Monitors | FCPA Compliance and Ethics Blog

December 17, 2014

Scrooge and Corporate Settlement Agreements

Filed under: Compliance,compliance programs,Corporate Monitors,Deferred Prosecution Agreement,Department of Justice,FCPA,Monitors — tfoxlaw @ 12:01 am

Although there seems to be a difference in the precise publication date between the online reference sites This Day in History and Wikipedia, today we celebrate the Charles Dickens’ work A Christmas Carol, which both sites acknowledge was published in 1843. This story has become well known and omnipresent in the Christmas season; in film, theater, radio, television, cartoon, opera and about every other form of media known to mankind. A Christmas Carol tells the story of a bitter old miser, Ebenezer Scrooge and his transformation into a gentler, kindlier man after visitations by the ghost of his former business partner Jacob Marley and the Ghosts of Christmases Past, Present and Yet to Come.

The book was written at a time when the English were examining and exploring Christmas traditions from the past as well as new customs such as Christmas cards and Christmas trees. Dickens’ source materials for the tale appear to be many and varied, but are principally, the humiliating experiences of his childhood, his sympathy for the poor and various Christmas stories and fairy tales. A Christmas Carol has been credited as one of the greatest influences in rejuvenating the old Christmas traditions of England. Scrooge himself is the embodiment of winter, and, just as winter is followed by spring and the renewal of life, so too Scrooge’s cold, pinched heart is restored to the innocent goodwill he had known in his childhood and youth. It is hardy tale that should be retold and remembered each holiday season as one of the true spirits for celebration.

I considered this work by Dickens when I read a recently released article entitled “Improving Corporate Settlement Agreements” by The Fraud Guy, John Hanson. In this piece Hanson considers some shortcomings in a variety of corporate misconduct settlement agreements, where he believes “the Terms of most Agreements lack a full and practical appreciation for what constitutes an effective Program within a particular organization.” He articulates that “A key reason for this is because the parties to the Agreement miss the forest for the trees in that they too narrowly focus on Program sub-components (that piece of a Program associated with a particular risk, such as Anti-Corruption, Anti-Trust, False Claims, Organizational Conflicts of Interest, etc.…), the failure of which is only symptomatic of a higher level and overall Program failure.” Although Hanson’s critique of Deferred Prosecution Agreements (DPAs), corporate monitors and settlement agreements was broader than simply those issues in Foreign Corrupt Practices Act (FCPA) enforcement, I found his comments provided some useful insights into how both companies and the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) might help to make the process more robust in helping companies create a culture of compliance and ethics as result of a resolved enforcement action.

Ethical Tone

Here Hanson says that DPAs do not tie the relationship of compliance and ethics together going forward. He believes that one cannot exist without the other. He thinks many compliance program overseers focus too much on the sub-parts and institute too much of “A piecemeal approach that overly focuses on Program sub-components and neglects ethical tone almost completely is doomed to failure. It is like placing a Band-Aid on an arterial wound.”

While many external monitors will drill down into the detailed specifics of a certain issue or even sub-issue under compliance, such a mechanism can be a useful exercise. For example if there is a particular compliance problem being faced such a detailed approach may be warranted. For instance, if the company got into FCPA trouble for its use of third parties that came into a business relationship with the company through the Supply Chain, an extreme deep dive into the Supply Chain and management of those relationships from the compliance perspective may be important. However what such an approach may cost is losing a greater focus of the overall picture.

Time

A second critique is that many DPAs are simply too short in time length to “effectively implement remediation.” While this criticism is largely for DPAs outside the FCPA context, it bears some discussion. Hanson believes that “A Program is a process, not a one-time event. Moreover, it is a process that perpetuates and improves continuously. Generally speaking, for organizations without a robust and effective Program, it realistically takes at least three years to stand up this process to the point where it is effective and begins annually repeating.” A compliance program design and implementation can take up to 18-months and it can often take another year to assess the implementation results and fine tune the compliance regime going forward.

While most DPAs in the FCPA context are for three years, there have been examples of where either a company was released early from a DPA or a monitorship ended at the 18-month mark rather than the full three years. An example of this is Pride International (now ENSCO) who were rewarded by being released early for its superior enhanced compliance efforts. In the latter category is Weatherford, among others, whose external monitorship can end at 18-months after the execution of the DPA, if sufficient progress is met.

External Monitors

Hanson had some very interesting thoughts about the use of corporate monitors. He has long championed more professionalism for monitors, specifically regarding their training in implementing compliance programs, not simply as very good white-collar defense lawyers or internal investigators. However, in his paper Hanson notes that other concerns have lessened both the effectiveness of external monitors or even their use; when he writes, “Due to past negative publicity arising from problems resulting from poor/immature government agency Monitor selection policies and/or inexperienced and/or ineffective Monitors, government agencies and organizations alike have developed some misperceptions that have led to Monitors being underutilized, even avoided. While some government agencies are still developing or improving Monitor selection policies, many have already adopted policies that addressed past concerns.”

Hanson champions his concerns for monitors with the experience issue. He believes that “many Monitors come from the ranks of whitecollar defense attorneys, who, as noted above, frequently lack the requisite level of compliance and ethics training and knowledge, as well as practical Program experience, to serve in that role most effectively. Additionally, most persons selected to be a Monitor have never been a Monitor before and are unaware of the nuances associated with such a specialized role.” To rectify this issue, Hanson advocates greater monitor training from organizations such as the Society of Corporate Compliance and Ethics (SCCE) or others. Finally, as Hanson notes, “it is of much greater importance to engage a Monitor who is an expert in compliance and ethics rather than one who is an expert on the substantive underlying criminal and/or regulatory violations.”

As usual when John Hanson writes something relating to the compliance field, you should definitely read it. Hanson’s unique background as a forensic auditor, FBI agent and four-time corporate monitor provide valuable insights to any compliance related issue. His current article is no different. You can use many of his insights directly in your compliance program through engaging an outside expert, called monitor or something else, to help move your compliance and ethics program forward on a number of fronts.

Hanson’s article is available through JDSupra by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Leave a Comment

April 17, 2014

Post Traumatic Settlement Disorder

Filed under: Chief Compliance Officer,compliance programs,Monitors — tfoxlaw @ 7:48 am
Tags: best practices, compliance, compliance programs, Corporate Monitor, ethical leadership, ethics and compliance, John Hanson, Monitor

Ed. Note-the following piece orignially appeared in the newsletter ‘The Informant’ of Artifice Forensic Financial Services LLC. and was also adapted from two articles published by John Hanson through Corporate Compliance Insights during August 2011. It is published here with the permission of the author John Hanson.

===============================================================================================================================================================================================================================================

The rigor and stress of an extensive corporate internal investigation is over. You’ve helped your client determine the scope of wrong-doing, take actions against wrong-doers, calculate the damages/amount of the fraud, fix and/or install internal controls, institute and/or strengthen its corporate compliance & ethics program, and negotiate a reasonable settlement with the relevant government agencies. You have helped your client survive what may well be one of the most traumatic events that it will ever face and it is now anxious to return its focus to its business.

But this is not the time to let up. That settlement agreement had requirements. In most instances, those requirements will focus on the organization’s compliance & ethics program, ethical tone and internal controls. This is not a time for relaxation, lest the organization fall into disorder and out of compliance with its settlement agreement. This is the time for vigilance.

Similar to a victim of a heart attack, who is moved from a hospital’s coronary intensive care unit to a general care unit after being stabilized, an organization could be seen as moving from an organizational intensive care unit to general care after the signing of a settlement agreement. Like the heart attack victim, the organization may be in a different place, but is not out of the hospital yet. Without the high level of attention, discipline and care necessary for a complete recovery, the organization can easily relapse back into disorder and return to organizational intensive care – or worse.

In Artifice’s role as an Independent Corporate Monitor (“Monitor”) and advisor to many other Monitors, Artifice has observed first-hand and heard about the post-traumatic settlement disorder that has occurred within numerous organizations. Because the role of a Monitor is so unique and close to an organization’s post-settlement activities, it provides unique insights into what can cause this disorder and how it can be avoided. From such a perspective, there are two key things that counsel may suggest that an organization should do to maintain order and better guarantee its timely and effective compliance with the terms of its settlement agreement: (1) assign and empower a project leader/manager and; (2) spiritual compliance.

The government likely relied on Chapter 8 of the United States Sentencing Guidelines (USSGs), which pertains to the sentencing of organizations, both for purposes of determining corporate liability and the remedial compliance measures required in the settlement agreement. In the spirit of §8B2.1(b)(1 &2) of the USSGs, the organization should designate an individual to monitor and oversee the organization’s compliance with the terms of the settlement agreement and report back to the highest levels of management of the organization regarding it. That person should be empowered to track and assure not only that the organization complies with its settlement agreement obligations, but also obtain and apply whatever resources are necessary to do so and hold people accountable for their roles in those efforts.

This should be done regardless of whether an outside Monitor is imposed as part of the settlement agreement. As part of a Monitor’s efforts to verify an organization’s compliance with the terms of a settlement agreement, a Monitor will track, test and report on an organization’s actions, but cannot participate in those efforts. A Monitor may and should provide guidance to an organization about its efforts, but it would compromise the Monitor’s independence if, for example, the Monitor drafted policies, conducted trainings or otherwise participated in designing or implementing the remedial measures that the Monitor would then be responsible for verifying the effectiveness of to the government. Compliance or non-compliance with its settlement agreement obligations rests solely upon the organization’s shoulders.

While the Compliance Officer may seem a good fit for such a project leader/manager role, because many of the remedial measures required by the settlement agreement may fall under the Compliance Officer’s responsibilities, someone more independent of those responsibilities might be considered. This is not at all to say that the Compliance Officer should never fill such a role, only that consideration should be given to whether or not the independence of the Compliance Officer in verifying to the organization’s management the timeliness and effectiveness of their own actions pursuant to the settlement agreement might be compromised, either in fact or by perception.

The presence of an outside Monitor has a significant impact in this regard and in many instances where a Monitor is imposed, the Compliance Officer is a perfectly appropriate, even preferable choice for this role. Without an imposed Monitor, as is seen in quality Compliance Programs where Internal Audit plays a role in verifying and reporting back to management on a Compliance Officer’s achievements against their yearly Compliance Plans, Internal Audit may provide the organization’s management with a more independent assessment of the organization’s timely and effective compliance with their settlement agreement obligations.

Depending on such factors as resources, level of independence sought, expertise, the requirement of an outside Monitor, etc., an organization may also consider bringing in an outside professional to track, assure and report to management on the organization’s compliance with its settlement agreement. This person may act in a capacity very similar to that of an imposed Monitor, but the organization would exercise a much greater degree of control over their scope and fees and the extent to which they could leverage the organization’s internal resources. Moreover, the organization could empower such a person to design remedial measures, affect change and take actions on behalf of the organization that an imposed Monitor cannot do because of their strict independence requirements.

This is among the greatest causes of disorder among many organizations in their post-settlement actions, who by fracturing this responsibility jeopardize their ability to timely, effectively and fully comply with their settlement agreement obligations, as well as management’s ability to exercise oversight of it. One person, appropriately empowered, enabled and accountable, brings order to the situation and minimizes these risks. In performing this role, such a person should design a workplan that identifies everything that the organization is required to do (and elects to do) and be responsible for assuring that everything is completed timely and effectively, as well as documented and appropriately reported.

Pass or Fail Another significant and common contributor to post traumatic settlement disorder is a tendency by some organizations to focus on meeting the “letter” of its settlement agreement obligations and not the “spirit.” Compliance with the terms of a settlement agreement should not be viewed as a “check the box” exercise.

The government takes a dim view of organizations that have compliance programs that “live on a shelf” and may penalize more harshly such organizations than those who have no compliance program at all. Similarly, if the efforts of an organization to comply with their settlement agreement obligations exist on paper and not in practice, the organization assumes a grave risk.

One of the primary goals of the government in requiring certain post-settlement actions by an organization is the institution of an effective Compliance and Ethics Program and internal controls aimed at reducing the risk of recurrence of the same or similar misconduct as that which led to the settlement agreement. Accordingly, how quickly the organization meets its obligations and, more importantly, the effectiveness of its efforts in doing so, are of tremendous importance.

Determining the effectiveness of an organization’s remedial measures requires much more effort than mere compliance with the letter of a settlement agreement’s obligations. Take, for example, compliance training. While a settlement agreement may require quarterly compliance training, such training is meaningless if the employees who receive the training cannot understand or apply it within the context of their roles. Accordingly, aside from assuring that the training is appropriately designed and affected to maximize such an understanding, an organization may utilize tests, surveys and/or post-training interviews to assess the training’s effectiveness. To the extent it is found not to be effective, it should be immediately remediated.

Another common post-settlement goal of the government is the strengthening or institution of a high ethical tone within an organization, commonly referred to as “tone at the top.” To successfully meet the spirit of an organization’s compliance with its settlement agreement obligations, the upper management of an organization must set the tone and take the lead. The degree to which management demands that the organization’s post-settlement efforts go beyond the letter of compliance has a great impact, in the same manner as their tone, actions and personal accountability does in affecting an ethical tone throughout an organization.

“Tone at the top” is not a compliance buzzword or catch phrase, it is real and plays a very significant role in affecting employee behavior and compliance throughout an organization. How upper management acts and holds themselves accountable sets the ethical tone and standard for how all employees are expected to conduct themselves and their accountability in doing so. While the settlement agreements used by government agencies may vary in how directly they address an organization’s ethical tone, it is generally among their chief concerns.

In living up to the spirit of a settlement agreement, an organization’s management, starting at the very highest levels, must take an active role in setting and living a tone that exemplifies ethical behavior and accountability. In the post-settlement world, this may well begin with the tone they set as it regards complying with their settlement agreement obligations. If, for example, a settlement agreement requires that all employees certify their having read and understood an organization’s compliance policies, upper management should be among the first to do so.

Another strong indicator of spiritual compliance and a positive tone is when organizations look for ways to go above and beyond the letter of their obligations as per the settlement agreement. While settlement agreements have become standardized to some extent, and in such a manner as to address compliance and ethics program issues relatively adequately, the government officials who are involved in drafting them are generally not experts in compliance and ethics programs and may, in fact, have little or no compliance knowledge and/or experience. Because of this, the obligations required in settlement agreements that pertain to corporate compliance and ethics programs may sometimes be minimal, vague and not necessarily comport with that necessary to achieve the government’s ultimate goals.

As an organization endeavors to meet its settlement agreement obligations, it should keep in mind the goals and spirit of its settlement agreement and seek ways to assure that such overarching goals are met or exceeded. One example of this occurred with an organization that Artifice served as the Monitor of, which instituted a process around business opportunities that went beyond that required in its settlement agreement and proved successful in preventing the same misconduct that gave rise to its problems. This reflected very favorably upon how seriously the organization and its management viewed compliance and the ethical tone within the organization.

There are other things that occur within organizations that contribute to post traumatic settlement disorder, but the two discussed above are two of the largest contributors to problems and/or failure that we have seen through the unique lens of an Independent Corporate Monitor.

Getting out of organizational intensive care doesn’t equate to discharge. Organizations must be vigilant, disciplined, rigorous, and take with grave seriousness its settlement agreement obligations. A focus on the spirit of the settlement agreement, together with order and accountability in assuring that all settlement obligations are met timely and effectively, significantly mitigates the risk of post traumatic settlement disorder and ultimately helps an organization become stronger and better servants of its customers, employees, shareholders/owners and the public-at-large.

