However the company used third party representatives to facilitate the bribery scheme. In addition to the lack of due diligence or usual steps that a compliance practitioner might put in place to manage third parties under the FCPA there were several other items of note which constitute lessons learned by the compliance practitioner. First and foremost was the commission rate paid to these third parties, that being between 15%-30%. This alone may well have been enough to demonstrate “a conscious disregard for the high probability that the Russian Agents were passing along at least a portion of their commissions to Russian government officials to obtain profitable public contracts for the sale of medical diagnostic equipment.” Further, the payments made to these agents were sent to countries outside Russia, where neither the alleged services were delivered nor where the agents were legally domiciled. Moreover, not only did these agents have no offices in Russia, they had no employees in Russia either.

Apparently there were contracts in place with these agents. The services these agents were specified to deliver included, “acquiring new business, creating and disseminating promotional materials to prospective customers, distributing and installing products and related equipment, and training customers.” But it really is hard to deliver services if you have no employees. Apparently there were times these agents did deliver something identified as “distribution services” for the commission rates between 15%-30%. However the estimated value of these services for the company was between 2%-2.5% of the total sales.

Another area of obvious concern should have been the pre-payment of commissions to these agents. Any time you pre-pay before a service is delivered (other than a retainer into a lawyer’s trust account) you can potentially run into trouble. But Bio-Rad took it a step further by making pre-payments before contracts with the ultimate buyer were negotiated. Any ideas where those pre-paid commissions might have gone? Another area was the amount of the commissions. They were just less than $200,000, which happened to be the authority level of the head of Bio-Rad’s Emerging Markets business unit. So there was no oversight or second set of eyes on these pre-payments because it was within the manager’s authority level. Finally, these pre-payments were actually forbidden under the contracts but they were made anyway.

The Vietnam Scheme 

The Vietnam Country Manager had contracting authority up to $100,000 and sales commissions up to $20,000. From 2005-2009 Bio-Rad apparently paid bribes directly to health care workers so they would purchase the company’s products. When it was pointed out to the Country Manager this was illegal, he simply moved to a distributor “at a deep discount, which the distributor would then resell to government customers at full price, and pass through a portion of it as bribes…Between 2005 and the end of 2009, the Vietnam office made improper payments of $2.2 million to agents or distributors, which was funneled to Vietnamese government officials. These bribes, recorded as “commissions,” “advertising fees,” and “training fees,” generated gross sales revenues of $23.7 million to Bio-Rad Singapore.” 

The Thailand Scheme

In Thailand, it was an almost mundane bribery scheme involved compared to Russia and Vietnam. Bio-Rad acquired an interest in a Thai Joint Venture (JV) through an acquisition where it performed “very little due diligence” on the JV. Bio-Rad acquired a minority interest in the JV and it did not communicate directly with the JV’s distributors but only through the majority owners of the JV. The bribery scheme was funded through “an inflated 13% commission, of which it retained 4%, and paid 9% to Thai government officials in exchange for profitable business contracts.” The due diligence was so poor that Bio-Rad did not know that the prime third party sales representative for the JV were the same majority owners of the JV.

Tomorrow, I will discuss some of the internal controls that a company might employ to help prevent such a compliance failure as occurred at Bio-Rad.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,155 other followers