Enforcement Actions | FCPA Compliance and Ethics Blog

August 20, 2015

BNY Mellon and Lessons Learned In Hiring Family Members – Part II

Filed under: Best Practices,BNY Mellon,Bribery and Corruption,Compliance,Compliance and Ethics,compliance programs,Doing Compliance,FCPA,SEC — tfoxlaw @ 4:37 am
Tags: best practices, compliance, compliance programs, FCPA, Foreign Corrupt Practices Act, SEC

In yesterday’s post I reviewed the Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) enforcement action involving the Bank of New York Mellon Corporation (BNY Mellon) around its hiring of sons and nephews of foreign governmental officials to obtain or retain business from certain foreign Sovereign Wealth Funds. I discussed the underlying facts and penalties assessed against BNY Mellon as laid out in the SEC Cease and Desist Order (the “Order”). Today I want to provide some guidance on what this enforcement action may mean for companies going forward when hiring the sons and daughters or close family relatives of foreign government officials.

The first thing to remember is there is nothing in the FCPA which prohibits the hiring of a son, daughter or close family member of a foreign government official. What the FCPA does make illegal is an action where a company “or any officer, director, employee, or agent acting on behalf of such issuer, in order to obtain or retain business, from corruptly giving or authorizing the giving of, anything of value to any foreign official for the purposes of influencing the official or inducing the official to act in violation of his or her lawful duties, or to secure any improper advantage, or to induce a foreign official to use his influence with a foreign governmental instrumentality to influence any act or decision of such government or instrumentality.” [citation omitted]

The actions of BNY Mellon were clearly designed to not simply curry favor with the foreign governmental officials involved but also to either grow the business or help to retain what the company already had in place with the un-named foreign Sovereign Wealth Fund. At this point most companies have a written FCPA compliance program in place; consisting of policies and procedures. Note, this does not mean that the compliance program is effective because for a compliance program to be effective, a company must actually be doing compliance. Many FCPA enforcement actions occur because an exception was granted to a policy or procedure and either the reason for granting the exception was inappropriate or there was no documentation as to why the exception was granted. In the case of BNY Mellon, it was the latter.

BNY Mellon offered high value, high prestige summer internship programs for “undergraduates as well as a separate summer program for postgraduates actively pursuing a Master of Business Administration (MBA) or similar degree. Admission to the BNY Mellon postgraduate internship program was highly competitive and characterized by stringent hiring standards.” The main purpose of these internships was to give BNY Mellon an opportunity to evaluate the interns as potential permanent hires to the company. There was a designated track for nomination to the internship program and internal company evaluation prior to offering candidates an intern position. In other words, there were policies and procedures around the process but BNY Mellon did not follow them.

Hiring Process

The first Red Flag, which BNY Mellon seemingly ignored in this entire process, was that each of the candidates were recommended to the firm by foreign governmental officials who held control of business relations between Sovereign Wealth Funds and the bank. Their requests that their close family relations be hired by BNY Mellon was contra to the banks own process of selecting candidates for its internship program from a exclusive group of universities and colleges in the US and UK. The Order noted, “Successful applicants had to achieve a minimum grade point average, and had to advance through multiple rounds of interviews in addition to having relevant prior work experience and a demonstrated affinity for and interest in financial services work.”

None of these indicia were present in the hiring of the foreign governmental official’s relatives at issue. There was no evidence the candidates met any of BNY Mellon’s own internal criteria for consideration to the internship program. Indeed, as the Order stated, “as recent graduates not enrolled in any degree program, the Interns did not meet the basic entrance standard for a BNY Mellon postgraduate internship.” Finally, to top it off, all three were hired sight unseen and “BNY Mellon decided to hire the Interns before even meeting or interviewing them.”

The Internships

But BNY Mellon’s violative conduct did not stop by simply hiring the three close family relatives for its internship program. The three persons got benefits far more than simply a regular internship program. BNY Mellon designed special “Bespoke” internship programs for the three interns. As requested by their fathers and uncle, the three interns received “customized work experiences” which “were not regular undergraduate or graduate summer internships at all, but customized one-of-a-kind training programs. The internships were valuable work experience, and the requesting officials derived significant personal value in being able to confer this benefit on their family members.”

The internships were abnormally long, lasting six months, which was twice the normal length. Additionally they were “rotational in nature, meaning that Interns A, B and C had the opportunity to work in a number of different BNY Mellon business units, enhancing the value of the work experience beyond that normally provided to BNY Mellon interns.”

The Costs

In addition to the exceptions granted in the hiring process and the internships themselves, BNY Mellon also paid out money and non-monetary benefits in a manner different to others in the internship program. The Order stated, “BNY Mellon determined, because Interns A and B had already graduated from college, that Interns A and B should be paid above the normal salary scale for BNY Mellon undergraduate interns but below the scale for postgraduate interns. Intern C was unpaid. BNY Mellon also coordinated obtaining visas for all three of the Interns so that they could travel from the Middle East to work in the countries in which they were placed. BNY Mellon paid the legal fees and filing costs related to the visas. As the BNY Mellon Asset Management employee responsible for arranging two of the three internships wrote in a contemporaneous e-mail, the internships constituted an “expensive favor” for the requesting foreign official.” Indeed the Order cited to an email from one BNY Mellon employee who wrote, “I am working on an expensive ‘favor’ for [Official X] – an internship for his son and cousin (don’t mention to him as this is not official).” Further, BNY Mellon knew the request and accommodation was unethical, if not illegal, as the same employee wrote in another email, ““[W]e have to be careful about this. This is more of a personal request . . . [Official X] doesn’t want

[the Middle Eastern Sovereign Wealth Fund] to know about it.” The same employee later directed his administrative assistant to refrain from sending email correspondence concerning Official X’s internship request “because it was a personal favor.”

Lessons Learned Going Forward

I must emphasize once again that there is nothing illegal around the hiring of a close family member of a foreign governmental official. It does however present a higher risk for indicia of bribery and corruption and violation of the FCPA. A higher FCPA risk means you need to evaluate that risk more closely and manage that risk accordingly.

The obvious starting point for any hiring of a close family member of a foreign governmental official is whether the candidate is qualified for the position. If they are not qualified it is ‘Full Stop’ at that point. In the case of BNY Mellon there was no evidence any of the candidates had the academic background, the academic credentials, leadership traits or intangible skills to meet the bank’s normal internship hiring criteria. As with any other anomaly granted in a company’s normal process, there must be a documented reason for the exception, review by appropriate authority of the exception and documentation as to why the exception was granted. None of these steps were present in the BNY Mellon matter. Put another way, if you are hiring a family member or close relative of a foreign government official for any reason other than merit, it had better be a darn good one and well-documented as to your decision-making calculus with appropriate senior management oversight.

But your risk management does not stop simply with the hiring process. If the foreign governmental official is the person who made the request for the hiring of the family member, this is a Red Flag not to be overlooked. Your analysis needs to be on the role of that foreign governmental official in awarding new business to your company or in retaining old business. If the foreign governmental official has direct or even strong indirect control over such business relation, this may present such a direct conflict of interest, this may be a risk that you cannot manage. A good rule of thumb here is whether there is full transparency in the hiring with the foreign government involved with your company. In the case of BNY Mellon, they did not want anyone in the Sovereign Wealth Fund to know BNY Mellon had hired the son or nephew. That is a clear sign transparency is lacking and someone, somewhere is engaging in unethical conduct, if not breaking the law.

Finally, if you do decide to move forward and hire the close family member, you need to assign that new hire to work not associated with the business relationship between your company and the foreign government involved. Just as in the lifecycle of third party management, managing the relationship after a contract is inked is in many ways the most critical element; the same is true in the employment relationship involving close family members of foreign government officials.

Ultimately, you need to have internal controls to ensure effective compliance going forward. You cannot have customer relationship managers making the calls on hiring which over-ride the Human Resources (HR) procedures. There must be not only HR review but also mechanisms to flag for compliance review such hires. Lastly, there needs to be sufficient senior management oversight because this is such a high-risk proposition.