John Hanson is the founder and Executive Director of Artifice. A CPA (LA), Certified Fraud Examiner, and Certified Compliance & Ethics Professional, John has more than 23 years of fraud investigations, forensic accounting, corporate compliance & ethics, and audit experience. Though well regarded for his investigative and litigation support skills and experience, John is a thought leader in the field of Independent Corporate Monitors, having had substantial involvement in five (5) Federal Monitorships, three (3) as the named Monitor. A former Special Agent of the FBI, John spent nearly 10 years refining his white collar crime investigative skills investigating a variety of complex criminal fraud schemes and financial crimes. Prior to forming Artifice in 2010, John was a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm. John can be reached jhanson@artificeforensic.com. s the founder and Executive Director of Artifice. A CPA (LA), Certified Fraud Examiner, and Certified Compliance & Ethics Professional, John has more than 23 years of fraud investigations, forensic accounting, corporate compliance & ethics, and audit experience. Though well regarded for his investigative and litigation support skills and experience, John is a thought leader in the field of Independent Corporate Monitors, h© John Hanson

ving had substantial involvement in five (5) Federal Monitorships, three (3) as the named Monitor. A former Special Agent of the FBI, John spent nearly 10 years refining his white collar crime investigative skills investigating a variety of complex criminal fraud schemes and financial crimes. Prior to forming Artifice in 2010, John was a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm. Hanson is the founder and Executive Director of Artifice. A CPA (LA), Certified Fraud Examiner, and Certified Compliance & Ethics Professional, John has more than 23 years of fraud investigations, forensic accounting, corporate compliance & ethics, and audit experience. Though well regarded for his investigative and litigation support skills and experience, John is a thought leader in the field of Independent Corporate Monitors, having had substantial involvement in five (5) Federal Monitorships, three (3) as the named Monitor. A former Special Agent of the FBI, John spent nearly 10 years refining his white collar crime investigative skills investigating a variety of complex criminal fraud schemes and financial crimes. Prior to forming Artifice in 2010, John was a leader in the fraud investigations and forensic accounting practice of a large publicly traded international financial consulting firm.

Comments (1)

December 30, 2013

More on the ADM FCPA Settlement

Filed under: Best Practices,Department of Justice,Facilitation Payments,FCPA,Monitors,Non-Prosecution Agreements,SEC — tfoxlaw @ 12:01 am
Tags: ADM, best practices, compliance, compliance programs, Department of Justice, DOJ, facilitation payments, FCPA, Foreign Corrupt Practices Act, SEC

Last week, in a post entitled “Supermarket to the World – The ADM FCPA Enforcement Action”, I reviewed the Securities and Exchange Commission (SEC) Compliant brought in connection with the Foreign Corrupt Practices Act (FCPA) investigation of Archer-Daniels-Midland Company (ADM). There was also a criminal Plea Agreement entered into by the ADM subsidiary, Alfred C. Toepfer International (Ukraine) Ltd. (the Ukraine subsidiary) with the Department of Justice (DOJ), who was the defendant in this criminal action. In addition to the SEC Complaint, ADM entered into a Non-Prosecution Agreement (NPA) with the DOJ. This post will review some of the requirements found in the NPA and other information found in the Plea Agreement which the company entered into to resolve the FCPA investigation.

I. The Fine

As set out in the Plea Agreement, the base fine which the defendant was looking at receiving was $45MM based upon the US Sentencing Guidelines. The culpability score had a -5 based upon some or all of the following factors: “The organization, prior to imminent threat of disclosure or government investigation and within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct.” Based upon the culpability score the fine range was listed from a low of $27.3MM to a high of $54.6MM. However the company paid only a fine of $17.7MM, which was noted to be approximately a 33% reduction from the low end of the fine range, with an additional reduction of “of $1,338,387 commensurate with the fine imposed by German authorities on Alfred C. Toepfer International G.m.b.H”; ADM’s German subsidiary which pled guilty and was involved in the bribery scheme. Additional factors in the reduction of the fine were “(a) the Defendant’s timely, voluntary, and thorough disclosure of the conduct; (b) the Defendant’s extensive cooperation with the Department; and (c) the Defendant’s early, extensive, and unsolicited remedial efforts already undertaken and those still to be undertaken.”

II. The NPA

ADM entered into a three year NPA regarding the resolution of this matter. In a letter to ADM confirming the NPA, the DOJ stated that it was entering into the agreement with the ADM because of its conduct in self-disclosing the FCPA violations and the company’s conduct thereafter. The letter set out the following: “(a) the Company’s timely, voluntary, and thorough disclosure of the conduct; (b) the Company’s extensive cooperation with the Department, including conducting a world-wide risk assessment and corresponding global internal investigation, expanding the scope of the investigation where necessary to ensure the review was effective and thorough, making numerous presentations to the Department on the status and findings of the internal investigation, voluntarily making current and former employees available for interviews, voluntarily producing documents to the Department, and compiling relevant documents by category for the Department; (c) the Company’s early and extensive remedial efforts already undertaken at its own volition, and the agreement to undertake further enhancements to its compliance program as described in Attachment B (Corporate Compliance Program); and (d) the Company’s agreement to provide annual, written reports to the Department on its progress and experience in monitoring and enhancing its compliance policies.”

III. Best in Class Compliance Program

Under Attachment B of the NPA, the company agreed to maintain a best practices compliance program which it had created during the pendency of the investigation. ADM agreed to maintain this compliance program at least during the length of the NPA. It included the following components.

High level commitment from company officials and senior management to do business in compliance with the FCPA.
A substantive written anti-corruption compliance code of conduct.
Written policies and procedures to implement this code of conduct.
A robust system of internal controls, including accounting and financial controls.
Risk assessments and risk reviews of its ongoing business.
No less than annual assessments of its overall compliance program.
Appropriate oversight and responsibility of a Chief Compliance Officer.
Effective training for all employees and relevant third parties.
An effective compliance function which can provide guidance to company employees.
A robust internal reporting system.
Effective investigations of any reported compliance issue.
Appropriate incentives for employees to do business ethically and in compliance.
Enforced discipline for any employee who violates the company’s compliance program.
Suitable due diligence and management of third parties and business partners.
A correct level of pre-acquisition due diligence for any merger or acquisition candidate, including a risk assessment and reporting to the DOJ if the company uncovers and FCPA-violative conduct during this pre-acquisition phase.
As soon as practicable, ADM will integrate any newly acquired entity into its compliance regime, including training of all relevant new employees, a FCPA forensic audit and reporting of any ongoing violations.
Ongoing monitoring, testing and auditing of the company’s compliance function, taking into account any “relevant developments in the field and the evolving international and industry standards.”

IV. Ongoing Reporting

Under the NPA, ADM was not required to sustain an external corporate monitor. However the company did agree that it would report to the DOJ on no less than an annual basis during the pendency of the NPA, specified as “an initial review and submit an initial report, and (2) conduct and prepare at least two (2) follow-up reviews and reports.” Further, the company is required to “submit to the Department a written report setting forth a complete description of its remediation efforts to date, its proposals reasonably designed to improve the Company’s internal controls, policies, and procedures for ensuring compliance with the FCPA and other applicable anti -corruption laws, and the proposed scope of the subsequent reviews.”

V. Facilitation Payments

I engaged with a colleague on whether the payments made by the ADM subsidiaries were simply facilitation payments because they were made to simply speed up the tax refund process. Whatever the payments were, they were not in any way, shape or form, facilitation payments. Initially, it should be noted that the FCPA says that the anti-bribery provisions “shall not apply to any facilitating or expediting payment to a foreign official, political party, or party official the purpose of which is to expedite or to secure the performance of a routine governmental action . . .” The statute itself provided a list of examples of facilitation payments in the definition of routine governmental actions. It included the following:

Obtaining permits, licenses, or other official documents;
Processing governmental papers such as visas and work orders;
Providing police protection, mail services, scheduling inspections;
Providing utilities, cargo handling; or
Actions of a similar nature.

In addition to this language, the payments must be properly recorded on a company’s books and records; not disguised as payments for insurance premiums or other false entries that the ADM subsidiaries used in connection with the Ukraine tax authorities. When does a facilitation payment become a bribe? There is no clear monetary line of demarcation. The test seems to turn on the amount of money involved, to whom it is paid and the frequency of the payments. In the ADM matter, there were payments of approximately $22MM to receive tax refunds of $33MM. Whatever you might call the payments made by the ADM subsidiaries, they were certainly not facilitation payments.

The ADM FCPA settlement is extremely useful for the compliance practitioner for several reasons. The first is that it sets out some sophisticated mechanisms which are used to fund bribes. In addition to bribery schemes I discussed in the post entitled “Supermarket to the World – The ADM FCPA Enforcement Action” the NPA discussed another bribery scheme used ADM in Venezuela. All of the bribery schemes that the company’s subsidiaries engaged in were discussed or uncovered by the corporate office at some time before it began an official internal investigation. This once again shows the claim of the ‘rogue employee(s)’ is not something that stands up in criminal FCPA enforcement actions.

Equally important is that ADM received clear and very substantive credit for the actions that it took after it began its internal investigation. It self-disclosed, it cooperated extensively, it remediated thoroughly to put together a best practices compliance program. Lest anyone think these actions are for naught, or that the DOJ does not take such actions into account, note the 33% reduction in fine that ADM received, the NPA it received for the corporate parent and the lack of an external corporate monitor. These are clear signs from the DOJ as to the types of conduct and actions that it not only approves of but will be taken into account in the calculation of any fines and penalties. In other words, self-disclose, extensively cooperate, and remediate if your company finds itself in this situation.

© Thomas R. Fox, 2013

Leave a Comment

December 12, 2013

What a Long Strange Trip It’s Been – The Bilfinger FCPA Settlement

Filed under: Best Practices,compliance programs,Deferred Prosecution Agreement,Department of Justice,Enforcement Actions,FCPA,FCPA Professor,Federal Sentencing Guidelines,Monitors — tfoxlaw @ 5:49 am
Tags: compliance, compliance programs, Department of Justice, DOJ, FCPA, FCPA Professor, Foreign Corrupt Practices Act

Earlier this week the Department of Justice (DOJ) announced it had resolved an ongoing Foreign Corrupt Practices Act (FCPA) with German entity Bilfinger SE (Bilfinger). This case involved the same background facts and events as the Willbros corporate FCPA enforcement action and the related individual enforcement actions with some of its former employees. The facts in this case were bad, bad, bad. The FCPA Professor went into a deep dive on the case in a blog post, entitled “German Company Resolves FCPA Enforcement Action Based On Conduct From “The Distant Past””. In another blog post, entitled “Of Note From The Bilfinger Enforcement Action”, he questioned why this particular enforcement action took so long to resolve. Whatever the answer to that question might be, there are several interesting aspects to the matter which are of significance to the compliance practitioner, which I will highlight in this post.

I. DOJ Fine Calculation

To resolve the criminal aspects of this case, Bilfinger agreed to pay a $32 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ. The thing that I found interesting about the fine calculation, as set out in the DPA, was the large increase in the amount due to the size of the bribery paid which increased the point calculation under the US Sentencing Guidelines by +18 and the increase for the payment of multiple bribes by +2.. The company only received a -2 for its cooperation in the investigation, clearly demonstrating recognition and affirmative acceptance of responsibility for its criminal conduct. The company did not self-disclose so it did not receive any credit under the US Sentencing Guidelines for that affirmative conduct. The calculated fine range was between $28MM to $56MM so the company received a fine at the lower end of the range. But not less than the lower end or event at the end.

II. Landscaping Account to Pay Bribes

One of the interesting techniques that the company used to physically pay the bribes was through a petty cash account in the Joint Venture’s (JV) office in Nigeria. The DOJ has long cautioned companies about maintaining significant amounts of petty cash in offices or the undocumented use of petty cash accounts as a mechanism to funnel bribes. In this case, Bilfinger ingeniously said the cash was going to the Nigeria operation to pay “landscaping expenses”. With $6MM in bribes paid out, one might think the company was landscaping the Gardens at Versailles but the lesson learned for the compliance practitioner is that accounts which might appear to be legitimate business expenses need to be scrutinized though monitoring and auditing.

III. Political Parties

Most compliance practitioners are well aware that the FCPA applies to government officials, their family members and similarly situated officers, directors and employees of state owned enterprises. However, in the Bilfinger enforcement action, the company paid bribes to “the dominant political party in Nigeria” which was not named in the Information of the DPA. The Anti-Bribery Provisions of the FCPA states:

§ 78dd-1. Prohibited foreign trade practices by issuers

(a) Prohibition (b)

It shall be unlawful for any issuer which has a class of securities registered pursuant to section 78l of this title or which is required to file reports under section 78o(d) of this title, or for any officer, director, employee, or agent of such issuer or any stockholder thereof acting on behalf of such issuer, to make use of the mails or any means or instrumentality of interstate commerce corruptly in furtherance of an offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to–

(2) any foreign political party or official thereof or any candidate for foreign political office for purposes of–

(A) (i) influencing any act or decision of such party, official, or candidate in its or his official capacity, (ii) inducing such party, official, or candidate to do or omit to do an act in violation of the lawful duty of such party, official, or candidate, or (iii) securing any improper advantage; or

(B) inducing such party, official, or candidate to use its or his influence with a foreign government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality in order to assist such issuer in obtaining or retaining business for or with, or directing business to, any person; or.

IV. Best in Class Compliance Program

During the pendency of the investigation, Bilfinger moved to create a best practices compliance program. They appear to have done so and agreed in the DPA to continue to maintain such a compliance program. Under Schedule C to the DPA, it set out the compliance program which the company had implemented and continued to keep in place, at least during the length of the DPA. It included the following components.

High level commitment from company officials and senior management to do business in compliance with the FCPA.
A substantive written anti-corruption compliance code of conduct.
Written policies and procedures to implement this code of conduct.
A robust system of internal controls, including accounting and financial controls.
Risk assessments and risk reviews of its ongoing business.
No less than annual assessments of its overall compliance program.
Appropriate oversight and responsibility of a Chief Compliance Officer.
Effective training for all employees and relevant third parties.
An effective compliance function which can provide guidance to company employees.
A robust internal reporting system.
Effective investigations of any reported compliance issue.
Appropriate incentives for employees to do business ethically and in compliance.
Enforced discipline for any employee who violates the company’s compliance program.
Suitable due diligence and management of third parties and business partners.
A correct level of pre-acquisition due diligence for any merger or acquisition candidate, including a risk assessment and reporting to the DOJ if the company uncovers any FCPA-violative conduct during this pre-acquisition phase.
As soon as practicable, Bilfinger will integrate any newly acquired entity into its compliance regime, including training of all relevant new employees, a FCPA forensic audit and reporting of any ongoing violations.
Ongoing monitoring, testing and auditing of the company’s compliance function, taking into account any “relevant developments in the field and the evolving international and industry standards.”

V. Monitor

Bilfinger also agreed to an external monitor. However, the term of the monitor is not the entire length of the three-year DPA; the term of the monitor is only 18 months. The monitor’s primary function is to assess the company’s compliance with the terms of the DPA and report the results to the DOJ at least twice during the terms of the monitorship. After this 18 month term the DOJ will allow the company to self-report to the regulators. It should be noted that the term of the external monitor can be extended by the DOJ.

VI. Who Pays the Cost of Bribery

The final point that I wish to raise is about the insidiousness of bribery and corruption and the true cost. To facilitate its illegal conduct Bilfinger (and Willbros) increased their charges to the various Nigerian entities which were paying for the project in question by 3%. So it was not Bilfinger and Willbros paying the bribes out of their collective corporate pocket but it was the people of Nigeria who were funding the western companies’ bribes. It does not get much worse or arrogant than that in the corporate world.

The Bilfinger enforcement action moves towards the ending of one of the sorriest examples of corporate malfeasance in the FCPA world. While it took a long time, justice has certainly been a long time coming. With the continued flight from justice of former Willbros employee James Tillery who renounce his US citizenship to try and escape prosecution by taking refuge in Nigeria; perhaps things are coming to an end. But with the conclusion of this corporate enforcement action against Bilfinger, perhaps there may be additional individual enforcement actions.

© Thomas R. Fox, 2013

Leave a Comment

December 4, 2013

The Weatherford FCPA Settlement, Part III

Yesterday, I reviewed the conduct which Weatherford International Limited (Weatherford) engaged in over a period from 2002-2011 in connection with its Foreign Corrupt Practices Act (FCPA) investigation, noted the deficiencies in its compliance program and its internal controls and even how the company intentionally impeded the investigations of both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). Today, I want to look at how the company changed course in mid-stream during the investigation, brought in a top-notch and well respected lawyer as its Chief Compliance Officer (CCO), created a best-in-class compliance program; all of which saved the company millions of dollars in potential fines and penalties.

I. DOJ Fine Calculation

To resolve the criminal aspects of this case, Weatherford agreed to pay an $87.2 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ. There was also another $65.6 million paid to the SEC. However the figure paid to the DOJ was at the very bottom range of a potential criminal penalty. The range listed in the DPA was from $87.2 to $174.3 million. In coming up with this range under the Federal Sentencing Guidelines, it is significant for the actions that Weatherford did not receive credit for during the pendency of the investigation. The company did not receive a credit for self-reporting. The company only received a -2 for its cooperation because prior to 2008 the company engaged in activities to impede the regulators’ investigation.

So the fine range could have been more favorable to the company. But the key is that Weatherford received the low end of the range. How did they do this?

A. New Sheriff in Town

One of the key things Weatherford did was bring in Billy Jacobson as its CCO and give him a seat at the table of the company’s Executive Board. He was a Federal Prosecutor in the Fraud Section, Criminal Division, US Department of Justice. He also served as an Assistant Chief for FCPA Enforcement Department so we can assume he understood the FCPA and how prosecutors think through issues. (Jacobson also worked as a State Prosecutor in New York City, with my former This Week in FCPA co-host Howard Sklar, so shout out to Howard.) Jacobson was not hired directly from the DOJ but after he had left the DOJ and had gone into private practice. There is nothing that shows credibility like bringing in a respected subject matter expert and giving that person the tools and resources to turn things around.

But more than simply bringing in a new sheriff, Weatherford turned this talk into action by substantially increasing its cooperation with the government, thoroughly investigating all issues, turning over the results to the DOJ and SEC and providing literally millions of pages of documents to the regulators. The company also cleaned house by terminating officers and employees who were responsible for the illegal conduct.

B. Increase in Compliance Function

In addition to establishing Jacobson in the high level CCO position, the company significantly increased the size of its compliance department by hiring 38 compliance professionals and conducted 30 anti-corruption compliance reviews in the countries in which Weatherford operates. This included the hiring of outside consultants to assess and review the company’s compliance program and beefing up due diligence on all third parties, including those in the sales and supply chain, joint venture (JV) partners and merger or acquisition (M&A) candidates. The company also agreed to continue to enhance its internal controls and books and records to prevent and/or detect future suspect conduct.

If you have ever heard any of the current Weatherford compliance professionals speak at FCPA conferences, you can appreciate that they are first rate; that they know their stuff and the company supports their efforts on an ongoing basis.

C. Best in Class Compliance Program

During the pendency of the investigation, Weatherford moved to create a best practices compliance program. They appear to have done so and agreed in the DPA to continue to maintain such a compliance program. Under Schedule C to the DPA, it set out the compliance program which the company had implemented and continued to keep in place, at least during the length of the DPA. It included the following components.

High level commitment from company officials and senior management to do business in compliance with the FCPA.
A substantive written anti-corruption compliance code of conduct.
Written policies and procedures to implement this code of conduct.
A robust system of internal controls, including accounting and financial controls.
Risk assessments and risk reviews of its ongoing business.
No less than annual assessments of its overall compliance program.
Appropriate oversight and responsibility of a Chief Compliance Officer.
Effective training for all employees and relevant third parties.
An effective compliance function which can provide guidance to company employees.
A robust internal reporting system.
Effective investigations of any reported compliance issue.
Appropriate incentives for employees to do business ethically and in compliance.
Enforced discipline for any employee who violates the company’s compliance program.
Suitable due diligence and management of third parties and business partners.
A correct level of pre-acquisition due diligence for any merger or acquisition candidate, including a risk assessment and reporting to the DOJ if the company uncovers and FCPA-violative conduct during this pre-acquisition phase.
As soon as practicable, Weatherford will integrate any newly acquired entity into its compliance regime, including training of all relevant new employees, a FCPA forensic audit and reporting of any ongoing violations.
Ongoing monitoring, testing and auditing of the company’s compliance function, taking into account any “relevant developments in the field and the evolving international and industry standards.”

D. Monitor

Weatherford also agreed to an external monitor. However, the term of the monitor is not the entire length of the three-year DPA; the term of the monitor is only 18 months. The monitor’s primary function is to assess the company’s compliance with the terms of the DPA and report the results to the DOJ at least twice during the terms of the monitorship. After this 18 month term the DOJ will allow the company to self-report to the regulators. It should be noted that the term of the external monitor can be extended by the DOJ.

II. Conclusion

It certainly has been a long, strange journey for Weatherford. I should note that I have not discussed at all the Oil-For-Food aspect of this settlement, which was an additional $100MM penalty to the company. However, with regard to the FCPA aspects of the matter, there are some very solid and telling lessons to be drawn from this case. First and foremost is that cooperation is always the key. But more than simply cooperating in the investigation is that a company should take a pro-active approach to putting a best-in-class compliance program in place during, rather than after the investigation concludes. Also, a company cannot simply ‘talk-the-talk’ but must come through and do the work to gain the credit. The bribery schemes that the company had engaged in and the systemic failures of its compliance program and internal controls, should serve as a good set of examples for the compliance practitioner to use in assessing a compliance program.

The settlement also sends a clear message from both the DOJ and SEC on not only what type of conduct will be rewarded under the US Sentencing Guidelines, but what they expect as a compliance program. One does not have read tea leaves or attempt to divine what might be an appropriate commitment to compliance to see what the regulators expect these day.

© Thomas R. Fox, 2013

Leave a Comment

June 6, 2013

We Say Good-Bye to the Secretary of Defense and Total Says Hello to Two Monitorships – Total Part III

Filed under: Best Practices,compliance programs,Department of Justice,FCPA,FCPA Guidance,Monitors,SEC — tfoxlaw @ 1:01 am
Tags: best practices, compliance, compliance programs, Department of Justice, DOJ, ethics and compliance, FCPA, Foreign Corrupt Practices Act, SEC

Today I finalize my review of the Total SA (Total) Foreign Corrupt Practices Act (FCPA) enforcement action. However, before I do so, I would like to commemorate this date and one person who left us this week. The date is of course, D-Day, June 6, 1944 which signaled the end of Nazi Germany, at least on the Western Front. There are fewer and fewer veterans of that invasion alive so I ask that you honor them in your own way today. The person who left us this week was Deacon Jones, nicknamed the ‘Secretary of Defense’ and left end of the Los Angeles Rams vaunted ‘Fearsome Foursome”. For my money he was the greatest defense end of all-time and his unit’s name was also the greatest moniker given to any defense in the long history of pro football.

In addition to the minimum best practices compliance regime which Total agreed to institute, it agreed to two separate ongoing oversight programs. The first is under the Cease and Desist Order (the Order) entered into with the Securities and Exchange Commission (SEC) which mandates a Compliance Consultant. The second is an Independent Compliance Monitor, whose role is described in Attachment D of the Deferred Prosecution Agreement (DPA) with the Department of Justice (DOJ). What makes this arrangement unusual is that there are two oversight persons (or entities), with different focuses reporting to two separate agencies.

Compliance Consultant

The Compliance Consultant could be either (a) a French nation; (b) a French law firm; or (c) a French accounting firm and term of the Compliance Consultant will be three years. Compliance Consultant is mandated (the “Mandate”) to evaluate “the effectiveness of Total’s internal controls, record-keeping, and financial reporting policies and procedures as they relate to Total’s current and ongoing compliance with the books and records, internal accounting controls and antibribery provisions of the FCPA.”

The Compliance Consultant is required to prepare an initial report which is to be delivered to the Total Board and the relevant French Authority. This French Authority will transmit these annual reports to the SEC, consistent with French law. Total is required to accept and adopt all recommendations in the annual report within 120 days after receiving the report or object in writing to “any recommendations Total considers unduly burdensome, inconsistent with local or other applicable law or regulation, impractical, unduly expensive, or otherwise inadvisable.” The Compliance Consultant’s annual reviews for years 2 and 3 is designed to “(a) complete the review; (b) certify whether the compliance program of Total, including its policies and procedures, is reasonably designed and implemented to detect and prevent violations within Total of the anti-corruption laws; and (c) report on the Compliance Consultant’s findings…”

If the Compliance Consultant discovers “questionable or corrupt payments or corrupt transfers of property or interests may have been offered, promised, paid, or authorized by any entity or person within Total, or any entity or person working directly or indirectly for Total, or that related false books and records may have been maintained”, such conduct is to be reported to Total’s General Counsel (GC) or Audit Committee for further action. If such conduct is a significant violation of law, the Compliance Consultant is required to report it to the French Authority.

Independent Corporate Monitor

The Independent Corporate Monitor’s (Monitor) term is also for three years but the only requirement listed for the Monitor is that he or she has “demonstrated expertise in helping companies comply with the Foreign Corrupt Practices Act”. In addition to monitoring Total’s compliance with both US and French anti-corruption laws, the Monitor is to assess the effectiveness of the company’s internal controls, record keeping and financial reporting policies and procedures as they relate to the FCPA. Most interestingly, the Monitor is to make an assessment of the Total Board of Directors and the senior management’s commitment to and the effective implementation of the best practices compliance program as described in the DPA’s Attachment C (discussed in yesterday’s blog post).

Similar to the Compliance Consultant, the Monitor is required to prepare an initial report, “setting forth the Monitor’s assessment and recommendations reasonably designed to improve the effectiveness of Total’s program, policies and procedures for ensuring compliance with anti-corruption laws”. This report is also to be delivered to the Total Board and the relevant French Authority. This French Authority will transmit these annual reports to the DOJ, consistent with French law. Total is required to accept and adopt all recommendations in the annual report within 120 days after receiving the report or object in writing to “any recommendations Total considers unduly burdensome, inconsistent with local or other applicable law or regulation, impractical, unduly expensive, or otherwise inadvisable and has the obligation to “propose in writing to the Monitor an alternative policy, procedure, or system designed to achieve the same objective or purpose. The Monitor’s annual reviews for years 2 and 3 is designed to “(a) complete the review; (b) certify whether the compliance program of Total, including its policies and procedures, is reasonably designed and implemented to detect and prevent violations within Total of the anti-corruption laws; and (c) report on the Monitor’s findings…”

If the Monitor discovers “questionable or corrupt payments or corrupt transfers of property or interests may have been offered, promised, paid, or authorized by any entity or person within Total, or any entity or person working directly or indirectly for Total, or that related false books and records may have been maintained” such conduct is to be reported to Total’s General Counsel (GC) or Audit Committee for further action. If such conduct is a significant violation of law, the Monitor is required to report it to the DOJ or if such report is prevented under French law, then to the relevant French Authority, which can transmit the matter to the DOJ.

Discussion

At Compliance Week 2013, there were several panels which dealt with corporate monitorships. All of the panelists at the sessions made clear that it is quite a bit of work for a company to get through an external monitorship and something to be avoided if at all possible. While it may be difficult to know precisely why Total received not one but two monitors; it would appear that the company did not engage in the robust remediation efforts that several large US entities did while they were under investigation and before their FCPA matters were resolved. Eli Lilly, Parker Drilling and Pfizer all come to mind as companies which worked very hard during the pendency of their FCPA investigations to institute a best practices compliance program.

This would also seem to be a clear example of Paul McNulty’s Maxim No. 3 of “What did you do when you found out about it?” McNulty said this was the third question that he would pose to a company when he was at the DOJ. Once again, this thinking was echoed in the FCPA Guidance released last November, which said that three keys were to “prevent, detect and remediate” any FCPA violation.

On one final note, Bloomberg reported that the indicted the Chief Executive Officer (CEO) of Total, who the Paris Prosecutor has recommended, together with the company itself, face trial on corruption charges, denied that Total paid bribes for contracts. Christophe de Margerie was quoted as saying, “What we did wasn’t illegal according to French law,” on LCI television yesterday, “We didn’t pay bribes, we didn’t pay Iranian authorities. Our contracts weren’t illegal.” Total had no comment.

© Thomas R. Fox, 2013

Leave a Comment

May 19, 2013

The Drugstore Cowboy and Compliance

Filed under: Anti-Money Laundering,Audit,Best Practices,compliance programs,FCPA,Monitors,Training — tfoxlaw @ 6:28 pm
Tags: auditing, compliance, Internal Controls, monitoring, training, Wired Magazine

One does not have to look very far in the business world to come across the phrase “Know Your Customer.” A company certainly needs to know if an entity that it may sell products or provide services to will pay for those items. Running a Dun & Bradstreet credit check is routinely performed to ascertain if a counter-party is a good credit risk. But how much more should a company do in regards to its customers? Clearly banks, other financial institutions and even casinos need to assess a customer from the perspective of anti-money laundering (AML). Is there a reason grounded in the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act that would suggest that customers should go through background scrutiny from the anti-bribery/anti-corruption compliance perspective?

I thought about internal controls regarding due diligence requirements on customers, effective compliance programs and third party validation of credentials when reading an article in June issue of Wired Magazine, entitled “Drugstore Cowboy”, by Jake Pearson. I found this article to be a very cautionary tale for those companies which need to consider just whom they are doing business with or for. The story involved an undercover sting operation by the US government against Google. The operation involved a convicted felon, one David Whitaker, who convinced law enforcement authorities that Google had assisted him, in violation of its own internal protocols and US laws, to sell illegal “black market steroids and human growth hormones” online. Whitaker told federal officials that “Google employees had actively helped him advertise his business, even though he made no attempt to hide its illegal nature.” Based upon his experience, Whitaker believed that Google must be “helping other rogue Internet pharmacies too.”

On paper, it appeared from the article that Google has a systems designed to ferret out sites which used words or had other indicia that they were selling illegal drugs. There was an initial screening by a Google sales representative. There was an automated program which searched for key words that might indicate illegal drugs were being sold. There was a review of the website itself to see of other factors were present which might show that illegal products were being sold. Finally, Google used a third party verification service, to attest that any site selling pharmaceutical products was properly licensed.

Based upon his experiences, the government set Whitaker up with an alias, fake company, bank account and phone lines and then monitored and watched him to see if his claims were true. He was told to see if Google would actively assist him to sell advertising for a non-existent company called “SportsDrugs.net, a website that sold HGH and steroids from Mexico, with no doctor’s prescription.” The plan that Whitaker used was straightforward.

Establish a fake identity. Whitaker made cold calls to representatives of Google to get set up as an account in the company’s system.
Submit the site. The feds designed the sting operation so that it would be obvious the false company was selling illegal drugs. So it offered HGH and steroids, had pictures of the drugs and even had a ‘Buy Now’ button to make clear that no doctor’s prescription was required. The Google sales representative passed the fake sales site along for “policy review, an automated process that Google uses to vet all advertisers.”
Scrub the site. After the fake sales company was initially rejected by the policy review process, a Google representative agreed to help “tweak it” so that it would pass through the Google approval process. The Google sales representative advised Whitaker to rename the site, remove the pictures of the illegal drugs and delete the ‘Buy Now’ button from the site.
Rework the site. After the suggested changes were made by Whitaker, his fake site was approved by Google. Thereafter the items which had been removed from the website, including both the photos of illegal drugs and ‘Buy Now’ button were added back into the site, all with the assistance of the Google sale representative.
Raise the stakes. In this phase, the undercover sting operation widened. After their initial success with SportsDrugs.net; the feds created other fake websites for Whitaker, all of which purported to sell illegal drugs. The other sites included one selling “RU-486, better known as the abortion pill, which is normally taken under close supervision of a doctor.” Another site sold the psychotropic drugs Xanax and Valium, both without any need of a doctor’s prescription. In a final example the feds created a ‘Trojan Horse’ site; in which a pharmacy site that held a valid license also had sales for “three clearly disreputable online pharmacies.”

The chilling thing I found in this article was it reported that in each one of the false scenarios, Whitaker was reported to have explained to the Google representative the true nature and purpose of the site. All of the information that Whitaker conveyed made clear that these sites were designed to sell drugs which are illegal in the US, without a doctor’s prescription. In just over the span of three months, the undercover operation spent over $200,000 with Google.

Google ended up settling with the US government for a fine of $500 million. Although Pearson did not quote the US Assistant District Attorney, who headed the investigation and enforcement action, Peter Neronha, was quoted as telling the Wall Street Journal (WSJ) the “culpability went far higher than the sales reps that Whitaker worked with. Indeed, he said, some of the company’s most powerful executives were aware that illegal pharmacies were advertising on the site.” Google itself would not comment for the Pearson article.

From the account in the Pearson piece it would appear that Google had a system in place to check and make sure that it was not advertising sites which sold illegal drugs but that system, both human and automated, was worked around. For the anti-corruption compliance practitioner, I think that there are several key lessons which can be learned from this tale.

Train, Train, Train. If you sell services, which can be used to facilitate illegal conduct, you need to train your sales force to watch out for signs of that illegal activity. The initial Google sales representative who was contacted by Whitaker should have been the first line of prevention to stop the issue before it came up for the company.

Monitor, Monitor, Monitor. There should be several types of monitoring. If a business name comes through your system and it is rejected, there should be a monitoring mechanism in place to note if it reappears later or is approved through some other means, as was done in this situation. Similarly, if the name of a business owner comes up in connection with another company, there needs to a mechanism in place to perform a cross check. The sales representatives should also be monitored to determine if they are manipulating the system.

Incentives, Incentives, Incentives. While not discussed in the Pearson article, what do you want to bet that the Google sales representatives were compensated, at least in part, with a commission based upon the number of GoogleAds that they sold? If your compensation structure or other incentive structure rewards people who use shortcuts, then there will always be employees who take them.

Audit, Audit, Audit. Remember the part of the story about how the Google sales representative would advise Whitaker how to scrub his website of key words, search terms and other information which would indicate that it was selling illegal pharmaceuticals only to reinsert those on the site after the scrubbed site had been approved? You need to audit to determine if any illegal conduct has begun after the contract is signed. And if you do not have audit rights, you have a very slim chance of actually performing an audit.

© Thomas R. Fox, 2013

Leave a Comment

August 16, 2012

When to Not Use the F-Bomb? The Standard Chartered AML Settlement

Filed under: Anti-Money Laundering,compliance programs,Financial Times,Monitors,Wall Street Journal — tfoxlaw @ 5:35 am
Tags: AML, compliance, compliance programs, DFS, idiotic emails, internal investigations

I guess it is appropriate that the word “F-Bomb” will now, as of next week and for the first time, be in the mainstream Merriam-Webster’s Collegiate Dictionary. I say this while thinking about Howard Sklar’s blog post, entitled “Best.Quote.Ever”, in which he cited the following email from Standard Chartered Bank’s (SBC) Group Executive Director to its head of Compliance in New York.

You f…ing Americans. Who are you to tell us, the rest of the world, that we’re not going to deal with Iranians?

[Ed. Note – This is a PG-rated blog so we have edited the curse word. We would note that the family G-rated New York Times (NYT) cut the entire first sentence from its reporting.]

Well, as of yesterday, SBC seems to have found the understanding that if you are going to do business, in at least the state of New York, you had better follow the rules as it agreed to pay a $340MM fine to the New York state Department of Financial Services (DFS) for breaking the law. Unfortunately, the SBC settlement was just one more in long line of settlements by banks for violations of anti-money laundering (AML) laws. In an article in the <>Wall Street Journal (WSJ), entitled “British Bank Settles Iran Money Case”, reporter Liz Rappaport cited figures from the US Department of Treasury and Justice Department regarding the largest US anti-money laundering settlements.

AML Penalty Box of Settlements

*Bank*	*Amount (all in $millions)*	*Date of Settlement*
ING Bank	$619	June 2012
Lloyds TSB Bank	$567	December 2009
Credit Suisse	$536	December 2009
Royal Bank of Scotland	$500	May 2012
Standard Chartered	$340	August 2012
Barclays	$298	August 2012

We also note, as reported in the WSJ, that HSBC Holding has publicly announced it “has reserved $700 million to pay fines” relating to its AML violations.

While the amount paid by SBC is low on the scale of fines paid to date, Rappaport quoted analysts as saying “the settlement is a good outcome for Standard Chartered. They say the penalty is manageable for a bank that generated nearly $4 billion in profit in the first half of 2012.” However, there were some components of this settlement that could cause SBC further pain down the line. The first, as reported in a Financial Times (FT) article entitled “StanChart settles NY claims for $340m”, is that the agreement is with the state of New York regulators only. It does not cover the “US Department of Treasury, Department of Justice, Federal Reserve and Federal Bureau of Investigation” all of whom are “also probing the bank’s transactions with Iran” in long running investigations. Credit Suisse analyst Amit Goel was quoted in another WSJ article, entitled “Standard Chartered Faces a New Normal in New York”, that “We would expect the other regulators to settle in due course, and the fines may be material, but we think the aggregate cost will be below $1 billion and will not require the company to issue any additional equity.”

In addition to these ongoing investigations SBC will have not only an external monitor, appointed by the New York DFS, but also examiners from the DFS installed on site at the bank who “will assess the money-laundering risk controls in StanChart’s New York branch, advise on the implementation of “corrective measures” and report back to the DFS for a full two years.” I can assure SBC that having such compliance monitors, both external and from the DFS, will prove to be very disruptive to their ongoing business operations. A bank spokesman was quoted, in a WSJ article, as saying “the bank said it has no idea how intrusive the installation of monitors might be because the final details have yet to be hammered out.” Indeed.

So how about that idiotic email that started this piece. I would say that SBC needs some serious training on email etiquette. Maybe they could have Bobby Knight come in for sensitivity training? Or maybe, just maybe, they could follow the law.

Comments (1)

June 20, 2012

DS&S DPA: Lessons Learned for the Compliance Practitioner

On Monday, June 18, the Department of Justice (DOJ) announced the resolution of a matter involving violations of the Foreign Corrupt Practices Act (FCPA) by Data Systems & Solutions LLC (DS&S), a US entity based in Virginia. The settlement resulted in the company agreeing to a two year and 7 day Deferred Prosecution Agreement (DPA). The case was interesting for a number of reasons and it has some significant lessons which the compliance practitioner can put into place in a corporate compliance program. The charges related to DS&S’s business included the design, installation and maintenance of instrumentation and controls systems at nuclear power plants, fossil fuel power plants and other critical infrastructure facilities. In reading the Criminal Information, I can only say that this was no one-off or rogue employee situation but this was a clear, sustained and well known bribery scheme that went on within the company.

I. The Criminal Information

The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.

The Players Box Score

DS&S Officials	INPP Officials	Subcontractors
Exec A – VP of Marketing and Business Development (BD)	Official 1 – Deputy Head of Instrumentation and Controls Department	Subcontractor A – Simulation Technology Products and Services
	Official 2 – Head of Instrumentation and Controls Department	Subcontractor B – Beneficially owned by Official 1 and which employed INPP Officials
	Official 3 – Director General at INPP	Subcontractor C – Shell company used a funneling entity to pay bribes
	Official 4 – Head of International Projects at INPP
	Official 5 – Lead SW Engineer at INPP

The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid in the Information reflected the following techniques used by:

Payment of bribes by Subcontractors to Officials on behalf of DS&S;
Direct payment of bribes by DS&S into US bank accounts controlled by INPP Officials;
Creation of fictional invoices from the Subcontractors to fund the bribes;
Payment of above-market rates for services allegedly delivered by the Subcontractors so the excess monies could be used to fund bribes;
Payment of salaries to INPP Officials while they were ‘employed’ by Subcontractor B;
Providing travel and entertainment to Officials to Florida, where DS&S has no facilities and which travel and entertainment had no reasonable business purpose; and last but not least…
Purchase of a Cartier watch as a gift.

II. The Deferred Prosecution Agreement

I set out these details with some specificity for two reasons. The first is that the Information is a must read for anyone in Internal Audit who reviews books and records. It gives you the precise types of Red Flags to look for. But secondly is the fact that DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines. The calculation as listed in the DPA is as follows:

Calculation of Fine Range:

Base Fine $10,500,000

Multipliers 1.20(min)/2.40(max)

Fine Range $12,600,000/$25,200,000

The ultimate fine paid by DS&S was only $8.82MM, which the DPA states is “an approximately thirty-percent reduction off the bottom of the fine range…” So for the compliance practitioner the question is what did DS&S do to get such a dramatic reduction? We know that one thing they did NOT do was self-report as the DPA notes that this case began as a DOJ investigation and DS&S received Subpoenas “in connection with the government’s investigation.” However, after this initial delivery of Subpoenas DS&S engaged a clear pattern of conduct which led directly to this 30% discount of the low end of the fine range. The DPA reports that DS&S took the following steps:

Internal Investigation. DS&S initiated an internal investigation and provided real-time reports and updates of its investigation into the conduct described in the Information and Statement of Facts.
Extraordinary Cooperation. DS&S’s cooperation has been extraordinary, including conducting an extensive, thorough, and swift internal investigation; providing to the Department searchable databases of documents downloaded from servers, computers, laptops, and other electronic devices; collecting, analyzing, and organizing voluminous evidence and information to provide to the DOJ in a comprehensive report; and responding promptly and fully to the DOJ’s requests.
Extensive Remediation. The number of steps DS&S took in regard to remediation included the following:
- Termination of company officials and employees who were engaged in the bribery scheme;
- Dissolving the joint venture and then reorganizing and integrating the dissolved entity as a subsidiary of DS&S;
- Instituting a rigorous compliance program in this newly constituted subsidiary;
- Enhancing the company’s due diligence protocols for third-party agents and subcontractors;
- Chief Executive Officer (CEO) review and approval of the selection and retention of any third-party agent or subcontractor;
- Strengthening of company ethics and compliance policies;
- Appointment of a company Ethics Representative who reports directly to the CEO;
- The Ethics Representative provides regular reports to the Members Committee (the equivalent of a Board of Directors in a LLC); and
- A heightened review of most foreign transactions.
- Enhanced Compliance Program. More on this in the next section.
- Continued Cooperation with DOJ. The company agreed to continue to cooperate with the Department in any ongoing investigation of the conduct of DS&S and its officers, directors, employees, agents, and subcontractors relating to violations of the FCPA and to fully cooperate with any other domestic or foreign law enforcement authority and investigations by Multilateral Development Banks.

III. Enhanced Compliance Obligations

One of the interesting aspects of the DS&S DPA is that there are 15 points listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:

13. DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.

14. DS&S will ensure that DS&S’s policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S’s policies and procedures regarding anticorruption laws.

b. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S’s FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during Mergers and Acquisitions (M&A). The five keys under these new items, 13 & 14 highlighted above, are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities “as quickly as practicable”; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might “present a corruption risk to DS&S” on the company’s policies and procedures and the law.

IV. Summary

The DS&S DPA provides some key points for the compliance practitioner. First and foremost, I believe that it demonstrates the reasonableness of the DOJ. The bribery scheme here was about as bad as it can get, short of suitcases of money carried by the CEO to pay bribes. The company did not self-report, yet received a significant reduction on the minimum level of fine. The specificity in the DPA allows a compliance practitioner to understand what type of conduct is required to not only avoid a much more significant monetary penalty but also a corporate monitor. Lastly, is the specific guidance on FCPA compliance in relation to M&A activities, to the extent that if anyone in the compliance arena did not understand what was required in the M&A context; this question would seem to be answered in the DS&S DPA.

Leave a Comment

March 19, 2012

The BizJet DPA: Cooperation is the Key

Filed under: compliance programs,Deferred Prosecution Agreement,Department of Justice,FCPA,FCPA Professor,FCPABlog,Federal Sentencing Guidelines,Monitors — tfoxlaw @ 1:01 am
Tags: compliance programs, Department of Justice, DOJ, FCPA, FCPA Blog, FCPA Professor, Sentencing Guidelines

Last week, the Department of Justice (DOJ) announced the resolution of an enforcement action under the Foreign Corrupt Practices Act (FCPA) involving the Tulsa based company, BizJet. The company is in the business of providing aircraft maintenance, repair and overhaul services (MRO) to customers in the US and internationally. BizJet ran into FCPA trouble regarding its Latin American operations, specifically in the countries of Mexico and Panama. BizJet employees and executives were involved in multi-year running bribery scheme which paid hundreds of thousands of dollars for these MRO contracts. These payments were discussed at the highest levels of the company, including the Board of Directors, and occurred from 2004 until 2010.

BizJet Bribery Box Score

The Deferred Prosecution Agreement (DPA) listed the following instances of recorded bribery, a/k/a the “BizJet Bribery Box Score”.

BizJet Executive or Employee Named	Payment Made To	Amount of Payment	Others Involved
Sales Manager A	Official 6	Cell Phone and $10K	Executive B and C
Sales Manager A	Official 3	$2K	Executive B
Executive B, C and Sales Manager A	Official 2	$20K
Executive C	Official 2	$30K	Sales Manager A
Executive B	Mexican Federal Police Chief	$10K	Executive C and Sales Manager. A
Executive C	Official 5	$18K	Sales Manager A
Sales Manager A	Official 4	$50K
Sales Manager A	Mexican Federal Police	$176	Executive C
Sales Manager A	Official 4	$40K
Sales Manager A	Mexican Federal Police	$210K	Executive C
Sales Manager A	Official 5	$6K	Executive C
Executive C	Official 5	$22K

The above bribes were characterized as “commission payments” and “referral fees” on the company’s books and records. Payments were made from both international and company bank accounts here in the United States. In other words, this was as clear a case of a pattern and practice of bribery, authorized by the highest levels of the company, paid through US banks and attempts to hide all of the above by mis-characterizing them in the company’s books and records.

Reduction in Monetary Fine

I set out these facts as listed in the DPA in some detail to show the serious nature of enforcement action. However, the clear import that I found in this is that a company can make a comeback in the face of very bad facts. The calculation of the fine, based upon the factors set out in the US Sentencing Guidelines, ranged between a low of $17.1MM to a high of $34.2MM. The final agreed upon monetary penalty was $11.8MM. This is obviously a significant reduction from the suggested low or high end, or as was noted by the FCPA Blog “BizJet’s reduction was 30% off the bottom of the fine range, and a whopping 65% off the top of the fine range.”

How did BizJet achieve this reduction and avoid an external monitor? As reported by the FCPA Professor, the following were factors:

(a) following discovery of the FCPA violations during the course of an internal audit of the implementation of enhanced compliance related to third-party consultants, BizJet initiated an internal investigation and voluntarily disclosed to the DOJ the misconduct …;

(b) BizJet’s cooperation has been extraordinary, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the DOJ;

(c) BizJet has engaged in extensive remediation, including terminating the officers and employees responsible for the corrupt payments, enhancing its due diligence protocol for third-party agents and consultants, and instituting heightened review of proposals and other transactional documents for all BizJet contracts;

(d) BizJet has committed to continue to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in the” corporate compliance program set forth in an attachment to the DPA; and

(e) “BizJet has agreed to continue to cooperate with the DOJ in any ongoing investigation of the conduct of BizJet and its officers, directors, employees, agents, and consultants relating to violations of the FCPA.

Reports to the DOJ

As mentioned, the company avoided an external monitor. However, it agreed that it would report “at no less that twelve-month intervals during the three year term” [of the DPA] to the DOJ on “remediation and implementation of the compliance program and internal controls, policies and procedures” which were listed in Attachment C to the DPA (the DOJ guidelines for a minimum best practices compliance program). The initial report was required to be delivered one year from the date of the DPA and would also include BizJet’s proposals “reasonably designed to improve BizJet’s internal controls, policies and procedures for ensuring compliance with the FCPA and other applicable anti-corruption laws.”

Cooperation is the Key

Last week I attended the Ethisphere 2012 Global Ethics Summit where Lanny Breuer closed the conference. He did not present a speech but engaged in dialogue with Alex Brigham and took questions from the audience. One of the clear points Breuer emphasized was that if companies will come to the DOJ, make a voluntary disclosure and fully cooperate, it will pay dividends. I believe that this is clearly the case in the BizJet matter. Here you had a multi-year bribery scheme in place, not only approved at the highest levels of the company but with active involvement from senior managers, yet the final monetary penalty was almost 30% below even the lowest in the Sentencing Guideline range. Clearly BizJet benefited through its cooperation with the DOJ and that message should be made clear to any other company which might find itself in such a “fine mess.”

Leave a Comment

FCPA Compliance and Ethics Blog

December 17, 2014

Scrooge and Corporate Settlement Agreements

April 17, 2014

Post Traumatic Settlement Disorder

December 30, 2013

More on the ADM FCPA Settlement

December 12, 2013

What a Long Strange Trip It’s Been – The Bilfinger FCPA Settlement

December 4, 2013

The Weatherford FCPA Settlement, Part III

June 6, 2013

We Say Good-Bye to the Secretary of Defense and Total Says Hello to Two Monitorships – Total Part III

May 19, 2013

The Drugstore Cowboy and Compliance

August 16, 2012

When to Not Use the F-Bomb? The Standard Chartered AML Settlement

June 20, 2012

DS&S DPA: Lessons Learned for the Compliance Practitioner

March 19, 2012

The BizJet DPA: Cooperation is the Key

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey