FCPA Compliance and Ethics Blog

May 26, 2015

Economic Downturn Week, Part I – Mapping of Your Internal Compliance Controls

Economic DownturnThis week I will present a series on steps that you can take in your compliance program if you find yourself, your company or your industry in an economic downturn. All of the recommendations I will make are ideas that have been put into action by companies currently facing these issues. They are ideas that you can use if you have scarce or lessened economic resources for your compliance function. Today I will take my cue from the recent Securities and Exchange Commission (SEC) enforcement action against BHP Billiton (BHP) as a key indicator of where greater and more rigorous SEC enforcement is heading. That is in the area of the enforcement of internal controls and steps that you can take right now, even with reduced head count and budgetary resources, to improve your Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other anti-corruption compliance program.

However, before we get to that subject, I want to remember Marques Haynes, who died last week. Haynes was a basket baller extraordinaire who played with the Harlem Globetrotters off and on for 40 years. As was set out in his New York Times (NYT) obituary last week, Haynes “whose dazzling ball-handling skills, exhibited for more than 40 years as a member of the Harlem Globetrotters and other barnstorming black basketball teams, earned him a place in the Naismith Basketball Hall of Fame and an international reputation as the world’s greatest dribbler”. He was the first Globetrotter inducted into the Naismith Memorial Basketball Hall of Fame. I saw Haynes play in the later stages of his career with the Globetrotters; both on ABC’s Wide World of Sports and through their non-stop touring when they came to even my Podunk hometown. So here’s to you Marques and I am sure you have called ‘Next’ for that great pickup game in the sky several times now.

As they made clear with several FCPA enforcement actions from last fall, the SEC has placed a renewed interest in the accounting provisions of the FCPA, specifically the internal controls provisions. The BHP enforcement continued this trend, where there was no evidence that bribes were paid or offered in violation of the FCPA, tet the poor internal compliance controls at BHP led to a $25MM fine. Indeed Kara Brockmeyer, the Chief, FCPA Unit; Division of Enforcement of the SEC, who spoke at the recently concluded Compliance Week 2015, in a session entitled “A New Look at FCPA Enforcement”, reiterated that the SEC was committed to protecting investors in US public companies and those which list other securities in the US, through enforcement of the accounting provisions, including internal controls provisions of the FCPA. It would seem that the reason is straightforward; a company with rigorous internal compliance controls is better able to prevent, detect and remedy any FCPA violations that may occur.

So, in the midst of an economic downturn, what can you do around the FCPA’s requirements for internal controls and current SEC emphasis? I would suggest that you begin with an exercise where you map the internal controls your company has in place to the indicia of the Ten Hallmarks of an Effective Compliance Program, as set out in the FCPA Guidance. While most compliance practitioners are familiar with the Ten Hallmarks, you may not be as familiar with standards for internal controls. I would suggest that you begin with the COSO 2013 Framework as your starting point.

As a lawyer or compliance practitioner you may not be familiar with all the internal controls that you have in place. This exercise would give you a good opportunity to meet with the heads of Internal Audit, Finance and Accounting (F&A), Treasury or any other function in your company that deals with financial controls. Talk with them about the financial controls you may already have in place. An easy example is employee expense reports. Every company I have ever worked at or even heard about requires expenses for reimbursement to be presented, in documented form on some type of expense reimbursement form. This is mandatory for IRS reporting; so all entities perform this action. See how many controls are in place. Is the employee who submits the expense reimbursement required to sign it? Does his/her immediate supervisor review, approve and sign it? Does any party in the employee’s direct reporting chain review, approve and sign? Does anyone from accounts payable review and approve, both for accuracy and to make sure that all referenced expenses are properly receipted? Is there any other review in accounts payable? Is there any aggregate review of expense reports? Is there a monetary limit over which additional reviews and approvals occur?

Now if an employee has submitted expenses for activities that occurred outside the US are there are any foreign government officials involved? Were those employees identified on the expense reimbursement form? Was the business purpose of the meal, gift or other hospitality recorded? Can you aggregate the monies spent on any one foreign official or by a single employee in your expense reporting system? All of these are internal controls that can be mapped to the appropriate prong of the Ten Hallmarks or other indicia of your compliance program.

You can take this exercise through each of the five objectives under the COSO 2013 Framework and its attendant 17 Principles. From this mapping you can then perform a gap analysis to determine where you might need to implement internal compliance controls into your anti-corruption compliance program. This can lead to remedial steps that you can take. For example you can recommend procedures be written for all key compliance areas in which there are currently no procedures and your existing procedures can be updated to include compliance issues and clear definition how controls are to be evidenced. Through this you can move from having detect controls in place, to having prevent controls, whenever possible.

As a Chief Compliance Officer (CCO) or compliance practitioner, this is an exercise that you can engage in at no cost. You simply investigate and note what internal controls you have in place and how they may be a part of your anti-corruption efforts going forward. As I said last week, compliance is a straightforward exercise. This does not mean that it is easy; you do have to work at it so that you will simply not have a paper, “check the box”, program. But using the excuse that you have limited resources is simply an excuse and a rather poor one at that. While the clear lesson from the BHP enforcement action is that you are required to have effective internal controls in place, by engaging in this mapping exercise you can then figure out what you have and, more importantly, what internal compliance controls that you do not have and need to institute.

Finally, if you do have resources and need some help, you can reach me at the email below.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

May 22, 2015

On the Oregon Trail: the BHP Enforcement Action and High-Risk Hospitality

Oregon TrailToday we celebrate American exceptionalism. As noted in ‘This Date in History’, on this date in 1834 the first wagon train, made up of 1,000 settlers and 1,000 head of cattle, set off down the Oregon Trail from Independence, Missouri, on the Great Emigration. After leaving Independence, the giant wagon train followed the Santa Fe Trail for some 40 miles and then turned to its northern route to Fort Laramie, Wyoming. From there, it traveled on to the Rocky Mountains, which it passed through by way of the broad, level South Pass that led to the basin of the Colorado River. The travelers then went southwest to Fort Bridger and on to Fort Boise, where they gained supplies for the difficult journey over the Blue Mountains and into Oregon. The Great Emigration finally arrived in October, completing the 2,000-mile journey from Independence in five months.

The settlers who took off on this Great Emigration on the Oregon Trail did not have anything in the way of a road map. Fortunately for the modern day anti-corruption compliance practitioner, you do have road maps that can guide your compliance with the Foreign Corrupt Practices Act (FCPA) going forward. Over the past few years the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have put out significant and detailed information on compliance failures, which have led to FCPA enforcement actions. For any Chief Compliance Officer (CCO) or compliance practitioner, these enforcement actions provide solid information of lessons learned which can be used as teaching points for companies. Further, these lessons can be used as road maps to review compliance programs to see what gaps, if any, may exist and how to implement solutions.

This trend continued with the release of the SEC FCPA enforcement action involving BHP Billiton Ltd. (BHP) this week. First and foremost to note is that it was a SEC enforcement action involving violations of the internal controls provision of the FCPA. There was no evidence of bribery leading to any DOJ enforcement action. Yet as I have been writing and saying for almost one year, SEC enforcement of the internal controls provision of the FCPA is increasing and companies need to pay more attention to this part of the FCPA. A bribe or offer to bribe does not have to exist for an internal controls violation to occur. CCOs and compliance practitioners need to be cognizant of compliance internal controls and put effective compliance internal controls in place that can be audited against to test their effectiveness.

The BHP enforcement action revolved around the company’s hospitality program for the Beijing 2008 Olympics. Every CCO and compliance practitioner should study this enforcement action in detail so that they can craft appropriate compliance internal controls for high dollar entertaining for big time sporting events. For any company that may be planning for high dollar hospitality spends for the 2016 Brazil Olympics, this enforcement action lays out what you should and should not do in your compliance program. But this holds true for any major sporting event such as the Super Bowl, World Cup or you name the event.

BHP had a paper program that appeared robust. As laid out in the Cease and Desist Order, “BHPB developed a hospitality application which business managers were required to complete for any individuals, including government officials, whom they wished to invite.” The application included these questions to be fully answered:

  • “What business obligation exists or is expected to develop between the proposed invitee and BHP Billiton?”,
  • “Is BHP Billiton negotiating or considering any contract, license agreement or seeking access rights with a third party where the proposed invitee is in a position to influence the outcome of that negotiation?”
  • “Do you believe that the offer of the proposed hospitality would be likely to create an impression that there is an improper connection between the provision of the hospitality and the business that is being negotiated, considered or conducted, or in any way might be perceived as breaching the Company’s Guide to Business Conduct? If yes, please provide details.”; and
  • “Are there other matters relating to the relationship between BHP Billiton and the proposed invitee that you believe should be considered in relation to the provision of hospitality having regard to BHP Billiton’s Guide to Business Conduct?”

So the right forms were in place and some of them were fully filled out. However, as the Cease and Desist Order made clear, an effective compliance program does not end at that point. Now would be an appropriate time to recall that high risk does not mean you cannot engage in certain conduct. High risk means that to have an effective compliance program, you have to manage that risk. A basic key to any effective compliance program is oversight or a second set of eyes baked in to your process. BHP formally had this oversight or second set of eyes in the form of an Olympic Sponsorship Steering Committee (OSSC) and Global Ethics Panel Sub-Committee.

Where BHP failed was that “other than reviewing approximately 10 hospitality applications for government officials in mid-2007 in order to assess the invitation process, the OSSC and the Ethics Panel subcommittee did not review the appropriateness of individual hospitality applications or airfare requests. The Ethics Panel’s charter stated that its role simply was to provide advice on ethical and compliance matters, and that “accountability rest[ed] with business leaders.” Members of the Ethics Panel understood that, consistent with their charter, their role with respect to implementation of the hospitality program was purely advisory. As a result, business managers had sole responsibility for reconciling the competing goals of inviting guests – including government officials – who would ““maximize [BHPB’s] commercial investment made in the Olympic Games” without violating anti-bribery laws.”

But there was more than simply a failure of oversight by BHP. The Cease and Desist Order noted that not all of the forms were filled out with the critical information around a whether a proposed recipient might have been a government official. Even more critically missing was information on whether the proposed recipient was in a position to exert influence over BHP business. Moreover, BHP did not provide training to the business unit employees who ended up making the call as to whether or not to provide the hospitality on payment of travel and hospitality for spouses. The Cease and Desist Order stated that BHP “did not provide any guidance to its senior managers on how they should apply this portion of the Guide when determining whether to approve invitations and airfares for government officials’ spouses.” Finally, there were no controls in place to update or provide ongoing monitoring of the critical information in the forms.

All of this led the SEC to state the following, “As a result of its failure to design and maintain sufficient internal controls over the Olympic global hospitality program, BHPB invited a number of government officials who were directly involved with, or in a position to influence, pending negotiations, efforts by BHPB to obtain access rights, or other pending matters.” This led to the following, “BHPB violated Section 13(b)(2)(B) because it did not devise and maintain internal accounting controls over the Olympic hospitality program that were sufficient to provide reasonable assurances that access to assets and transactions were in executed in accordance with management’s authorization.” Perhaps it was stated most succinctly by Antonia Chion, Associate Director of the SEC’s Division of Enforcement, in the SEC Press Release announcing the enforcement action when he said, “A ‘check the box’ compliance approach of forms over substance is not enough to comply with the FCPA.”

There is also clear guidance from the SEC about how BHP was able to obtain the reduced settlement it received. BHP “provided significant cooperation with the Commission’s investigation”. Moreover, the Cease and Desist Order laid out the remedial steps the company took. These steps included: (1) creation of compliance group independent of the business units; (2) review of its anti-corruption program and implementation of certain upgrades; (3) embedding of anti-corruption managers into the business units; (4) enhancements of “its policies and procedures concerning hospitality, gift giving, use of third party agents, business partners, and other high-risk compliance areas”; (5) enhancement of “financial and auditing controls, including policies to specifically address conducting business in high-risk markets”; and (6) enhanced anti-corruption compliance training.

FCPA compliance is a relatively simply exercise. That does not mean it is easy. For travels on the Great Emigration on the Oregon Trail, travel was neither simple nor easy. If you want to send government officials to high profile sporting events or provide other high dollar hospitality, the FCPA does not prevent you from doing so. But it is a high risk and to be in compliance you must to manage those high risks appropriately, all the way through the process. The BHP enforcement action provides you a detailed road map of what to do and what not to do.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

April 20, 2015

The Intersection of the FCPA, TI-CPI and Tax Appeals in Brazil

Three Way IntersectionThe Transparency International-Corruptions Perceptions Index (TI-CPI) is released each year in November. The TI-CPI rates Brazil as 69th out of 175 countries on its index, coming in with a score of 43 out of 100. I wonder if TI might consider an interim report this year on Brazil? As things keep going, more and more corruption is alleged to be a part of the everyday fabric of the country. While the Petrobras and related scandals have been well chronicled, the overall stench of corruption just keeps spreading and spreading.

Recently it was announced yet another set of investigations around corruption has begun. This time it involves the Brazilian Finance Ministry’s Administrative Council for Tax Appeal. In an article in the Wall Street Journal (WSJ), entitled “Brazil Probes New Bribery Allegations”, Paulo Trevisani reported that this is an “arbitration board that hears appeals from taxpayers who dispute how much they owe the [Brazilian] government.” The investigation would appear to be widespread as “Prosecutors said 74 companies and 24 individuals are under investigation.”

Interestingly not only is the Finance Ministry investigating the allegations but also the Brazilian internal revenue service, the Brazilian federal police and the Brazilian federal prosecutors office. In what would seem to indicate the inherent conflict of interest in the Finance Ministry investigating itself, Trevisani reported the “Finance Ministry said the alleged scheme wasn’t systematic but rather, involved “isolated acts” carried out by a small group of government tax officials. When prosecutors announced the investigation on March 26 they said that losses to the nation’s treasury totaled $6.1 billion over 15 years.” Oops.

While the entities and individuals under investigation have not been named, “a leading investigator on the case said companies under investigation include Ford Motor Brazil, a unit of Ford Motor Co.; JBS, the world’s largest meatpacker, the Brazilian unit of the Spanish bank Banco Santander SA; and Brazil’s second largest private-sector bank, Bradesco SA.” You may recall from an earlier blog post I noted that Brazil’s third largest state-owned bank Caixa Econômica Federal (Caixa) is also under investigation for corruption.

However, this new corruption scandal is the first time that non-Brazilian companies have come under investigation outside of the Petrobras scandal. The WSJ article noted, “Brazil’s tax system is among the most onerous and complex in the world. Penalties can be steep. That has fostered an environment where corruption can flourish, [un-named] experts say. “Taxes in Brazil are so high and complicated that it is easy for companies to get in trouble with the taxman,” the leading investigator told The Wall Street Journal. The investigator said frequent tax disputes created opportunities for ill-intentioned public servants to profit by helping firms circumvent red tape. Prosecutors say the probe began in 2013 after they received an anonymous letter describing details of the alleged scheme.”

An article in forbes.com, entitled “Ford On List Of Companies Suspected Of Brazilian Tax Fraud” by Kenneth Rapoza, went further than the WSJ article when it laid out the list of “companies are under investigation for taking part in various tax bribery schemes” and then listed the amounts they allegedly avoided paying. The Top Ten list is:

  • Santander: R$3.3 billion
  • Bradesco: R$2.7 billion
  • Ford: R$1.7 billion
  • Gerdau: R$1.2 billion
  • Light: R$929 million
  • Banco Safra: R$767 million
  • RBS: R$672 million
  • Camargo Correa: R$668 million
  • Mitsubishi: R$505 million
  • Banco Industrial: R$436 million

An article in businessinsider.com, entitled “Brazil uncovers multibillion-dollar tax fraud”, reported that this investigation, dubbed Operation Zeal, had uncovered that “the [tax] body managed to obtain tax appeals board rulings in the companies’ favor by either cutting penalties or waiving them altogether. In return, officials allegedly received bribes from some 70 companies believed to have benefited from the scheme. A written statement issued by Brazilian federal police stated “The investigations, begun in 2013, showed the organization acted within the body sponsoring private interests, seeking to influence and corrupt advisors with a view either to securing the cancellation or reduction of penalties from tax authorities”. Moreover, “Police said the scam could have netted the companies as much as 19 billion reais ($5.9 billion) but evidence uncovered so far amounts to around a third of that amount.” Finally, and perhaps most ominously, the article said, “Federal police organized crime chief Oslain Campos Santan said the total sums could end up being “as much” as that involved in the Petrobras scam”.

This new Brazilian corruption scandal recalls the Foreign Corrupt Practices Act (FCPA) enforcement action against the Houston-based Parker Drilling Company. According to the Department of Justice (DOJ) Press Release issued at the time of the announcement of the conclusion of the matter, the company was issued a tax assessment on its drilling rigs. The Press Release went on to state, “According to court documents, rather than pay the assessed fine, Parker Drilling contracted indirectly with an intermediary agent to resolve its customs issues. From January to May 2004, Parker Drilling transferred $1.25 million to the agent, who reported spending a portion of the money on various things including entertaining government officials. Emails in which the agent requested additional money from Parker Drilling referenced the agent’s interactions with Nigeria’s Ministry of Finance, State Security Service, and a delegation from the president’s office. Two senior executives within Parker Drilling at the time reviewed and approved the agent’s invoices, knowing that the invoices arbitrarily attributed portions of the money that Parker Drilling transferred to the agent to various fees and expenses. The agent succeeded in reducing Parker Drilling’s TI Panel fines from $3.8 million to just $750,000.”

So with all of the above that has been written about in the past few weeks, where do you think Brazil should be on the TI-CPI? While its rating of 43 out of 100 may not seem too low or perhaps more accurately too much perceived corruption, it may be time for a mid-year reassessment. Certainly if you are a Chief Compliance Officer (CCO) or compliance practitioner you may wish to perform your own reassessment. If you have any dealings with the Brazilian Finance Ministry’s Administrative Council for Tax Appeal, you need to perform an internal investigation starting today on all information you can find about the process and results. For if the results were extremely favorable the reason for the achievement may have violated both Brazilian law and the FCPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 18, 2015

The Blue Geranium – SEC Enforcement of the FCPA – Part III

Blue GeraniumIn Christie’s The Blue Geranium a difficult and cantankerous semi-invalid wife is looked after by a succession of nurses. They changed regularly, unable to cope with their patient, with one exception Nurse Copling who somehow managed the tantrums and complaints better than others of her calling. The wife had a predilection for fortunetellers and one announced that the wallpaper in the wife’s room was evil; pronouncing she should “Beware of the Full Moon. The Blue Primrose means warning; the Blue Hollyhock means danger; the Blue Geranium means death.” Four days later, one of the primroses in the pattern of the wallpaper in the wife’s room changed color to blue in the middle of the night, when there had been a full moon.

On the morning after the next full moon, the wife was found dead in her bed with only her smelling salts beside her. Once again Miss Marple has the solution remembering that potassium cyanide resembled smelling salts in odor. The wife took what she thought were smelling salts but was in reality potassium cyanide. The flowers on the wallpaper had been treated with litmus paper which the turned the geranium in question blue, which unmasked the killer.

I found this story to be an interesting way to introduce the topic of the Securities and Exchange Commission’s (SEC’s) damage remedies. While some are obvious, such as the fines and penalties which are listed in the text of the Foreign Corrupt Practices Act (FCPA), another one, that being profit disgorgement must be seen through the lens of multiple legislations.

Monetary Fines

The damages that are available to the SEC differ in some significant aspects from those available to the Department of Justice (DOJ) in its enforcement of the criminal side of the FCPA. According to the FCPA Guidance, “For violations of the anti-bribery provisions, cor­porations and other business entities are subject to a civil penalty of up to $16,000 per violation. Individuals, including officers, directors, stockholders, and agents of companies, are similarly subject to a civil penalty of up to $16,000 per violation, which may not be paid by their employer or principal. For violations of the accounting provisions, SEC may obtain a civil penalty not to exceed the greater of (a) the gross amount of the pecuniary gain to the defendant as a result of the violations or (b) a specified dollar limitation. The specified dollar limitations are based on the egregious­ness of the violation, ranging from $7,500 to $150,000 for an individual and $75,000 to $725,000 for a company.”

As straightforward as these monetary amounts may seem, the totals can become very large very quickly. As noted by Russ Ryan in a guest post on the FCPA Professor’s blog, entitled “Former SEC Enforcement Official Throws The Red Challenge Flag, the SEC significantly multiplied those amounts in a default judgment context against former Siemens executives by claiming that “four alleged bribes should be triple-counted as three separate securities law violations – once as a bribe, again as a books-and-records violation, and yet again as an internal-controls violation – thus artificially multiplying four violations to create twelve.” Further, under the specific books-and-records and internal-controls allegations “the SEC was super aggressive, taking the position that these classically non-fraud violations involved “reckless disregard” of a regulatory requirement, thus allowing the SEC to demand the maximum $60,000 per violation in “second-tier” penalties rather than the $6,000 per violation in the “first-tier” penalties ordinarily associated with non-fraud violations.”

Profit Disgorgement

In addition to the above statutory fines and penalties, “SEC can obtain the equitable relief of disgorgement of ill-gotten gains and pre-judgment interest and can also obtain civil money penalties pursuant to Sections 21(d)(3) and 32(c) of the Exchange Act. SEC may also seek ancillary relief (such as an accounting from a defendant). Pursuant to Section 21(d)(5), SEC also may seek, and any federal court may grant, any other equitable relief that may be appropriate or necessary for the benefit of investors, such as enhanced remedial measures or the retention of an independent compliance consultant or monitor.” These remedies can be sought in a federal district court of through the SEC administrative process.

As explained by Marc Alain Bohn, in a blog post on the FCPA Blog entitled “What Exactly is Disgorgement?” profit “Disgorgement is an equitable remedy authorized by the Securities Exchange Act of 1934 that is used to deprive wrong-doers of their ill-gotten gains and deter violations of federal securities law. The Act gives the SEC the authority to enter an order “requiring accounting and disgorgement,” including reasonable interest, as part of administrative or cease and desist proceedings”. In another article Bohn co-authored with Sasha Kalb, entitled “Disgorgement – the Devil You Don’t Know” published in Corporate Compliance Insights (CCI), they set out how such damages are calculated. They said, “In calculating disgorgement, the SEC is required to distinguish between legally and illegally obtained profits. The first step in such calculations is to identify the causal link between the unlawful activity and the profit to be disgorged. Once this causal link is established, the SEC may assert its right to disgorge illicit profits that stem from this wrong-doing. Because calculations like these often prove difficult, courts tend to give the SEC considerable discretion in determining what constitutes an ill-gotten gain by requiring only a reasonable approximation of the profits which are causally connected to the violation.”

However if you read the FCPA quite closely you will not find any language regarding profit disgorgement as a remedy. Nevertheless a simple reading of the statute does not limit our inquiry as to this remedy. In a Note, published in the University of Michigan Journal of International Law, entitled “The Foreign Corrupt Practices Act, SEC Disgorgement of Profits and the Evolving International Bribery Regime: Weighing Proportionality, Retribution and Deterrence”, author David C. Weiss explained the development of the remedy of profit disgorgement. As noted by Bohn, profit disgorgement was always available to the SEC from the very beginning of its existence, through the enabling legislation of 1934. But as explained by Weiss, in the completely unrelated legislation entitled The Penny Stock Reform Act of 1990, profit disgorgement was “authorized by statute [as a remedy to the SEC] without a limitation to the FCPA.”

Finally, and what many compliance practitioners do not focus on for SEC enforcement of the FCPA, was the enactment of Sarbanes-Oxley Act of 2002 (SOX). Weiss said, “The most recent change to the way in which the SEC enforces the FCPA—and a critical development to consider—is SOX, which affects virtually all of the SEC’s prosecutions, including those under the FCPA. When assessing penalties, the SEC draws on SOX to provide great latitude in determining the types of penalties it enforces. While SOX did not amend the FCPA itself, it did amend both civil and criminal securities laws relating to compliance, internal controls, and penalties for violations of the Exchange Act. Since the enactment of SOX, the SEC has possessed the power to designate how a particular penalty that it assesses will be classified.” [citations omitted]

There has been criticism of the SEC using profit disgorgement as a remedy. As far back as 2010, the FCPA Professor criticized this development in his article “The Façade of FCPA Enforcement” where he found fault with the remedy of profit disgorgement for books and records violations or internal controls violations only, where there is no corresponding “enforcement action charging violations of the anti-bribery provisions.” He wrote “It is difficult to see how a disgorgement remedy premised solely on an FCPA books and records and internal controls case is not punitive. It is further difficult to see how the mis-recording of a payment (a payment that the SEC does not allege violated the FCPA’s anti-bribery provisions) can properly give rise to a disgorgement remedy.”

Bohn and Kalb said, “Over the last six years, disgorgement has served to significantly increase the financial loss that companies are exposed to in FCPA enforcement matters. In addition to the considerable civil penalties often imposed by the SEC as part of FCPA settlements, the SEC has made clear that it will not hesitate to seek recovery of large sums through disgorgement provided they are reasonably related to the alleged misconduct. Yet the methodology used by the SEC to support the amounts it seeks to disgorge has not been much discussed.  In the absence of adequate guidance as to how these sums are calculated, disgorgement poses an even greater risk in the current aggressive FCPA enforcement climate.” I would only add to their conclusion that profit disgorgement is here to stay.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 29, 2015

Welcome to COSO and the World of Internal Controls – Part I

Internal ControlsI have intentionally avoided a Top Five or Top Ten prediction list for Foreign Corrupt Practices Act (FCPA) enforcement going forward from 2014 into 2015. However there is one area of FCPA enforcement, which I think underwent a sea change in 2014 and has significant implications for the Chief Compliance Officer (CCO) and compliance practitioner in 2015 and far beyond. That change will be in the enforcement by the Securities and Exchange Commission (SEC) of the internal controls provisions of the FCPA. Last fall we saw three SEC enforcement actions, where there was no corresponding Department of Justice (DOJ) enforcement action yet there was a SEC enforcement action around either the lack or failure of internal controls. Those enforcement actions were Smith & Wesson, Layne Christensen and Bio-Rad.

Coupled with this new found robust enforcement strategy by the SEC, is the implementation of the COSO 2013 Framework, which became effective in December 2014. COSO stands for Committee of Sponsoring Organizations of the Treadway Commission, which originally adopted, in 1992, a framework for basis to design and then test the effectiveness of internal controls. It was deemed necessary to update this more than 20-year old COSO Framework, as modified in 2013, so that it provides a very supportable approach when adversarial third parties challenge whether a company has effective internal controls. While the COSO Framework is designed for financial controls, I believe that the SEC will use the 2013 Framework to review a company’s internal controls around compliance. This means that you need to understand what is required under the 2013 Framework and be able to show adherence to it or justify an exception if you receive a letter from the SEC asking for evidence of your company’s compliance with the internal controls provisions of the FCPA.

Because I believe this single area of FCPA enforcement is so important and will increase so much, I am going to dedicate several posts to an exploration of internal controls, focusing on the COSO 2013 Framework. In Part I, I begin with a review of internal controls under the FCPA.

What are internal controls?

What are internal controls in a FCPA compliance program? The starting point is the law itself. The FCPA itself requires the following:

Section 13(b)(2)(B) of the Exchange Act (15 U.S.C. § 78m(b)(2)(B)), commonly called the “internal controls” provision, requires issuers to:

devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—

(i) transactions are executed in accordance with management’s general or specific authorization;

(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and

(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any

differences ….

The DOJ and SEC, in their jointly released FCPA Guidance, stated, “Internal controls over financial reporting are the processes used by companies to provide reasonable assurances regarding the reliability of financial reporting and the preparation of financial statements. They include various components, such as: a control environment that covers the tone set by the organization regarding integrity and ethics; risk assessments; control activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring.” Moreover, “the design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as: the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.”

Aaron Murphy, a partner at Foley and Lardner in San Francisco and the author the most excellent resource entitled “Foreign Corrupt Practices Act”, has said, “Internal controls are policies, procedures, monitoring and training that are designed to ensure that company assets are used properly, with proper approval and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand – where there are record-keeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”

Well-know internal controls expert Henry Mixon has said that internal controls are systematic measures such as reviews, checks and balances, methods and procedures instituted by an organization that performs several different functions. These functions include allowing a company to conduct its business in an orderly and efficient manner; to safeguard its assets and resources, to detect and deter errors, fraud, and theft; to assist an organization ensuring the accuracy and completeness of its accounting data; to enable a business to produce reliable and timely financial and management information; and to help an entity to ensure there is adherence to its policies and plans by its employees, applicable third parties and others. Mixon adds that internal controls are entity wide; that is, they are not just limited to the accountants and auditors. Mixon also notes that for compliance purposes, controls are those measures specifically to provide reasonable assurance any assets or resources of a company cannot be used to pay a bribe. This definition includes diversion of company assets, such as by unauthorized sales discounts or receivables write-offs as well as the distribution of assets.

The FCPA Guidance goes further to specify that internal controls are a “critical component” of a best practices anti-corruption compliance program. This is because the design of an entity’s “internal controls must take into account the operational realities and risks attendant to the company’s business, such as the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption. A company’s compliance program should be tailored to these differences.” After a company analyzes its own risk, through a risk assessment, it should design its most robust internal controls around its highest risk.

COSO and Internal Controls

Larry Rittenberg, in his book COSO Internal Control-Integrated Framework said that the original COSO framework from 1992 has stood the test of time “because it was built as conceptual framework that could accommodate changes in (a) the environment, (b) globalization, (c) organizational relationship and dependencies, and (d) information processing and analysis.” Moreover, the updated 2013 Framework was based upon four general principles which including the following: (1) the updated Framework should be conceptual which allows for updating as internal controls (and compliance programs) evolve; (2) internal controls are a process which is designed to help businesses achieve their business goals; (3) internal controls applies to more than simply accounting controls, it applies to compliance controls and operational controls; and (4) while it all starts with Tone at the Top, “the responsibility for the implementation of effective internal controls resides with everyone in the organization.” For the compliance practitioner, this final statement is of significant importance because it directly speaks to the need for the compliance practitioner to be involved in the design and implementation of internal controls for compliance and not to simply rely upon a company’s accounting, finance or internal audit function to do so.

So why will all of the above be a sea change for FCPA enforcement since after all, the requirement for internal controls has been around since 1977. The Smith & Wesson case shows the reason. In its Administrative Order, the SEC stated, “Smith & Wesson failed to devise and maintain sufficient internal controls with respect to its international sales operations. While the company had a basic corporate policy prohibiting the payment of bribes, it failed to implement a reasonable system of controls to effectuate that policy.” Additionally, the company did not “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed in accordance with management’s general or specific authorization; transactions are recorded as necessary to maintain accountability for assets, and that access to assets is permitted only in accordance with management’s general or specific authorization.” All of this was laid out in the face of no evidence of the payment of bribes by Smith & Wesson to obtain or retain business. This means it was as close to strict liability as it can be without using those words. Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit, was quoted in a SEC Press Release on the matter that “This is a wake-up call for small and medium-size businesses that want to enter into high-risk markets and expand their international sales.” When a company makes the strategic decision to sell its products overseas, it must ensure that the right internal controls are in place and operating.”

In Part II we will begin our exploration of the COSO 2013 Framework and what it requires in the way of internal controls for your FCPA compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 6, 2015

Byzantium and the Alstom FCPA Settlement – Part III

ByzantiumPorphyry is a type of stone that was much favored in the Roman world. In a review of several books in the New York Review of Books, entitled “The Purple Stone of Emperors”, Peter Brown looked into the history of the lithic in the context of Byzantium as the true heir of the Roman Empire. He theorized that if “porphyry was the blood of ancient empire, then it must be to Constantinople that we should look (and not to Western Europe) if we wish to understand the heritage of Rome in the Middle Ages.” I found that an appropriate way to think about an apparent anomaly in the recent Alstom Foreign Corrupt Practices Act (FCPA) enforcement action. In Part III of my series on the Alstom natter I consider the accounting records violations that the French parent, Alstom SA, agreed to in this enforcement action.

The FCPA Professor noted in his second blog post on this matter, entitled “Issues to Consider from the Alstom Action”, “The charges against Alstom S.A. are a real head-scratcher. The conventional wisdom for why the Alstom action involved only a DOJ (and not SEC) component is that Alstom ceased being an issuer in 2004 (in other words 10 years prior to the enforcement action). Yet, the actual criminal charges Alstom pleaded guilty to – violations of the FCPA’s books and records and internal controls provisions – were based on Alstom’s status as an issuer (as only issuers are subject to these substantive provisions). In other words, Alstom pleaded guilty to substantive legal provisions in 2014 that last applied to the company in 2004.”

The Professor had also raised this issue in his first blog post on the resolution, entitled “All About the Alstom Enforcement Action”. After considering his thoughts on this issue, I decided to look into it a bit more deeply. Alstom SA was charged with several different FCPA violations including the following, 15 U.S.C. 78m(b)(2)(A), 15 USC §78m(b)(2)(B) and 78m(b)(5) which read in whole,

15 U.S.C. § 78m [Section 13 of the Securities Exchange Act of 1934] 

(b) Form of report; books, records, and internal accounting; directives

(2) Every issuer which has a class of securities registered pursuant to section 78l of this title and every issuer which is required to file reports pursuant to section 78o(d) of this title shall—

(A) make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer;

(B) devise and maintain a system of internal accounting controls sufficient

to provide reasonable assurances that—

(5) No person shall knowingly circumvent or knowingly fail to imple­ment a system of internal accounting controls or knowingly falsify any book, record, or account described in paragraph (2).

These provisions are generally referred to as the ‘accounting provisions’ of the FCPA. As stated in the FCPA Guidance, “In addition to the anti-bribery provisions, the FCPA contains accounting provisions applicable to public companies. The FCPA’s accounting provisions operate in tandem with the anti-bribery provisions and prohibit off-the-books accounting. Company management and investors rely on a company’s financial statements and internal accounting controls to ensure transparency in the financial health of the business, the risks undertaken, and the transactions between the company and its customers and business partners. The accounting provisions are designed to “strengthen the accuracy of the corporate books and records and the reliability of the audit process which constitute the foundations of our system of corporate disclosure.””

Moreover, these accounting provisions, including both the books and records and internal control provisions, are defined to apply to “issuers”. As set out in the FCPA Guidance, “The FCPA’s accounting provisions apply to every issuer that has a class of securities registered pursuant to Section 12 of the Exchange Act or that is required to file annual or other periodic reports pursuant to Section 15(d) of the Exchange Act.244 These provisions apply to any issuer whose securities trade on a national securities exchange in the United States, including foreign issuers with exchange traded American Depository Receipts. They also apply to companies whose stock trades in the over-the-counter market in the United States and which file periodic reports with the Commission, such as annual and quarterly reports. Unlike the FCPA’s anti-bribery provisions, the accounting provisions do not apply to private companies.”

Charging Box Score

Alstom Entity Charges Time of Criminal Conduct Issuer Status
Alstom SA 15 USC §78m(b)(2)(A)15 USC §78m(b)(2)(B)15 USC §78m(b)(5)

15 USC §78ff(a)

18 USC §2

1998-2004 Issuer until 2004
Alstom Power Inc. 18 USC §371-conspiracy to violate the FCPA 2002-2009 Subsidiary of Issuer until 2004
Alstom Grid Inc. 18 USC §371-conspiracy to violate the FCPA 2000-2010 Subsidiary of Issuer until 2004
Alstom Network Schweiz AG 18 USC §371-conspiracy to violate the FCPA 2000-2011 Subsidiary of Issuer until 2004

While I agree with the above, I do disagree with the Professor’s final statement that “This free-for-all, anything goes, as long as the enforcement agencies collect the money nature of FCPA enforcement undermines the legitimacy and credibility of FCPA enforcement.” The reason I disagree is that this was a negotiated settlement, not a dictat or court proceeding. With no doubt excellent FCPA defense counsel involved, Alstom must have had its own reasons for agreeing to such a settlement. Without any further comment by the company, we will have to speculate as to some of the reasons for this component of the resolution.

First and foremost is that clearly Alstom did engage in conduct which substantially violated the FCPA. It would further appear that the conduct reached right up into the corporate home offices in France. By agreeing to the books and records and internal control violations, Alstom may have avoided any direct admission of guilt under French law, which we now know from the Total FCPA enforcement action is significant for a French company, because what is illegal bribery and corruption under US law is not necessarily illegal under French law.

Other than the anomalous French law issue, there may be another important consideration going on here. Alstom is under acquisition by General Electric (GE). Not only does GE pride itself and very publicly inform about its anti-corruption compliance program, GE has a large number of contracts with the US and other governments which might looks askance at doing business with a business unit that admitted to substantive FCPA violations of bribery and corruption. While I do not think that GE would be in danger of being debarred, it might well be that certain governments might not want to do business with a new subsidiary which made such a court admission. I find this to be more than simply a distinction without a difference. Consider the trouble that Hewlett-Packard (HP) is in north of the border in Canada regarding potential debarment by the Canadian government for its FCPA violations as set forth in its FCPA resolution of last April. So perhaps from Alstom’s perspective, the company believed it received benefits from settling based upon accounting violations.

But whatever the reason, it is clear that Alstom did engage in substantive FCPA violations. It’s settlement is that, a settlement of outstanding issues, which the company was a willing participant. It may not have been what the company wanted but I do not find that by charging Alstom for books and records and internal controls violations for the time frame it was clearly liable in any way demeans, degrades or lessens FCPA enforcement going forward. But just as we need to look to Byzantium to determine the heritage of Rome through the Middle Ages, by looking at the facts and circumstances around Alstom’s FCPA from the Alstom perspective and what it hoped to obtain in the settlement, we might be able to glean some insights.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

January 2, 2015

The Alstom FCPA Enforcement Action – Part I

Welles at 100As the first blog post of 2015, I thought it appropriate to highlight two outstanding confluences. The first is that this year is the centenary of the birth of Orson Welles. While not occurring in 2015, near the end of 2014 we had the settlement of the long-standing Alstom Foreign Corrupt Practices Act (FCPA) enforcement action announced. Both are worthy on note this second day of our mid-decade mark. First Welles. Many consider him one of the most talented directors ever to come through the American film industry. Almost any cinema-goer will recognize the names of Citizen Kane and The Magnificent Ambersons as two of greatest films of all-time. But I found The Lady from Shanghai, Macbeth and most particularly Touch of Evil all to be excellent films for their respective genres. And do not forget his acting; not only in the aforementioned Citizen Kane and Touch of Evil but also as Harry Lime in The Third Man. Welles could also be a philosopher. Kristin M. Jones, writing in the Wall Street Journal (WSJ), in an article entitled “Welles at 100”, quoted him for the following, “Art is the lie that makes us realize the truth.” She ended her piece with the observations that “Searching for the truth beyond Welles’s beautiful lies is still a journey worth taking.”

All of which brings us to Alstom and the resolution of its FCPA enforcement action. Over the next couple of posts, I will be looking the enforcement action for it is certainly ‘a journey worth taking’ to try and glean nuggets for the compliance practitioner. Today I will review the amounts of money involved and some of the larger concepts that I see at play in this matter. Next I will review the specifics of the Deferred Prosecution Agreements (DPAs) and see what lessons we may draw from them. Beyond that, we will have to see where the journey takes us.

First, and foremost, is how did Alstom find itself in the position that it now occupies as Number 2 on the all-time hit parade of FCPA enforcement actions? Particularly, as noted by the FCPA Professor in his post, entitled “All About the Alstom Enforcement Action”, that “Alstom employed approximately 110,000 employees in over 70 countries. The information contains specific allegations as to 9 individuals associated with Alstom and 9 consultants associated with Alstom.”

Usually when someone comes in at Number 2, the ranking comes with some ignominy. Though for Alstom it is not because they did not win but because they now have the second highest total FCPA monetary fine in the history of the world at a stunning $772,290,000. I say total because the current Number 1, Siemens, is at $800MM and included both a Department of Justice (DOJ) component of $450MM and Securities and Exchange Commission (SEC) component of $350MM. However with the Alstom fine, the entire amount was paid to DOJ as a fine and no monies were paid to the SEC because at the time of the resolution, Alstom was not an ‘issuer’ under the FCPA and the SEC had no jurisdiction. This makes Alstom the largest criminal FCPA fine of all-time. One interesting note is that two other French companies, Total SA and Technip SA, join Alstom on the all-time Top 10 list. Somewhere I am sure Mr. French is shaking his very well coiffured head in shame in the great TV Land in the sky.

I would say the amounts paid out and benefits received by Alstom were stunning but it might do a disservice to the word stunning. So below I have laid out information below.

Alstom Bribery Box Score

Country Bribe Amount Paid Benefit Received
Indonesia (not listed) $378MM
Saudi Arabia $51.2MM $3bn
Egypt ‘Millions and millions’ $175MM
Bahamas $1MM (not listed)
Taiwan (not listed) $15MM
Total $75MM $4bn in contracts with $296MM in profits

The FCPA Professor also noted, “at its core, the Alstom enforcement action involved inadequate controls concerning the engagement, monitoring and supervision of the consultants.” However it is most difficult to believe that Alstom suffered from a corporate culture which was at best make your numbers or at worst something much more nefarious. The amounts paid were simply so large and the bribery schemes so pervasive that there had to be much more than simply 9 persons lying, cheating and stealing all while merrily skipping home to Grandmother’s house in the woods. Indeed, as noted by WSJ reporters Joel Schechtman and Brent Kendall, in their article entitled “Alstom to Pay $772 Million to Settle Bribery Charges”, “The record criminal bribery penalty comes after more than six years of investigations into Alstom from law enforcement in 10 countries. The company and its subsidiaries’ schemes lasted for more than a decade, into at least 2011”.

Also of note is that the Alstom enforcement action was the first in 2014 where the fine was not at either the low range or even lower than calculations the Sentencing Guidelines would have suggested. The range for the fine was calculated to be between $592MM and $1.184bn. This range was a direct result of the failure of Alstom to take the investigation seriously, to cooperate with the DOJ or to even put anything like a positive step forward in the way of remedial actions during a large part of the investigative process. The DOJ Press Release quoted Assistant Attorney General Leslie R. Caldwell that “This case is emblematic of how the Department of Justice will investigate and prosecute FCPA cases – and other corporate crimes. We encourage companies to maintain robust compliance programs, to voluntarily disclose and eradicate misconduct when it is detected, and to cooperate in the government’s investigation. But we will not wait for companies to act responsibly. With cooperation or without it, the department will identify criminal activity at corporations and investigate the conduct ourselves, using all of our resources, employing every law enforcement tool, and considering all possible actions, including charges against both corporations and individuals.”

Finally, from a big picture perspective was the international scope of the investigation. In the DOJ Press Release, FBI Executive Assistant Director Robert Anderson Jr. said that “This investigation spanned years and crossed continents, as agents from the FBI Washington and New Haven field offices conducted interviews and collected evidence in every corner of the globe.” Further, the DOJ acknowledged significant cooperation from “the law enforcement colleagues in Indonesia at the Komisi Pemberantasan Korupsi (Corruption Eradication Commission), the Office of the Attorney General in Switzerland, the Serious Fraud Office in the United Kingdom, as well as authorities in Germany, Italy, Singapore, Saudi Arabia, Cyprus and Taiwan.” Truly worldwide in scope.

Next, I will look at some of the specifics in the various Alstom DPAs to determine where best practices compliance program may be headed.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

December 30, 2014

The Avon FCPA Settlement, Part II

Bad ConductI am back from my holiday break and am looking forward to many good ideas for blogs in the coming year. However before we get to 2015, I have to finish out some matters from 2014. Today I continue my look at the Avon Foreign Corrupt Practices Act (FCPA) enforcement action, which was announced earlier this month. In today’s post I will look at the bribery scheme and cover-up that Avon employed. Tomorrow I will conclude with some final lessons to be gleaned from the Avon enforcement action for both the compliance practitioner and greater corporate world. Avon Products (China) Co. Ltd. is referred to as ‘Avon China’ and Avon Products, Inc. (the US parent) is referred to as ‘Avon’.

With a sustained plan that one can only say was well thought out, Avon set out to conquer the Chinese market for door-to-door sales. To do so, Avon had to navigate a bureaucratic maze. This maze began with a Test License obtained in 2005 and later a national direct selling license together with approvals from each province and municipality where the company wanted to sell its products. To obtain the required licenses, the company set a bribery scheme which worked at all levels of the company’s China subsidiary, Avon China, and reached back to the home office in the US, Avon Products. Both of these entities were the subject of the FCPA enforcement action concluded earlier this month. The bribery scheme itself paid out over $8MM in bribes before it was concluded.

To facilitate this process Avon China set up a business unit entitled the Corporate Affairs Group and later a more focused sub-group as part of the scheme called the Direct Selling Special Task Force. These two groups led the company’s efforts to bribe its way into the China market. They did so through a variety of means, as set out in the settlement documents. Unless cited otherwise, the quotes below are from the Avon China Criminal Information.

Gifts

Avon was fond of giving very high priced gifts to various Chinese government officials. Inevitably, Avon China employees would falsely describe the gift itself in the company’s books and record. To add to this deception, Avon China would omit from the books and records not only who the gift was provided to but also the purpose of the gift. This part of the bribery scheme allowed the gifts of Louis Vuitton products to be described as a “public relations expense” and “Public Relations Business Entertainment”; while the gift of a Gucci bag was described as “business entertainment”.

Meals and Entertainment

This part of the bribery scheme was a clear favorite of Avon China. The aforementioned Direct Selling Special Task Force was ubiquitous in the meals and entertainment arena where its members simply used the term “relations” to refer to “things of value provided to government officials or goodwill that had been obtained by giving such things, including non-business meals and entertainment.” Specifically noted in this part of the bribery scheme were payments of approximately $8,100 described as “sales-business entertainment” provided to a government official so he would approve a product that did not meet Chinese government standards. Other false excuses provided were describing such payments as “business entertainment” and “employee ‘accommodation’ expenses”.

Non-Business Travel

Avon China doled out a huge amount of bribes through the mechanism of phony travel for alleged business purposes. Avon China would claim they were bringing various Chinese government officials (also Wives, Girlfriends and other family members) to locations for business-related travel but in reality the trips were mostly sight-seeing excursions, gambling junkets, a beach vacation and other entertainment which had nothing to do with business purposes. So a trip alleged to be a “site visit/study visit” to the corporate headquarters in New York City and the company’s research and development (R&D) facility in upstate New York became a $90,000, 18-day travel extravaganza to “Vancouver, Montreal, Ottawa, Toronto, Philadelphia, Seattle, Las Vegas, Los Angeles and Washington DC.” (Oh, and one half-day at the company’s upstate New York R&D facility.) Other favorite venues for Chinese government officials and their families were the gambling mecca of Macau, Hong Kong, Hainan Island, Guangzhou, Shenzhen and Sanya. Needless to say, none of these locations had any Avon corporate offices, manufacturing or R&D facilities.

Cash

Always a favorite of bribers everywhere, Avon did not neglect to lay out large amounts of cash. Avon China used a variety of orchestrations to hide these payments including simply stealing it from a (apparently) huge petty cash fund, directing Avon China employees to charge for non-existent expenses and keep the reimbursements from corporate, lying in the books and records by calling such bribe payments as “management expenses-government relations expenses” and even submitting “a handwritten certificate, purportedly from a Chinese government agency, falsely stating that the official would give the funds to the government bureau.”

Payment Through Third Parties

Using an entity identified as “Consulting Company A”, Avon China paid a large number of bribes throughout the period in question. Initially it should be noted that this entity raised numerous red flags that were never investigated or cleared. These began with the fact that it was a Chinese government official who recommended the retention of Consulting Company A to perform ‘lobbying’ services for Avon China. Thereafter the company performed no background investigation into the ownership structure of the company, did not include any compliance terms and conditions in the contract, did not even communicate to this third party of Avon’s Code of Conduct prohibition against bribery of government officials. Beyond these issues, in large part Consulting Company A never performed any legitimate services for Avon China. What Consulting Company A did provide to Avon China was a way to funnel bribe payments to Chinese government officials.

Corporate Connivance in Scheme (AKA The Cover-Up)

While all of the above was bad, one thing which catapulted the Avon FCPA bribery scandal into the realm of seriously bad was the company’s discovery of the bribery scheme and resulting cover-up. According to the Criminal Information for Avon Products, in 2005 a senior auditor in Avon’s internal audit group, “reported to Avon’s Compliance Committee, which was comprised of several senior Avon executives, that Avon China executives and employees were not maintaining proper records of entertainment for government officials” and that an Avon China executive had explained the practice “was intentional because information regarding that entertainment was ‘quite sensitive.’” This led to a Draft Audit Report, reviewed at the highest levels of Avon China and Avon in the US, which concluded that Avon China’s Corporate Affairs Group’s expenses included: “(1) high value gifts and meals that were offered to Chinese government officials; (2) the majority of expenses relating to gifts, meals, sponsorship and travel of substantial monetary value was to maintain relationships with government officials; (3) a third party was paid large amounts of money to interact with Chinese government officials but was not contractually required to follow the FCPA, was not monitored by Avon China, and was paid for vague and unknown services; and (4) the payments, and the lack of accurate, detailed records may violate the FCPA or other anti-corruption laws.”

So what was the company’s response to this information? The internal auditors who prepared the report were required to remove the above language and whitewash the report. Evidence of reviewed misconduct was reduced to two hand-written pages, which were then taken out of China and hand-carried to Avon’s corporate headquarters. All copies of the Draft Audit Report were ordered to be retrieved and destroyed. Finally, as noted in the Criminal Information of Avon China, in January 2007, an Avon executive reported to the Avon Compliance Committee “that the matter reported in 2005 regarding the potential FCPA violations by AVON CHINA executives and employees had been closed as “unsubstantiated” which terminated Avon’s investigation into AVON CHINA’s corrupt conduct.”

Tomorrow we take a look at some of the key lessons to be learned from Avon FCPA enforcement action.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014The v

December 22, 2014

Alstom Joins Santa’s Naughty List – In a Very Big Way

Naughty ListThe North Pole for Foreign Corrupt Practices Act (FCPA) enforcement action announcements seems to have temporarily moved south for the month of December. Last week there was the final announcement of the long-standing Avon FCPA enforcement action. On December 22, 2014, the Department of Justice (DOJ) announced settlement of the Alstom enforcement action. Certainly the DOJ is giving out presents to companies that have been very, very naughty. I am currently exploring the Avon enforcement action over several days of blog posts but I had to interrupt those posts to write something about the Alstom resolution for it was extremely significant gift for the Chief Compliance Officer (CCO), compliance practitioner and companies going forward.

The Fine

First and foremost was the fine amount. At $772MM it is the highest criminal fine for FCPA violations in the history of the world. Siemens’ prior of a reported $800MM was a combination of DOJ and Securities and Exchange Commission (SEC) fines and penalties. Alstom was not subject to the jurisdiction of the SEC so there was no component of this amount for either civil books and records or internal controls violations. But for those few remaining dunderheads out there who think their private company status insulates them from FCPA liability; wake up and smell the mistletoe, as the DOJ will be looking for you to smack a big one on. The fine brings the 2014 fine totals up to around $1.5bn, which comes a close second to the record-setting year of 2010, where the total amount of fines was $1.8bn.

Disclosure, Cooperation and Conduct

While I am in the middle of lambasting Avon for its conduct that led to its FCPA violations, one really has to step aside and give some credit to Alstom for some of the worst actions a company can engage in when dealing with bribery and corruption. If there was anyone on the naughty list, it certainly was Alstom. First is the company’s failure to self-disclose its obvious criminal conduct. The second was the clear foot-dragging in dealing the DOJ, during the pendency of the investigation. Finally, to complete this triumvirate of idiocy was the company’s refusal to timely engage in remediation. Dick Cassin, writing in the FCPA Blog, pointed out that Alstom’s conduct included the following:

  • Alstom’s refusal to fully cooperate with the department’s investigation for several years
  • The breadth of the companies’ misconduct, which spanned many years, occurred in countries around the globe and in several business lines, and involved sophisticated schemes to bribe high-level government officials
  • Alstom’s lack of an effective compliance and ethics program at the time of the conduct, and
  • Alstom’s prior criminal misconduct, including conduct that led to resolutions with various other governments and the World Bank.

Individual Prosecutions

Alstom’s conduct was so bad during the investigation that the DOJ obtained indictments against four company executives during the pendency of the investigation. Three of these executives have pled guilty and are awaiting sentencing. Cassin wrote, “Alstom began cooperating only after the DOJ publicly charged several Alstom executives, the government said.” The UK Serious Fraud Office (SFO) has also brought charges against individuals.

Post Acquisition FCPA Liability

I promised a Christmas present for companies out there and neither Santa nor I want to disappoint those not on the naughty list, for the Alstom enforcement action makes clear that the company which is acquiring them, GE, is not responsible for the fine going forward. This enforcement action reinforces the message the DOJ presented in Opinion Release 14-02; that a company which engages in pre-acquisition due diligence, discloses and then remediates the issues after they acquire the entity, can rest easier about purchasing a FCPA violation. For if GE can purchase a company with the clear attitude about doing business in compliance with anti-corruption laws, such as Alstom, with confidence that it will not be subject to a FCPA enforcement action, it means that any other company can do so as well.

Cassin reported, “Alstom SA pleaded guilty to a two-count criminal information in federal court in Connecticut. The DOJ charged the company with violating the Foreign Corrupt Practices Act by falsifying its books and records and failing to implement adequate internal controls. Alstom admitted its criminal conduct…In addition, Alstom Network Schweiz AG, a Swiss subsidiary, pleaded guilty to a criminal information charging it with conspiracy to violate the antibribery provisions of the FCPA.” Finally, “Two U.S. subsidiaries — Alstom Power Inc. and Alstom Grid Inc. — both entered into deferred prosecution agreement with the DOJ. They admitted that they conspired to violate the antibribery provisions of the FCPA.” The settlement documents have not been released as yet but hopefully they will be by the time of the final sentencing hearing before US District Judge Janet B. Arterton in June 2015.

The significance of this enforcement action will reverberate for a long time to come.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

December 8, 2014

DPAs and NPAs – Powerful Tools in the Fight Against Corruption

ToolAs readers of this blog know the FCPA Professor and I usually look at the same Foreign Corrupt Practices Act (FCPA) enforcement action, item or remark and see different things. Sometimes we even hear the same thing and come away with different interpretations. Last week, we experienced yet another instance of the former where we both looked at the same article, that being one in Global Investigations Review entitled “Caldwell: settlement a “more powerful tool” than convictions” by Rahul Rose, yet came away with different interpretations. After some to-ing and fro-ing, we decided that we would both post our interpretations on the same day. So with a nod to Dan Fogelberg and Tim Weisberg, today we have the first twin posts from different bloggers dual- blog posts. Since we agreed to write our respective posts without seeing the other’s post and hence could not comment on each other’s post, I urge that after you finish reading my blog today, you click on over to the FCPA Professor’s site and see what his thoughts on Caldwell’s remarks might be.

The specific remarks we want to focus on were apparently made by during the Q&A session of Assistant Attorney General Leslie R. Caldwell who spoke at the Launch of the Organization for Economic Co-operation and Development Foreign Bribery Report, note these remarks were not found in the printed remarks of the speech on the Department of Justice (DOJ) website. In her Q&A, Rose reported the following, “Caldwell told the audience in Paris: “Companies cannot be sent to jail, so all a court can do is say you will pay ‘x’. We can say: ‘you will also have a monitor and will do all sorts of other things for the next five years, and if you don’t do them for the next five years then you can still be prosecuted’.” [And for the money shot] “In the United States system at least it is a more powerful tool than actually going to trial,” she said.”

It turns out that I have been thinking along these lines as well. The debate over the usefulness of Deferred Prosecution Agreement (DPAs) and Non-Prosecution Agreements (NPAs) has been long attended. Yet there are a couple of key reasons that DPAs and NPAs are such powerful tools in the fight against anti-corruption and anti-bribery which I do not believe have been fully articulated or explored. The first is that by settling, the DOJ (and Securities and Exchange Commission [SEC]) will have the ability to monitor the company going forward. This process began under the practice of formally appointing a corporate monitor nominated by the company in the throes of the enforcement action and who would be agreed to by the DOJ. This practice is generally referred to as a company having mandatory monitor.

While this specific practice received a fair amount of criticism from a variety of sources, the basic concept was sound. That concept was that a neutral third party would review a company’s compliance with the terms and conditions of a DPA or NPA and report to the DOJ at intervals generally no shorter than annually. This would give the DOJ eyes and ears into a company to oversee its adherence to the terms of the settlement. But what information did Caldwell convey in her statement as to why she thinks settlements are such a powerful tool? I read three pieces of information her statement about why FCPA settlements are such powerful tools.

‘Do All Sorts of Other Things’

Under this prong a settling defendant is required to do “all sorts of other things.” We know from the DPAs and NPAs relating to FCPA enforcement over the past several years, the minimum that a company will be required to institute is a best practices anti-corruption compliance program. While the FCPA Guidance specifies ten hallmarks of an effective compliance program, the DPAs and NPAs have had between 9 to 16 items listed in the best practices anti-corruption compliance programs that settling companies’ have agreed to institute. If the DOJ went to trial and secured a conviction the company would not have to put such a compliance program in place but only pay a fine or some other monetary penalty. Further, by requiring such a best practices anti-corruption compliance program in such a public manner, through a publicly filed DPA or NPA, the DOJ can communicate its current thinking on what it believes constitutes such a program. This provides valuable information to the compliance practitioner going forward and I believe completely disabuses the argument that companies cannot know what their obligations might be to comply with the FCPA or that companies do not know what the DOJ expects from them in the area of a FCPA compliance regime.

‘You will also have a monitor’

David E. Matyas and Lynn Shapiro Snyder
from the law firm of Epstein Becker & Green P.C., described the duties of a corporate monitor in their article entitled, “Monitoring the Monitor? The Need for Further Guidance Governing Corporate Monitors Under Pre-Trial Diversion Agreements”. The monitor would meet with “the company’s board and employees. A monitor then develops a work plan which defines the scope, access, and power the monitor will have over the company. The monitor’s work involves frequent visits to the company (including possible on-site accommodations) and broad access to company documents and meetings. The monitor should be knowledgeable about the regulatory aspects of the company’s operations, but that is not necessarily a criterion for selection of the monitor. Indeed, a monitor can hire others to assist in his or her responsibilities at the company’s expense. The monitor files periodic reports with the U.S. Attorney’s Office and makes visits with that office as well as with the company. At the conclusion of a monitor’s term – often 24-36 months – the monitor files a final report that details the activities accomplished and whether the company complied with all the terms of the agreement.”

So the monitor provides the DOJ with continued insight into what the company is doing to satisfy its settlement obligations around the implementation of its compliance program. If the DOJ has high confidence that the company has and will continue to put significant resources and efforts into its compliance program, it may agree to a voluntary monitor, as we have seen with the Parker Drilling and Hewlett-Packard (HP) DPAs. If the DOJ does not have such confidence, it may require a monitor for the length of the DPA, such as we saw in the Total DPA, which was three years. The DOJ may also take an interim position on the mandatory or voluntary nature of the monitor by allowing a company to end a mandatory monitorship half-way through the pendency of a DPA as it did with the Weatherford DPA, which allowed the mandatory monitorship to end at the 18 month mark of a three year DPA, if certain criteria were met.

‘You can still be prosecuted’ 

This final point is not to be underestimated. Once again if a company is found guilty at trial, a fine and/or penalty will be assessed and payment is the end of it. While it still may be under enhanced scrutiny, it will not have the affirmative obligation to report any FCPA violations going forward, nor will it bear potential liability and prosecution for failure to implement the terms and conditions of the DPA or NPA. Indeed, the company will agree to be prosecuted if there is another violation or it fails to implement as agreed to.

So by using DPAs and NPAs as settlement tools, I believe that the DOJ is able to impact on an ongoing basis, for two to three years, the compliance program of a settling company. This continued oversight usually translates into greater enthusiasm by a settling company to get compliance right so that it does not have to go through the full FCPA investigation and enforcement process. Of course there will always be recalcitrant companies such as Marubeni Corporation, which do not take the agreed to compliance obligations seriously going forward. When they get into trouble as recidivists, the second penalty is usually much higher. But there is also benefit to the compliance practitioner and greater compliance community because the DOJ communicates its expectations in these DPAs and NPAs. So they also work as powerful communication tools. Finally, by requiring a third party to act as the monitor, whether voluntary or mandatory, the DOJ can get some independent insight into what a company is doing compliance-wise.

Not knowing what the Professor has said, I have not tried to anticipate his arguments or rebut them directly. Nonetheless, I have tried to articulate why I agree with Ms. Caldwell’s remarks and why I continue to find the DOJ’s use of DPAs and NPAs as settlement tools a powerful weapon in the fight against bribery and corruption. I also hope that you will find favor with this exercise that the FCPA Professor and I have engaged in because we both believe that ongoing debate over FCPA enforcement is worthwhile for the compliance practitioner and necessary for the long-term success of compliance moving forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,257 other followers