I hope you have enjoyed and found this two-part series on the BNY Mellon FCPA enforcement action and the lessons learned from it useful. The SEC Order provides a clear road map to the Chief Compliance Officer (CCO), compliance practitioner, HR professional or anyone else who reads it on the steps you should take in the hiring of a close family member of a foreign government official with which you are doing business. It may take some additional effort than simply having your business unit employees make the call on who to award prestigious internships to in order to obtain or retain business but in the long run you will have a better run company for doing so. FCPA enforcement is not a game and by doing compliance will make your company a more accurtely operated entity.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Leave a Comment

August 19, 2015

BNY Mellon Settles First Sons and Daughters (and Nephews) FCPA Hiring Matter – Part I

Filed under: Best Practices,BNY Mellon,Chief Compliance Officer,Compliance,Compliance and Ethics,FCPA,SEC — tfoxlaw @ 12:01 am
Tags: BNY Mellon, compliance, compliance programs, FCPA, FCPA Blog, SEC, sons and daughters

Yesterday the Securities and Exchange Commission (SEC) announced a resolution with Bank of New York Mellon Corporation (BNY Mellon) for violations of the Foreign Corrupt Practices Act (FCPA). This was the first enforcement action around the now infamous Princesslings and Princelings investigations where US companies hired the sons and daughters of foreign government officials to curry favor and obtain or retain business.

While JPMorgan Chase has garnered the most attention around this issue, probably because of its notorious spreadsheet tracking of sons and daughters hires to develop business in China, there are multiple US companies under scrutiny for similar conduct. The FCPA Blog has reported that Credit Suisse, Goldman Sachs, Morgan Stanley, Citigroup, and UBS are all under investigation by the SEC for their hiring practices around the sons and daughters of foreign government officials. BNY Mellon has the honor of being the first company to reach resolution on this issue.

This is an important issue for many companies going forward and since this is the initial enforcement action on this issue, I am going to take a deep dive into the matter over the next couple of days. Today, I will discuss the facts of the case and tomorrow I will discuss not only the lessons to be learned from this FCPA enforcement action but also how the Chief Compliance Officer (CCO) or compliance practitioner can use those facts to graft a hiring program around the sons and daughters of foreign government officials which will not violate the FCPA.

In its Press Release, the SEC noted, “The Securities and Exchange Commission today announced that BNY Mellon has agreed to pay $14.8 million to settle charges that it violated the Foreign Corrupt Practices Act (FCPA) by providing valuable student internships to family members of foreign government officials affiliated with a Middle Eastern sovereign wealth fund.” Andrew J. Ceresney, Director of the SEC Enforcement Division, was quoted in the Press Release as stating, “The FCPA prohibits companies from improperly influencing foreign officials with ‘anything of value,’ and therefore cash payments, gifts, internships, or anything else used in corrupt attempts to win business can expose companies to an SEC enforcement action. BNY Mellon deserved significant sanction for providing valuable student internships to family members of foreign officials to influence their actions.” Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit, said, “Financial services providers face unique corruption risks when seeking to win business in international markets, and we will continue to scrutinize industries that have not been vigilant about complying with the FCPA.”

The Cease and Desist Order (Order) entered found that BNY Mellon violated the anti-bribery and internal controls provisions of the Securities Exchange Act of 1934. BNY Mellon, “Without admitting or denying the findings, the company agreed to pay $8.3 million in disgorgement, $1.5 million in prejudgment interest, and a $5 million penalty. The SEC considered the company’s remedial acts and its cooperation with the investigation when determining a settlement.”

The underlying facts and BNY Mellon’s conduct as laid out in the Order provide some clear guidance for the CCO or compliance practitioner regarding what will be a violation of the FCPA in terms of hiring sons, daughters and close family relatives going forward. It should be noted that two of the hires were sons of foreign governmental officials and one was a nephew. However, the first important lesson under this enforcement action is around the parties involved. Although not identified by country, the foreign governmental entity involved was a Middle Eastern Sovereign Wealth Fund. If there was any question as to whether foreign sovereign wealth funds were covered under the FCPA, that answer is now clear, they are covered. All corporate actions should be cloaked with this knowledge going forward.

The Order also specified how the hiring of the relatives led directly to BNY Mellon obtaining and retaining business. One foreign government official, (Official X), “made a personal and discreet request that BNY Mellon provide internships to two of his relatives: his son, Intern A, and nephew, Intern B. As a Middle Eastern Sovereign Wealth Fund department head, Official X had authority over allocations of new assets to existing managers such as the Boutique, and was viewed within BNY Mellon as a “key decision maker” at the Middle Eastern Sovereign Wealth Fund. Official X later persistently inquired of BNY Mellon employees concerning the status of his internship request, asking whether and when BNY Mellon would deliver the internships. At one point, Official X said to his primary contact at BNY Mellon that the request represented an “opportunity” for BNY Mellon, and that the official could secure internships for his family members from a competitor of BNY Mellon if it did not satisfy his personal request.”

There were clear statements by the BNY Mellon official involved that hiring this son and nephew were being done to obtain or retain business. As reported in the Order:

BNY Mellon was “not in a position to reject the request from a commercial point of view” even though it was a “personal request” from Official X. The employee stated: “by not allowing the internships to take place, we potentially jeopardize our mandate with [the Middle Eastern Sovereign Wealth Fund].”
Another employee was quoted as saying, ““I want more money for this. I expect more for this. . . . We’re doing [Official X] a favor.”
Yet another employee was quoted as saying, “I am working on an expensive ‘favor’ for [Official X] – an internship for his son and cousin (don’t mention to him as this is not official).”
Finally, to demonstrate the nefarious nature of the arrangement and lack of transparency in the entire process, this final BNY Mellon employee said, ““[W]e have to be careful about this. This is more of a personal request . . . [Official X] doesn’t want [the Middle Eastern Sovereign Wealth Fund] to know about it.” The same employee later directed his administrative assistant to refrain from sending email correspondence concerning Official X’s internship request “because it was a personal favor.”

The second foreign government official, (Official Y), “asked through a subordinate European Office employee that BNY Mellon provide an internship to the official’s son, Intern C. As a senior official at the European Office, Official Y had authority to make decisions directly impacting BNY Mellon’s business. Internal BNY Mellon documents reflected Official Y’s importance in this regard, stating that Official Y was “crucial to both retaining and gaining new business” for BNY Mellon. One or more European Office employees acting on Official Y’s behalf later inquired repeatedly about the status and details of the internship, including during discussions of the transfer of European Office assets to BNY Mellon. At the time of Official Y’s initial request, a number of recent client service issues had threatened to weaken the relationship between BNY Mellon and the European Office.”

When it came to hiring Official Y’s son there were some equally damning communications at BNY Mellon that were featured in the Order.

The BNY Mellon sovereign wealth fund relationship manager said, “that granting Official Y’s request was likely to “influence any future decisions taken within [the Middle Eastern Sovereign Wealth Fund].”
The same person also worried aloud that if BNY Mellon did not hire the son, it “might well lose market share to a competitor as a result.”
He went on to write ““Its [sic] silly things like this that help influence who ends up with more assets / retaining dominant position.”
Finally, he noted that to accede to Official Y’s request was the “only way” to increase business share.

Added to all of this was that none of the three individuals met the BNY Mellon requirements for its internship program; they met neither the academic or professional requirement to obtain an internship. BNY Mellon not only waived its own hiring requirements, it did not even go through the pretense of meeting with them or interviewing them. Finally, these three individuals were provided with “bespoke internships were rotational in nature, meaning that Interns A, B and C had the opportunity to work in a number of different BNY Mellon business units, enhancing the value of the work experience beyond that normally provided to BNY Mellon interns.”

The penalty was also interesting. As set out in the order BNY Mellon agreed to the following penalty amount: “disgorgement of $8,300,000, prejudgment interest of $1,500,000 and a civil money penalty in the amount of $5,000,000, for a total payment of $14,800,000.” The SEC noted the cooperation efforts of the bank in stating, “Respondent acknowledges that the Commission is not imposing a civil penalty in excess of $5,000,000 based upon its cooperation in a Commission investigation.” Further, BNY Mellon engaged in extensive remediation. The Order stated, “Prior to the investigation by the Commission of the Interns, BNY Mellon had begun a process of enhancing its anti-corruption compliance program including: making changes to the Anti-Corruption Policy to explicitly address the hiring of government officials’ relatives; requiring that every application for a full-time hire or an internship be routed through a centralized HR application process; enhancing its Code of Conduct to require that every year each employee certifies that he or she is not responsible for hiring through a non-centralized channel; and requiring as part of a centralized application process that each applicant indicate whether she or a close personal associate is or has recently been a government official, and, if so, additional review by BNY Mellon’s anti-corruption office is mandated.”

Tomorrow I will look at lessons learned for the CCO and compliance practitioner and how you can avoid the missteps of BNY Mellon in your hiring program going forward.

© Thomas R. Fox, 2015

Leave a Comment

August 14, 2015

The BHP Case and Enforcement of The FCPA’s Internal Controls Provision

Filed under: Accounting Records violations,Best Practices,BHP Billiton,Compliance,Compliance and Ethics,FCPA,Internal Controls,SEC — tfoxlaw @ 12:01 am

Ed. Note-today we have a guest post from Jean-Michel Ferat ,CPA, CFF is a Managing Director in the Washington D.C office of the Claro Group around his views on the BHP Billiton enforcement action.

Much has been made in the last few months of the SEC’s seemingly aggressive stance in the BHP Billiton case. Many FCPA practitioners have taken the view that the SEC likely over-reached and set a wobbly precedent in extracting a $25 million civil settlement from BHP for its alleged internal control failure relating to the identification of hospitality payments to government officials that could potentially have been subject to some quid pro quo arrangement.

This appears to be a standout case for the SEC, even when compared to the 2012 Oracle case. In Oracle, the SEC had at least the existence of an off-the-books slush fund which on its surface appeared to have been set up for nefarious purposes. In most if not all SEC enforcement actions in the last 5 years, it would appear that internal controls violations were coupled with a books and records violation: in other words shady accounting. With BHP, the SEC had a company that identified a specific corruption risk, established a control to mitigate that risk but failed to execute it adequately. No off-the-books slush fund, no fake invoices, no fictitious vendors, no circuitous payments to government officials….. In other words: no shady accounting.

Accounting Controls vs. Compliance Controls

The BHP case is important for another reason. It helps to illustrate a thorn in the side of most organizations when it comes to establishing and documenting a comprehensive control structure: the distinction between accounting controls and compliance controls. I won’t argue here whether a literal interpretation of the law should restrict our regulators and law enforcement to violations of accounting controls or whether it extends to other operational controls – e.g. compliance controls – as well. What I will argue is that the distinction between accounting controls and compliance controls is not purely semantic but one with practical implementation, enforcement and reporting differences within most organizations.

When one of thinks of accounting controls in the context of corruption risk, one thinks of controls over accounts payable, petty cash, vendor set-up, disbursements and the like. In essence, these are controls that address whether cash out the door is going to its intended recipient and whether it is properly accounted for in the company’s books and records. These types of controls over financial reporting have received persistent scrutiny under SOX 404 and are typically “owned” by a company’s finance function (e.g. accounting manager, controller, CFO). Conversely, compliance controls are ones that do not necessarily impact a company’s financial reporting process but are meant to ensure compliance with laws and regulations. In the case of the FCPA, such controls might include mandatory FCPA training for employees, audit rights in third party contracts, and due diligence surrounding third party representatives. These controls are not usually “owned” by the finance function but are typically fall to the legal department or CCO. This division of labor makes sense for most organizations but it has the often-times negative effect of creating control “silos” where neither finance nor legal has a complete picture of FCPA risk mitigation. The primary mechanism for countering this silo effect is (1) implementing an enterprise wide risk management process (2) mapping those risks to the detailed internal controls (both accounting and compliance) designed to mitigate and (3) disseminating this information to upper management across the entire organization.

The Risk Management Process and Linking Controls to Identified Risks

A company’s Enterprise Risk Management Process should be used to identify perceived risks to the organization and put in place a risk mitigation plan. In most company’s though, the mitigation plan is often kept at a very high level and rarely includes a deep dive into the detailed accounting and compliance controls currently in place or that must be implemented to adequately mitigate risk. In the case of FCPA risk, we often see companies undertaking corruption risk assessments and addressing internal controls at a very high level, but similarly, we rarely see such risk assessments taking a deep dive into the specific controls in place to manage corruption risk.

In the case of BHP, employees actively identified a new corruption risk and sought to mitigate it. Where it looks to have failed was by not integrating the newly identified risk into its overall risk management process and ensuring that the newly established control was adequate to mitigate the risk. Had BHP included the identified risk into its overall risk management process, it likely would have benefited from:

visibility of the perceived risk by various parts of the organization including Finance, Legal, Operations and members of the Risk Committee of the Board, if one existed;
A clear determination of who within the organization was responsible for mitigating the risk;
A chance for internal audit or another group within the organization to evaluate whether the established controls were sufficient and operating effectively.

Linking detailed internal controls to identified risks is a laborious task, in particular in decentralized organizations with varying types of internal controls in different geographic locations and/or business segments. The BHP case and newly established COSO guidelines would suggest however that organizations should seriously consider performing this task. FCPA scholars will wait to see whether the SEC’s position on BHP is part of an emerging pattern of internal controls enforcement or a one off anomaly. Regardless, public issuers should take heed and look to shoring up their risk management and internal control processes before the regulators come knocking.

Editors Note-a reader noted the line “Most notable in this case is the fact that the SEC did not charge BHP with either a books and records violation or an anti-bribery violation, but an internal controls violation alone,” is incorrect. BHP was charged with a Books and Records violation of the FCPA. This line has been removed.

Jean-Michel Ferat, CPA, CFF is a Managing Director in the Washington D.C office of the Claro Group and has over eighteen years of experience in the specialized fields of forensic accounting and fraud detection. He has applied his skills in a variety of cases involving financial statement fraud, high-level corruption, terrorist financing, collusive bidding rings, money laundering, embezzlement, asset misappropriation. HE has undertaken dozens of corruption investigations around the globe including a lead role in the United Nations Oil-for-Food Programme investigation. He can be reached at jmferat@theclarogroup.com.

Leave a Comment

July 29, 2015

What Would Dr. Seuss Say about an Allowance?

Filed under: Accounting Records violations,Administrative Proceedings,compliance programs,Department of Justice,FCPA,Internal Controls,Mead Johnson,SEC — tfoxlaw @ 12:01 am
Tags: accounting provisions, Books and Records, Department of Justice, FCPABlog, Foreign Corrupt Practices Act, Internal Controls

Earlier this month we had the release of a second book by Harper Lee, “Go Set a Watchman”, which was miraculously discovered having been written some 50+ years ago. This week, there was another release from a (now deceased) author from a newly discovered source. I of course refer to the release yesterday of the new Dr. Seuss book “What Pet Should I Get?”, published Random House, which informs today’s compliance lesson.

The book was discovered by Seuss’ widow, as noted in the Sunday New York Times (NYT) Book Review article, entitled “Dr. Seuss Book: Yes They Found it in a Box”, when she decided to “have the rest of his notes and sketches appraised, that they closely examined the contents of that box. They found a set of brightly colored alphabet flash cards, some rough sketches titled “The Horse Museum,” and a manila folder marked “Noble Failures,” with whimsical drawings that he had been unable to find a place for in his stories. But alongside the orphaned sketches was a more complete project labeled “The Pet Shop,” 16 black-and-white illustrations, with text that he had typed on paper and taped to the drawings. The pages were stained and yellowed, but the story was all there, in Dr. Seuss’ unmistakable rollicking rhymes.” This finding became the book, What Pet Should I Get?

Reading this discovery made me ponder about how a child would pay for the pet they wanted and of course my thoughts turned to that age-old parenting quandary – the allowance. It is always a question of great interest for both parents and children. As with many things involving parent/child relationships, my views have evolved. As a teenager, I certainly had the view that an allowance was a God-given right and the more the better. I would only note that my parents did not share those views. As the father of a teenaged daughter, my views reached the much fuller expression of spoiling my daughter as often as possible. Which one is correct? I still do not have a final answer.

I thought about the ongoing debate and dialogue over the allowance when I read the Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC) against Mead Johnson Nutrition Company (Mead Johnson). The matter was resolved via SEC Administrative proceeding that concluded with a Cease and Desist Order being agreed to by the parties. Mead Johnson agreed to pay a fine of $12.3MM which consisted of profit disgorgement of $7.7MM, prejudgment interest of $1.26MM and a civil penalty of $3MM. Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit, said in a SEC Press Release, “Mead Johnson Nutrition’s lax internal control environment enabled its subsidiary to use off-the-books slush funds to pay doctors and other health care professionals in China to recommend its baby formula and give the company marketing access to mothers.”

The enforcement action turned on violations of the accounting provisions of the FCPA. This is where the ‘allowance’ issue comes into the discussion. According to the Cease and Desist Order, “certain employees of Mead Johnson China improperly compensated HCPs, who were foreign officials under the FCPA, to recommend Mead Johnson’s infant formula to, and to improperly provide contact information for, expectant and new mothers.” One of Mead Johnson’s sales channels in China was through distributors. To facilitate this illegal conduct, funding to the distributors, called the “Distributor Allowance”, was diverted to make illegal payments. The Cease and Desist Order stated, “Although the Distributor Allowance contractually belonged to the distributors, certain members of Mead Johnson China’s workforce exercised some control over how the money was spent, and certain Mead Johnson China employees provided specific guidance to distributors concerning the use of the funds. Mead Johnson China staff also maintained certain records related to Distributor Allowance expenditure by distributors. In addition, Mead Johnson China used some of the funds to reimburse Mead Johnson China’s sales personnel for a portion of their marketing and other expenditures on behalf of Mead Johnson China.”

This tactic was clearly a violation of the company’s books and records obligations under the FCPA. By doing so, Mead Johnson was able to hide its payments to doctors and health care providers (HCPs) from not only regulators but the company’s shareholders as well. As the Cease and Desist Order noted, the company’s “records were incomplete and did not reflect that a portion of Distributor Allowance was being used contrary to Mead Johnson’s policies.” Finally, the Cease and Desist Order concluded, “Up through 2013, certain Mead Johnson China employees made payments to HCPs using funds maintained by third parties. These funds and payments from the funds were not accurately reflected on Mead Johnson China’s books and records. The books and records of Mead Johnson China were consolidated into Mead Johnson’s books and records. As a result of the misconduct of Mead Johnson China, Mead Johnson failed to make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflected its transactions as required by Section 13(b)(2)(A) of the Exchange Act.”

However Mead Johnson did not stop with books and records violations. The Distributor Allowance manipulation allowed the China business unit to “improperly compensate HCPs was contrary to management’s authorization and Mead Johnson’s internal policies. Mead Johnson failed to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that Mead Johnson China’s funding of marketing and sales expenditures through third-party distributors was done in accordance with management’s authorization.” Once again the Cease and Desist Order concluded, “Up through 2013, Mead Johnson failed to devise and maintain an adequate system of internal accounting controls to ensure that Mead Johnson China’s method of funding marketing and sales expenditures through third-party distributors was not used for unauthorized purposes, such as improperly compensating Chinese HCPs to recommend Mead Johnson’s products. As a result of such failure, the improper payments to HCPs occurred contrary to management’s authorizations, in violation of Section 13(b)(2)(B) of the Exchange Act.”

In an interesting twist Mead Johnson, based on an allegation of potential FCPA violations in China, performed an internal investigation on its China unit in 2011 and came up with no evidence. Somewhat dryly the SEC noted that the company did not make any self-disclosure around these allegations and “did not thereafter promptly disclose the existence of this allegation in response to the Commission’s inquiry into this matter.”

Yet after a second internal investigation in 2013 they turned up evidence of FCPA violations, the company “undertook significant remedial measures including: termination of senior staff at Mead Johnson China; updating and enhancing financial accounting controls; significantly revising its compliance program; enhancing Mead Johnson’s compliance division, adding positions including a second senior-level position; establishing new business conduct controls and third party due-diligence procedures and contracts; establishing a unit in China that monitors compliance and controls in China on an on-going basis; and providing employees with a method to have immediate access the company’s policies and requirements.”

While there was no statement regarding self-disclosure, the company did cooperate extensively with the SEC after the company was called to task. The Cease and Desist Order noted, “Mead Johnson subsequently provided extensive and thorough cooperation. Mead Johnson voluntarily provided reports of its investigative findings; shared its analysis of documents and summaries of witness interviews; and responded to the Commission’s requests for documents and information and provided translations of key documents. These actions assisted the Commission staff in efficiently collecting valuable evidence, including information that may not have been otherwise available to the staff.”

There are several lessons to be learned from the Mead Johnson enforcement action. If it was not clear from the GlaxoSmithKline PLC (GSK) imbroglio in China in 2013-14, your internal investigation must be thorough. Performing an investigation, finding no FCPA violations only to have a regulator sitting on your shoulder and later finding such evidence is never good. The SEC also reaffirmed its clear intention to continue to enforce the accounting provisions of the FCPA, with or without a parallel Department of Justice (DOJ) enforcement action. Companies must also take heed on their internal controls. Clearly certain China business unit employees had developed a work-around of the compliance internal controls by requiring the distributors to use their allowances to pay bribes. Internal controls must not only exist but they must be effective. That means you have to test their effectiveness, not simply tick the box that you have put them in place.

Finally, and I think Dr. Seuss’ compliance lesson is that when you give out an allowance, while you may restrict some of its uses, you certainly should not direct where the money is spent. Every kid knows that if you are told where to spend your allowance, it is really not your allowance. Perhaps Mead Johnson would do well to remember that long lost lesson from childhood.

© Thomas R. Fox, 2015

Leave a Comment

June 19, 2015

Tribute to John David Crow and an Innovation Strategy for Your Compliance Program

Filed under: Best Practices,Compliance,compliance programs,Department of Justice,FCPA,FCPA Guidance,Harvard Business Review,IAP,Innovation,Ten Hallmarks of an Effective Compliance Program — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, DOJ, FCPA, Harvard Business Review, HBR

John David Crow died Wednesday. Until Johnny Football, he was the only football player from Texas A&M University to win the Heisman Trophy. He played under the legendary Paul ‘Bear’ Bryant at A&M and for all of Bryant’s success, Crow was the his only player to win the award given annually to the nation’s best collegiate football player. Crow had a productive professional football career making the Pro-Bowl four times. He was also the Athletic Director at A&M from 1989 to 1993. So here’s to John David Crow, one of the Junction Boys and one of the greatest players in the history of Texas A&M. Finally, let me say something I almost never say, Gig ‘Em, John David.

I thought about John David Crow and his legacy of greatness when I read an article in the June issue of the Harvard Business Review (HBR), entitled “You Need an Innovation Strategy”, by Gary P. Pisano. While Pisano’s article dealt more generally with innovation in marketing, I found it highly relevant for the Chief Compliance Officer (CCO) or compliance practitioner, particularly in the context a Foreign Corrupt Practices Act (FCPA) compliance program. Earlier this week, the Department of Justice (DOJ) announced the resolution of a FCPA investigation involving IAP Worldwide Services, Inc. (IAP) via a Non-Prosecution Agreement (NPA). In the NPA, the company committed to implementing and enhancing a best practices FCPA compliance program. Listed at element 18 of its compliance program is the following: “The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.”[Emphasis supplied]

This means that the DOJ expects innovation in your compliance program to keep up with evolving international and industry standards. This requires you to implement an innovation strategy. While Pisano’s article does not specifically focus on compliance, I found that its concepts would help a CCO or compliance practitioner sustain the mandate for innovation in a compliance regime. Pisano’s article begins by stating the problem that many companies face is that “innovation remains a frustrating pursuit.” While acknowledging that failure to execute is an issue, Pisano believes the issue is deeper than simply a failure to execute, he believes there is a “lack of an innovation strategy.”

I found some of his basic definitions most useful for the compliance practitioner to think through innovation in the compliance function. Pisano wrote, “A strategy is nothing more than a commitment to a set of coherent, mutually reinforcing policies or behaviors aimed at achieving a specific competitive goal. Good strategies promote alignment among diverse groups within an organization, clarify objectives and priorities, and help focus efforts around them. Companies regularly define their overall business strategy (their scope and positioning) and specify how various functions – such as marketing, operations, finance, and R&D – will support it. But during my more than two decades studying and consulting for companies in a broad range of industries, I have found that firms rarely articulate strategies to align their innovation efforts with their business strategies.”

The key to success is something that every CCO or compliance practitioner should take to heart. Paraphrasing Pisano for the compliance practitioner is that the compliance function “should articulate an innovation strategy that stipulates how their [compliance] innovation efforts will support the overall business strategy.” Moreover, “creating an innovation strategy involves determining how innovation will create value for customers [of compliance, i.e. Employees], how the company will capture that [compliance] value, and which types of [compliance] innovation to pursue.”

Pisano posed several questions around this key area of connecting innovation to strategy. Initially he asked, “How will innovation create value for potential customers?” In my formula, customers become employees or others who will make use of your compliance innovation going forward. Here you should focus on the benefit for your end-using customer. Your innovation can make compliance faster, easier, quicker, more nimble and so on. But focus on that creation of value going forward. Pisano’s next question was “How will the company capture a shore of the value its innovations generate?” He suggests companies think through how to “keep their own position in the [compliance] ecosystem strong” through innovation. Pisano next asked, “What types of innovation will allow the company to create and capture value, and what resources should each type receive?” Here Pisano notes two major forms of innovation equally applicable to the CCO or compliance practitioner. They are a change in technology and a change in a business process. Both are equally valid.

Another problem that Pisano addresses is termed “overcoming prevailing winds” and this means that innovation can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resource allocations but management must also incentivize the business units to proceed with implementing the innovations, particularly “when an organization needs to change its prevailing patterns.”

Another area Pisano addresses is “managing trade-offs” because it is inherent in any innovation strategy that there will be trade-offs. Here he terms the two key differences as “supply-push” and “demand-pull”. The supply-push approach comes when your innovation is focused on something that does not yet exist, for example if you are initially implementing a FCPA compliance regime. The demand-pull approach works more closely with your existing customer base to determine what they might need and work to implement innovation around those needs.

Interestingly Pisano ends his article with a discussion about “the leadership challenge”. I say interestingly because I would have thought that was required up front as it is the function of senior management to create the capacity for innovation in the first instance. Pisano writes, “There are four essential tasks in creating and implementing an innovation strategy.” Task 1 is to “answer the question “How are we expecting innovation to create value for customers and for our company?” and then explain that to the organization.” Task 2 “is to create a high-level plan for allocating resources to the different kinds of innovation.” Task 3 is “to manage trade-offs. Because every function will naturally want to serve its own interests, only senior leaders can make the choices that are best for the whole company.” Finally, task 4 dovetails with what almost every DOJ/SEC speaker I have ever heard say when they talk about the basics of any best practices compliance program. It is that “innovation strategies must evolve. Any strategy represents a hypothesis that is tested against the unfolding realities of markets, technologies, regulations, and competitors. Just as product designs must evolve to stay competitive, so too must innovation strategies. Like the process of innovation itself, an innovation strategy involves continual experimentation, learning, and adaptation.”

Pisano’s article provides the CCO or compliance practitioner with a framework to think through to help bring the innovation to a compliance program. I would have put leadership first, both in the compliance department and at senior management level. But however you go about it, you must recognize that your compliance program will have to evolve. That is one of the key differences between those who advocate static compliance standards embodied in a written compliance program and those who advocate that it is Doing Compliance that creates an active, vibrant and effect compliance program.

© Thomas R. Fox, 2015

Leave a Comment

June 18, 2015

The War of 1812 and the IAP Worldwide Services Non-Prosecution Agreement

Filed under: Department of Justice,FCPA,IAP,Non-Prosecution Agreements — tfoxlaw @ 12:01 am
Tags: compliance, compliance programs, Department of Justice, DOJ, FCPA, Foreign Corrupt Practices Act

On this day, 203 years ago, President James Madison signed a Declaration of War against Great Britain inaugurating the War of 1812. The cause of the war was multi-faceted; the formal reason given was the British impressment of American sailors and the economic blockade of Europe. But the real reason may have simply been the warmongers who had been agitating for war against Britain for several years as an excuse to attack (and hopefully take over) Canada. For those of you who did not study geography too closely, that latter hope was forlorn as Canadians twice repulsed American invasions during the war.

That does not mean the War of 1812 was ultimately unsuccessful for the ‘War Hawks’. America got two great songs out of the war. The first was our National Anthem, the Star Spangled Banner, which celebrated victory over the British at Baltimore. The second was the top hit single of 1959, The Battle of New Orleans, which celebrated Andrew Jackson’s defeat of the British in the Battle of New Orleans, which was fought after the signing of the peace treaty that ended the war. Also that peace treaty, which America and Great Britain signed has remained unbroken to this day.

I thought about this view of the results of the War of 1812 when I read the Foreign Corrupt Practices Act (FCPA) enforcement action involving IAP Worldwide Services, Inc. (“IAP” or “the company”) and its former Vice President (VP), James Rama. The company received a Non-Prosecution Agreement (NPA) as a result of the enforcement action but agreed to a fine of $7.1MM. Rama pled guilty to a single count of conspiracy to violate the FCPA and is awaiting sentencing but his sentence will be capped out at “five years of imprisonment, a fine of the greater of $250,000 or twice the gross gain or loss, full restitution, a special assessment, and three years of supervised release” according to his Plea Agreement.

What it is difficult to determine from the company NPA and Rama Plea Agreement is what conduct the company engaged in which led to the NPA because clearly both the company and Rama engaged in conduct that violated the FCPA. In its Press Release the Department of Justice (DOJ) said, “Based on a variety of factors, including but not limited to IAP’s cooperation, the Criminal Division entered into a non-prosecution agreement with the company.” In the NPA these factors were given some meat with the following boilerplate language, “(a) the Company has cooperated with the Offices, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the Offices; (b) the Company has engaged in remediation, including disciplining the officers and employees responsible for the corrupt payments or terminating their employment, enhancing its due diligence protocol for third-party agents and consultants, and instituting heightened review of proposals and other transactional documents for relevant Company contracts; (c) the Company has committed to continue to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in Attachment C to this Agreement; and (d) the Company has agreed to continue to cooperate with the Offices in any ongoing investigation of the conduct of the Company and its officers, directors, employees, agents, and consultants relating to possible violations under investigation by the Offices.”

Since I cannot determine from beyond the above description what the company did to achieve its NPA, I will use the same analysis that I did in ascertaining what we Americans got out of the War of 1812. For the NPA did go into detail about the bribery scheme used by the company and Rama, which were clearly violative of the FCPA. Rama was a VP of the company until he signed and became an independent contractor to the organization, through his consulting entity, Ramaco. Ramaco was created, in part, to hide the involvement of IAP in the bidding process with the Kuwaiti Ministry of the Interior to provide nationwide surveillance for the country.

The bid for this project had two phases. In Phase I, a consultant would assist the Kuwaiti government to select the final contractor who would implement the nationwide surveillance for the country in Phase II. By hiding its involvement through Ramaco, IAP could reap the benefits of winning both phases, which it did. However the illegals acts of IAP and Ramaco did not end with this subterfuge but were in fact just beginning.

The Phase I contract awarded to Ramaco was worth $4MM. IAP and Ramaco agreed to rebate one-half of the amount, through a Kuwaiti third party agent back to certain representatives of the Kuwaiti government as bribe payments. In addition to this 50% figure of the contract price, IAP and Ramaco understood that this Kuwaiti third party contractor would “inflate its invoices to IAP by charging IAP for the total amount of both the legitimate services that Kuwaiti Company was providing and the payments that Kuwaiti Company was funneling to Kuwaiti Consultant without listing or otherwise disclosing the payments that were funneled to Kuwaiti Consultant.” According to the NPA, these monies were specifically “provided as bribes to Kuwaiti government officials to assist IAP in obtaining and retaining the KSP Phase I contract and to obtain the Phase II contract.”

The NPA also specified meetings which were held in the company’s headquarters in Arlington VA and that monies to be paid as bribes were wired out of a company bank account in the US to Kuwait.

All of these facts would lead me to opine that this case was egregious. There was a US company, setting up a scheme to pay bribes through both a US person, who was a former employee, and a foreign third party agent. Meetings to facilitate the scheme were held in the US and monies to fund bribes were wired out of a US bank account. There was nothing reported in the NPA which indicated that the company self-disclosed this FCPA violation. While there were statements of cooperation and remediation going forward, there was nothing other than the standard boilerplate language generally seen in NPAs.

So while the NPA does provide the Chief Compliance Officer (CCO) or compliance practitioner a good set of facts to test against in their organization, that would appear to be about it. Other than, of course, it is always better to cooperate than not. So much like what we Americans got out of the War of 1812, not much substance can be ascertained from the company’s NPA and Rama’s Plea Agreement.

For a YouTube clip of Johnny Horton singing The Battle of New Orleans, on the Ed Sullivan Show, click here.

© Thomas R. Fox, 2015

Leave a Comment

May 26, 2015

Economic Downturn Week, Part I – Mapping of Your Internal Compliance Controls

This week I will present a series on steps that you can take in your compliance program if you find yourself, your company or your industry in an economic downturn. All of the recommendations I will make are ideas that have been put into action by companies currently facing these issues. They are ideas that you can use if you have scarce or lessened economic resources for your compliance function. Today I will take my cue from the recent Securities and Exchange Commission (SEC) enforcement action against BHP Billiton (BHP) as a key indicator of where greater and more rigorous SEC enforcement is heading. That is in the area of the enforcement of internal controls and steps that you can take right now, even with reduced head count and budgetary resources, to improve your Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-corruption compliance program.

However, before we get to that subject, I want to remember Marques Haynes, who died last week. Haynes was a basket baller extraordinaire who played with the Harlem Globetrotters off and on for 40 years. As was set out in his New York Times (NYT) obituary last week, Haynes “whose dazzling ball-handling skills, exhibited for more than 40 years as a member of the Harlem Globetrotters and other barnstorming black basketball teams, earned him a place in the Naismith Basketball Hall of Fame and an international reputation as the world’s greatest dribbler”. He was the first Globetrotter inducted into the Naismith Memorial Basketball Hall of Fame. I saw Haynes play in the later stages of his career with the Globetrotters; both on ABC’s Wide World of Sports and through their non-stop touring when they came to even my Podunk hometown. So here’s to you Marques and I am sure you have called ‘Next’ for that great pickup game in the sky several times now.

As they made clear with several FCPA enforcement actions from last fall, the SEC has placed a renewed interest in the accounting provisions of the FCPA, specifically the internal controls provisions. The BHP enforcement continued this trend, where there was no evidence that bribes were paid or offered in violation of the FCPA, tet the poor internal compliance controls at BHP led to a $25MM fine. Indeed Kara Brockmeyer, the Chief, FCPA Unit; Division of Enforcement of the SEC, who spoke at the recently concluded Compliance Week 2015, in a session entitled “A New Look at FCPA Enforcement”, reiterated that the SEC was committed to protecting investors in US public companies and those which list other securities in the US, through enforcement of the accounting provisions, including internal controls provisions of the FCPA. It would seem that the reason is straightforward; a company with rigorous internal compliance controls is better able to prevent, detect and remedy any FCPA violations that may occur.

So, in the midst of an economic downturn, what can you do around the FCPA’s requirements for internal controls and current SEC emphasis? I would suggest that you begin with an exercise where you map the internal controls your company has in place to the indicia of the Ten Hallmarks of an Effective Compliance Program, as set out in the FCPA Guidance. While most compliance practitioners are familiar with the Ten Hallmarks, you may not be as familiar with standards for internal controls. I would suggest that you begin with the COSO 2013 Framework as your starting point.

As a lawyer or compliance practitioner you may not be familiar with all the internal controls that you have in place. This exercise would give you a good opportunity to meet with the heads of Internal Audit, Finance and Accounting (F&A), Treasury or any other function in your company that deals with financial controls. Talk with them about the financial controls you may already have in place. An easy example is employee expense reports. Every company I have ever worked at or even heard about requires expenses for reimbursement to be presented, in documented form on some type of expense reimbursement form. This is mandatory for IRS reporting; so all entities perform this action. See how many controls are in place. Is the employee who submits the expense reimbursement required to sign it? Does his/her immediate supervisor review, approve and sign it? Does any party in the employee’s direct reporting chain review, approve and sign? Does anyone from accounts payable review and approve, both for accuracy and to make sure that all referenced expenses are properly receipted? Is there any other review in accounts payable? Is there any aggregate review of expense reports? Is there a monetary limit over which additional reviews and approvals occur?

Now if an employee has submitted expenses for activities that occurred outside the US are there are any foreign government officials involved? Were those employees identified on the expense reimbursement form? Was the business purpose of the meal, gift or other hospitality recorded? Can you aggregate the monies spent on any one foreign official or by a single employee in your expense reporting system? All of these are internal controls that can be mapped to the appropriate prong of the Ten Hallmarks or other indicia of your compliance program.

You can take this exercise through each of the five objectives under the COSO 2013 Framework and its attendant 17 Principles. From this mapping you can then perform a gap analysis to determine where you might need to implement internal compliance controls into your anti-corruption compliance program. This can lead to remedial steps that you can take. For example you can recommend procedures be written for all key compliance areas in which there are currently no procedures and your existing procedures can be updated to include compliance issues and clear definition how controls are to be evidenced. Through this you can move from having detect controls in place, to having prevent controls, whenever possible.

As a Chief Compliance Officer (CCO) or compliance practitioner, this is an exercise that you can engage in at no cost. You simply investigate and note what internal controls you have in place and how they may be a part of your anti-corruption efforts going forward. As I said last week, compliance is a straightforward exercise. This does not mean that it is easy; you do have to work at it so that you will simply not have a paper, “check the box”, program. But using the excuse that you have limited resources is simply an excuse and a rather poor one at that. While the clear lesson from the BHP enforcement action is that you are required to have effective internal controls in place, by engaging in this mapping exercise you can then figure out what you have and, more importantly, what internal compliance controls that you do not have and need to institute.

Finally, if you do have resources and need some help, you can reach me at the email below.

Leave a Comment

May 22, 2015

On the Oregon Trail: the BHP Enforcement Action and High-Risk Hospitality

Filed under: Best Practices,BHP Billiton,Compliance,Compliance and Ethics,compliance programs,FCPA,Gifts and Business Entertainment,Hospitality,SEC,Travel and Entertainment — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, FCPA, SEC

Today we celebrate American exceptionalism. As noted in ‘This Date in History’, on this date in 1834 the first wagon train, made up of 1,000 settlers and 1,000 head of cattle, set off down the Oregon Trail from Independence, Missouri, on the Great Emigration. After leaving Independence, the giant wagon train followed the Santa Fe Trail for some 40 miles and then turned to its northern route to Fort Laramie, Wyoming. From there, it traveled on to the Rocky Mountains, which it passed through by way of the broad, level South Pass that led to the basin of the Colorado River. The travelers then went southwest to Fort Bridger and on to Fort Boise, where they gained supplies for the difficult journey over the Blue Mountains and into Oregon. The Great Emigration finally arrived in October, completing the 2,000-mile journey from Independence in five months.

The settlers who took off on this Great Emigration on the Oregon Trail did not have anything in the way of a road map. Fortunately for the modern day anti-corruption compliance practitioner, you do have road maps that can guide your compliance with the Foreign Corrupt Practices Act (FCPA) going forward. Over the past few years the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have put out significant and detailed information on compliance failures, which have led to FCPA enforcement actions. For any Chief Compliance Officer (CCO) or compliance practitioner, these enforcement actions provide solid information of lessons learned which can be used as teaching points for companies. Further, these lessons can be used as road maps to review compliance programs to see what gaps, if any, may exist and how to implement solutions.

This trend continued with the release of the SEC FCPA enforcement action involving BHP Billiton Ltd. (BHP) this week. First and foremost to note is that it was a SEC enforcement action involving violations of the internal controls provision of the FCPA. There was no evidence of bribery leading to any DOJ enforcement action. Yet as I have been writing and saying for almost one year, SEC enforcement of the internal controls provision of the FCPA is increasing and companies need to pay more attention to this part of the FCPA. A bribe or offer to bribe does not have to exist for an internal controls violation to occur. CCOs and compliance practitioners need to be cognizant of compliance internal controls and put effective compliance internal controls in place that can be audited against to test their effectiveness.

The BHP enforcement action revolved around the company’s hospitality program for the Beijing 2008 Olympics. Every CCO and compliance practitioner should study this enforcement action in detail so that they can craft appropriate compliance internal controls for high dollar entertaining for big time sporting events. For any company that may be planning for high dollar hospitality spends for the 2016 Brazil Olympics, this enforcement action lays out what you should and should not do in your compliance program. But this holds true for any major sporting event such as the Super Bowl, World Cup or you name the event.

BHP had a paper program that appeared robust. As laid out in the Cease and Desist Order, “BHPB developed a hospitality application which business managers were required to complete for any individuals, including government officials, whom they wished to invite.” The application included these questions to be fully answered:

“What business obligation exists or is expected to develop between the proposed invitee and BHP Billiton?”,
“Is BHP Billiton negotiating or considering any contract, license agreement or seeking access rights with a third party where the proposed invitee is in a position to influence the outcome of that negotiation?”
“Do you believe that the offer of the proposed hospitality would be likely to create an impression that there is an improper connection between the provision of the hospitality and the business that is being negotiated, considered or conducted, or in any way might be perceived as breaching the Company’s Guide to Business Conduct? If yes, please provide details.”; and
“Are there other matters relating to the relationship between BHP Billiton and the proposed invitee that you believe should be considered in relation to the provision of hospitality having regard to BHP Billiton’s Guide to Business Conduct?”

So the right forms were in place and some of them were fully filled out. However, as the Cease and Desist Order made clear, an effective compliance program does not end at that point. Now would be an appropriate time to recall that high risk does not mean you cannot engage in certain conduct. High risk means that to have an effective compliance program, you have to manage that risk. A basic key to any effective compliance program is oversight or a second set of eyes baked in to your process. BHP formally had this oversight or second set of eyes in the form of an Olympic Sponsorship Steering Committee (OSSC) and Global Ethics Panel Sub-Committee.

Where BHP failed was that “other than reviewing approximately 10 hospitality applications for government officials in mid-2007 in order to assess the invitation process, the OSSC and the Ethics Panel subcommittee did not review the appropriateness of individual hospitality applications or airfare requests. The Ethics Panel’s charter stated that its role simply was to provide advice on ethical and compliance matters, and that “accountability rest[ed] with business leaders.” Members of the Ethics Panel understood that, consistent with their charter, their role with respect to implementation of the hospitality program was purely advisory. As a result, business managers had sole responsibility for reconciling the competing goals of inviting guests – including government officials – who would ““maximize [BHPB’s] commercial investment made in the Olympic Games” without violating anti-bribery laws.”

But there was more than simply a failure of oversight by BHP. The Cease and Desist Order noted that not all of the forms were filled out with the critical information around a whether a proposed recipient might have been a government official. Even more critically missing was information on whether the proposed recipient was in a position to exert influence over BHP business. Moreover, BHP did not provide training to the business unit employees who ended up making the call as to whether or not to provide the hospitality on payment of travel and hospitality for spouses. The Cease and Desist Order stated that BHP “did not provide any guidance to its senior managers on how they should apply this portion of the Guide when determining whether to approve invitations and airfares for government officials’ spouses.” Finally, there were no controls in place to update or provide ongoing monitoring of the critical information in the forms.

All of this led the SEC to state the following, “As a result of its failure to design and maintain sufficient internal controls over the Olympic global hospitality program, BHPB invited a number of government officials who were directly involved with, or in a position to influence, pending negotiations, efforts by BHPB to obtain access rights, or other pending matters.” This led to the following, “BHPB violated Section 13(b)(2)(B) because it did not devise and maintain internal accounting controls over the Olympic hospitality program that were sufficient to provide reasonable assurances that access to assets and transactions were in executed in accordance with management’s authorization.” Perhaps it was stated most succinctly by Antonia Chion, Associate Director of the SEC’s Division of Enforcement, in the SEC Press Release announcing the enforcement action when he said, “A ‘check the box’ compliance approach of forms over substance is not enough to comply with the FCPA.”

There is also clear guidance from the SEC about how BHP was able to obtain the reduced settlement it received. BHP “provided significant cooperation with the Commission’s investigation”. Moreover, the Cease and Desist Order laid out the remedial steps the company took. These steps included: (1) creation of compliance group independent of the business units; (2) review of its anti-corruption program and implementation of certain upgrades; (3) embedding of anti-corruption managers into the business units; (4) enhancements of “its policies and procedures concerning hospitality, gift giving, use of third party agents, business partners, and other high-risk compliance areas”; (5) enhancement of “financial and auditing controls, including policies to specifically address conducting business in high-risk markets”; and (6) enhanced anti-corruption compliance training.

FCPA compliance is a relatively simply exercise. That does not mean it is easy. For travels on the Great Emigration on the Oregon Trail, travel was neither simple nor easy. If you want to send government officials to high profile sporting events or provide other high dollar hospitality, the FCPA does not prevent you from doing so. But it is a high risk and to be in compliance you must to manage those high risks appropriately, all the way through the process. The BHP enforcement action provides you a detailed road map of what to do and what not to do.

Comments (1)

April 20, 2015

The Intersection of the FCPA, TI-CPI and Tax Appeals in Brazil

Filed under: Best Practices,Brazil,Corruption in Brazil,Corruption Perceptions Index,FCPA,Parker Drilling,Transparency International,Wall Street Journal,WSJ — tfoxlaw @ 12:01 am
Tags: Brazil, FCPA, Foreign Corrupt Practices Act, TI-CPI, Wall Street Journal

The Transparency International-Corruptions Perceptions Index (TI-CPI) is released each year in November. The TI-CPI rates Brazil as 69^th out of 175 countries on its index, coming in with a score of 43 out of 100. I wonder if TI might consider an interim report this year on Brazil? As things keep going, more and more corruption is alleged to be a part of the everyday fabric of the country. While the Petrobras and related scandals have been well chronicled, the overall stench of corruption just keeps spreading and spreading.

Recently it was announced yet another set of investigations around corruption has begun. This time it involves the Brazilian Finance Ministry’s Administrative Council for Tax Appeal. In an article in the Wall Street Journal (WSJ), entitled “Brazil Probes New Bribery Allegations”, Paulo Trevisani reported that this is an “arbitration board that hears appeals from taxpayers who dispute how much they owe the [Brazilian] government.” The investigation would appear to be widespread as “Prosecutors said 74 companies and 24 individuals are under investigation.”

Interestingly not only is the Finance Ministry investigating the allegations but also the Brazilian internal revenue service, the Brazilian federal police and the Brazilian federal prosecutors office. In what would seem to indicate the inherent conflict of interest in the Finance Ministry investigating itself, Trevisani reported the “Finance Ministry said the alleged scheme wasn’t systematic but rather, involved “isolated acts” carried out by a small group of government tax officials. When prosecutors announced the investigation on March 26 they said that losses to the nation’s treasury totaled $6.1 billion over 15 years.” Oops.

While the entities and individuals under investigation have not been named, “a leading investigator on the case said companies under investigation include Ford Motor Brazil, a unit of Ford Motor Co.; JBS, the world’s largest meatpacker, the Brazilian unit of the Spanish bank Banco Santander SA; and Brazil’s second largest private-sector bank, Bradesco SA.” You may recall from an earlier blog post I noted that Brazil’s third largest state-owned bank Caixa Econômica Federal (Caixa) is also under investigation for corruption.

However, this new corruption scandal is the first time that non-Brazilian companies have come under investigation outside of the Petrobras scandal. The WSJ article noted, “Brazil’s tax system is among the most onerous and complex in the world. Penalties can be steep. That has fostered an environment where corruption can flourish, [un-named] experts say. “Taxes in Brazil are so high and complicated that it is easy for companies to get in trouble with the taxman,” the leading investigator told The Wall Street Journal. The investigator said frequent tax disputes created opportunities for ill-intentioned public servants to profit by helping firms circumvent red tape. Prosecutors say the probe began in 2013 after they received an anonymous letter describing details of the alleged scheme.”

An article in forbes.com, entitled “Ford On List Of Companies Suspected Of Brazilian Tax Fraud” by Kenneth Rapoza, went further than the WSJ article when it laid out the list of “companies are under investigation for taking part in various tax bribery schemes” and then listed the amounts they allegedly avoided paying. The Top Ten list is:

Santander: R$3.3 billion
Bradesco: R$2.7 billion
Ford: R$1.7 billion
Gerdau: R$1.2 billion
Light: R$929 million
Banco Safra: R$767 million
RBS: R$672 million
Camargo Correa: R$668 million
Mitsubishi: R$505 million
Banco Industrial: R$436 million

An article in businessinsider.com, entitled “Brazil uncovers multibillion-dollar tax fraud”, reported that this investigation, dubbed Operation Zeal, had uncovered that “the [tax] body managed to obtain tax appeals board rulings in the companies’ favor by either cutting penalties or waiving them altogether. In return, officials allegedly received bribes from some 70 companies believed to have benefited from the scheme. A written statement issued by Brazilian federal police stated “The investigations, begun in 2013, showed the organization acted within the body sponsoring private interests, seeking to influence and corrupt advisors with a view either to securing the cancellation or reduction of penalties from tax authorities”. Moreover, “Police said the scam could have netted the companies as much as 19 billion reais ($5.9 billion) but evidence uncovered so far amounts to around a third of that amount.” Finally, and perhaps most ominously, the article said, “Federal police organized crime chief Oslain Campos Santan said the total sums could end up being “as much” as that involved in the Petrobras scam”.

This new Brazilian corruption scandal recalls the Foreign Corrupt Practices Act (FCPA) enforcement action against the Houston-based Parker Drilling Company. According to the Department of Justice (DOJ) Press Release issued at the time of the announcement of the conclusion of the matter, the company was issued a tax assessment on its drilling rigs. The Press Release went on to state, “According to court documents, rather than pay the assessed fine, Parker Drilling contracted indirectly with an intermediary agent to resolve its customs issues. From January to May 2004, Parker Drilling transferred $1.25 million to the agent, who reported spending a portion of the money on various things including entertaining government officials. Emails in which the agent requested additional money from Parker Drilling referenced the agent’s interactions with Nigeria’s Ministry of Finance, State Security Service, and a delegation from the president’s office. Two senior executives within Parker Drilling at the time reviewed and approved the agent’s invoices, knowing that the invoices arbitrarily attributed portions of the money that Parker Drilling transferred to the agent to various fees and expenses. The agent succeeded in reducing Parker Drilling’s TI Panel fines from $3.8 million to just $750,000.”

So with all of the above that has been written about in the past few weeks, where do you think Brazil should be on the TI-CPI? While its rating of 43 out of 100 may not seem too low or perhaps more accurately too much perceived corruption, it may be time for a mid-year reassessment. Certainly if you are a Chief Compliance Officer (CCO) or compliance practitioner you may wish to perform your own reassessment. If you have any dealings with the Brazilian Finance Ministry’s Administrative Council for Tax Appeal, you need to perform an internal investigation starting today on all information you can find about the process and results. For if the results were extremely favorable the reason for the achievement may have violated both Brazilian law and the FCPA.

Leave a Comment

March 18, 2015

The Blue Geranium – SEC Enforcement of the FCPA – Part III

Filed under: Department of Justice,Enforcement Actions,FCPA,FCPA Guidance,FCPA Professor,Profit Disgorgement,Remedies,SEC — tfoxlaw @ 12:01 am
Tags: Department of Justice, DOJ, FCPA, FCPA Professor, Foreign Corrupt Practices Act, SEC

In Christie’s The Blue Geranium a difficult and cantankerous semi-invalid wife is looked after by a succession of nurses. They changed regularly, unable to cope with their patient, with one exception Nurse Copling who somehow managed the tantrums and complaints better than others of her calling. The wife had a predilection for fortunetellers and one announced that the wallpaper in the wife’s room was evil; pronouncing she should “Beware of the Full Moon. The Blue Primrose means warning; the Blue Hollyhock means danger; the Blue Geranium means death.” Four days later, one of the primroses in the pattern of the wallpaper in the wife’s room changed color to blue in the middle of the night, when there had been a full moon.

On the morning after the next full moon, the wife was found dead in her bed with only her smelling salts beside her. Once again Miss Marple has the solution remembering that potassium cyanide resembled smelling salts in odor. The wife took what she thought were smelling salts but was in reality potassium cyanide. The flowers on the wallpaper had been treated with litmus paper which the turned the geranium in question blue, which unmasked the killer.

I found this story to be an interesting way to introduce the topic of the Securities and Exchange Commission’s (SEC’s) damage remedies. While some are obvious, such as the fines and penalties which are listed in the text of the Foreign Corrupt Practices Act (FCPA), another one, that being profit disgorgement must be seen through the lens of multiple legislations.

Monetary Fines

The damages that are available to the SEC differ in some significant aspects from those available to the Department of Justice (DOJ) in its enforcement of the criminal side of the FCPA. According to the FCPA Guidance, “For violations of the anti-bribery provisions, corporations and other business entities are subject to a civil penalty of up to $16,000 per violation. Individuals, including officers, directors, stockholders, and agents of companies, are similarly subject to a civil penalty of up to $16,000 per violation, which may not be paid by their employer or principal. For violations of the accounting provisions, SEC may obtain a civil penalty not to exceed the greater of (a) the gross amount of the pecuniary gain to the defendant as a result of the violations or (b) a specified dollar limitation. The specified dollar limitations are based on the egregiousness of the violation, ranging from $7,500 to $150,000 for an individual and $75,000 to $725,000 for a company.”

As straightforward as these monetary amounts may seem, the totals can become very large very quickly. As noted by Russ Ryan in a guest post on the FCPA Professor’s blog, entitled “Former SEC Enforcement Official Throws The Red Challenge Flag”, the SEC significantly multiplied those amounts in a default judgment context against former Siemens executives by claiming that “four alleged bribes should be triple-counted as three separate securities law violations – once as a bribe, again as a books-and-records violation, and yet again as an internal-controls violation – thus artificially multiplying four violations to create twelve.” Further, under the specific books-and-records and internal-controls allegations “the SEC was super aggressive, taking the position that these classically non-fraud violations involved “reckless disregard” of a regulatory requirement, thus allowing the SEC to demand the maximum $60,000 per violation in “second-tier” penalties rather than the $6,000 per violation in the “first-tier” penalties ordinarily associated with non-fraud violations.”

Profit Disgorgement

In addition to the above statutory fines and penalties, “SEC can obtain the equitable relief of disgorgement of ill-gotten gains and pre-judgment interest and can also obtain civil money penalties pursuant to Sections 21(d)(3) and 32(c) of the Exchange Act. SEC may also seek ancillary relief (such as an accounting from a defendant). Pursuant to Section 21(d)(5), SEC also may seek, and any federal court may grant, any other equitable relief that may be appropriate or necessary for the benefit of investors, such as enhanced remedial measures or the retention of an independent compliance consultant or monitor.” These remedies can be sought in a federal district court of through the SEC administrative process.

As explained by Marc Alain Bohn, in a blog post on the FCPA Blog entitled “What Exactly is Disgorgement?” profit “Disgorgement is an equitable remedy authorized by the Securities Exchange Act of 1934 that is used to deprive wrong-doers of their ill-gotten gains and deter violations of federal securities law. The Act gives the SEC the authority to enter an order “requiring accounting and disgorgement,” including reasonable interest, as part of administrative or cease and desist proceedings”. In another article Bohn co-authored with Sasha Kalb, entitled “Disgorgement – the Devil You Don’t Know” published in Corporate Compliance Insights (CCI), they set out how such damages are calculated. They said, “In calculating disgorgement, the SEC is required to distinguish between legally and illegally obtained profits. The first step in such calculations is to identify the causal link between the unlawful activity and the profit to be disgorged. Once this causal link is established, the SEC may assert its right to disgorge illicit profits that stem from this wrong-doing. Because calculations like these often prove difficult, courts tend to give the SEC considerable discretion in determining what constitutes an ill-gotten gain by requiring only a reasonable approximation of the profits which are causally connected to the violation.”

However if you read the FCPA quite closely you will not find any language regarding profit disgorgement as a remedy. Nevertheless a simple reading of the statute does not limit our inquiry as to this remedy. In a Note, published in the University of Michigan Journal of International Law, entitled “The Foreign Corrupt Practices Act, SEC Disgorgement of Profits and the Evolving International Bribery Regime: Weighing Proportionality, Retribution and Deterrence”, author David C. Weiss explained the development of the remedy of profit disgorgement. As noted by Bohn, profit disgorgement was always available to the SEC from the very beginning of its existence, through the enabling legislation of 1934. But as explained by Weiss, in the completely unrelated legislation entitled The Penny Stock Reform Act of 1990, profit disgorgement was “authorized by statute [as a remedy to the SEC] without a limitation to the FCPA.”

Finally, and what many compliance practitioners do not focus on for SEC enforcement of the FCPA, was the enactment of Sarbanes-Oxley Act of 2002 (SOX). Weiss said, “The most recent change to the way in which the SEC enforces the FCPA—and a critical development to consider—is SOX, which affects virtually all of the SEC’s prosecutions, including those under the FCPA. When assessing penalties, the SEC draws on SOX to provide great latitude in determining the types of penalties it enforces. While SOX did not amend the FCPA itself, it did amend both civil and criminal securities laws relating to compliance, internal controls, and penalties for violations of the Exchange Act. Since the enactment of SOX, the SEC has possessed the power to designate how a particular penalty that it assesses will be classified.” [citations omitted]

There has been criticism of the SEC using profit disgorgement as a remedy. As far back as 2010, the FCPA Professor criticized this development in his article “The Façade of FCPA Enforcement” where he found fault with the remedy of profit disgorgement for books and records violations or internal controls violations only, where there is no corresponding “enforcement action charging violations of the anti-bribery provisions.” He wrote “It is difficult to see how a disgorgement remedy premised solely on an FCPA books and records and internal controls case is not punitive. It is further difficult to see how the mis-recording of a payment (a payment that the SEC does not allege violated the FCPA’s anti-bribery provisions) can properly give rise to a disgorgement remedy.”

Bohn and Kalb said, “Over the last six years, disgorgement has served to significantly increase the financial loss that companies are exposed to in FCPA enforcement matters. In addition to the considerable civil penalties often imposed by the SEC as part of FCPA settlements, the SEC has made clear that it will not hesitate to seek recovery of large sums through disgorgement provided they are reasonably related to the alleged misconduct. Yet the methodology used by the SEC to support the amounts it seeks to disgorge has not been much discussed. In the absence of adequate guidance as to how these sums are calculated, disgorgement poses an even greater risk in the current aggressive FCPA enforcement climate.” I would only add to their conclusion that profit disgorgement is here to stay.

Leave a Comment

FCPA Compliance and Ethics Blog

August 20, 2015

BNY Mellon and Lessons Learned In Hiring Family Members – Part II

August 19, 2015

BNY Mellon Settles First Sons and Daughters (and Nephews) FCPA Hiring Matter – Part I

August 14, 2015

The BHP Case and Enforcement of The FCPA’s Internal Controls Provision

July 29, 2015

What Would Dr. Seuss Say about an Allowance?

June 19, 2015

Tribute to John David Crow and an Innovation Strategy for Your Compliance Program

June 18, 2015

The War of 1812 and the IAP Worldwide Services Non-Prosecution Agreement

May 26, 2015

Economic Downturn Week, Part I – Mapping of Your Internal Compliance Controls

May 22, 2015

On the Oregon Trail: the BHP Enforcement Action and High-Risk Hospitality

April 20, 2015

The Intersection of the FCPA, TI-CPI and Tax Appeals in Brazil

March 18, 2015

The Blue Geranium – SEC Enforcement of the FCPA – Part III

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey