FCPA Compliance and Ethics Blog

December 12, 2013

What a Long Strange Trip It’s Been – The Bilfinger FCPA Settlement

Earlier this week the Department of Justice (DOJ) announced it had resolved an ongoing Foreign Corrupt Practices Act (FCPA) with German entity Bilfinger SE (Bilfinger). This case involved the same background facts and events as the Willbros corporate FCPA enforcement action and the related individual enforcement actions with some of its former employees. The facts in this case were bad, bad, bad. The FCPA Professor went into a deep dive on the case in a blog post, entitled “German Company Resolves FCPA Enforcement Action Based On Conduct From “The Distant Past””. In another blog post, entitled “Of Note From The Bilfinger Enforcement Action”, he questioned why this particular enforcement action took so long to resolve.  Whatever the answer to that question might be, there are several interesting aspects to the matter which are of significance to the compliance practitioner, which I will highlight in this post.

I.                    DOJ Fine Calculation

To resolve the criminal aspects of this case, Bilfinger agreed to pay a $32 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ. The thing that I found interesting about the fine calculation, as set out in the DPA, was the large increase in the amount due to the size of the bribery paid which increased the point calculation under the US Sentencing Guidelines by +18 and the increase for the payment of multiple bribes by +2.. The company only received a -2 for its cooperation in the investigation, clearly demonstrating recognition and affirmative acceptance of responsibility for its criminal conduct. The company did not self-disclose so it did not receive any credit under the US Sentencing Guidelines for that affirmative conduct. The calculated fine range was between $28MM to $56MM so the company received a fine at the lower end of the range. But not less than the lower end or event at the end.

II.                Landscaping Account to Pay Bribes

One of the interesting techniques that the company used to physically pay the bribes was through a petty cash account in the Joint Venture’s (JV) office in Nigeria. The DOJ has long cautioned companies about maintaining significant amounts of petty cash in offices or the undocumented use of petty cash accounts as a mechanism to funnel bribes. In this case, Bilfinger ingeniously said the cash was going to the Nigeria operation to pay “landscaping expenses”. With $6MM in bribes paid out, one might think the company was landscaping the Gardens at Versailles but the lesson learned for the compliance practitioner is that accounts which might appear to be legitimate business expenses need to be scrutinized though monitoring and auditing.

III.             Political Parties

Most compliance practitioners are well aware that the FCPA applies to government officials, their family members and similarly situated officers, directors and employees of state owned enterprises. However, in the Bilfinger enforcement action, the company paid bribes to “the dominant political party in Nigeria” which was not named in the Information of the DPA. The Anti-Bribery Provisions of the FCPA states:

§ 78dd-1. Prohibited foreign trade practices by issuers

(a)    Prohibition (b)

It shall be unlawful for any issuer which has a class of securities registered pursuant to section 78l of this title or which is required to file reports under section 78o(d) of this title, or for any officer, director, employee, or agent of such issuer or any stockholder thereof acting on behalf of such issuer, to make use of the mails or any means or instrumentality of interstate commerce corruptly in furtherance of an offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to–

(2) any foreign political party or official thereof or any candidate for foreign political office for purposes of–

(A) (i) influencing any act or decision of such party, official, or candidate in its or his official capacity, (ii) inducing such party, official, or candidate to do or omit to do an act in violation of the lawful duty of such party, official, or candidate, or (iii) securing any improper advantage; or

(B) inducing such party, official, or candidate to use its or his influence with a foreign government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality in order to assist such issuer in obtaining or retaining business for or with, or directing business to, any person; or.

IV.              Best in Class Compliance Program

During the pendency of the investigation, Bilfinger moved to create a best practices compliance program. They appear to have done so and agreed in the DPA to continue to maintain such a compliance program. Under Schedule C to the DPA, it set out the compliance program which the company had implemented and continued to keep in place, at least during the length of the DPA. It included the following components.

  1. High level commitment from company officials and senior management to do business in compliance with the FCPA.
  2. A substantive written anti-corruption compliance code of conduct.
  3. Written policies and procedures to implement this code of conduct.
  4. A robust system of internal controls, including accounting and financial controls.
  5. Risk assessments and risk reviews of its ongoing business.
  6. No less than annual assessments of its overall compliance program.
  7. Appropriate oversight and responsibility of a Chief Compliance Officer.
  8. Effective training for all employees and relevant third parties.
  9. An effective compliance function which can provide guidance to company employees.
  10. A robust internal reporting system.
  11. Effective investigations of any reported compliance issue.
  12. Appropriate incentives for employees to do business ethically and in compliance.
  13. Enforced discipline for any employee who violates the company’s compliance program.
  14. Suitable due diligence and management of third parties and business partners.
  15. A correct level of pre-acquisition due diligence for any merger or acquisition candidate, including a risk assessment and reporting to the DOJ if the company uncovers any FCPA-violative conduct during this pre-acquisition phase.
  16. As soon as practicable, Bilfinger will integrate any newly acquired entity into its compliance regime, including training of all relevant new employees, a FCPA forensic audit and reporting of any ongoing violations.
  17. Ongoing monitoring, testing and auditing of the company’s compliance function, taking into account any “relevant developments in the field and the evolving international and industry standards.”

V.                 Monitor

Bilfinger also agreed to an external monitor. However, the term of the monitor is not the entire length of the three-year DPA; the term of the monitor is only 18 months. The monitor’s primary function is to assess the company’s compliance with the terms of the DPA and report the results to the DOJ at least twice during the terms of the monitorship. After this 18 month term the DOJ will allow the company to self-report to the regulators. It should be noted that the term of the external monitor can be extended by the DOJ.

VI.              Who Pays the Cost of Bribery

The final point that I wish to raise is about the insidiousness of bribery and corruption and the true cost. To facilitate its illegal conduct Bilfinger (and Willbros) increased their charges to the various Nigerian entities which were paying for the project in question by 3%. So it was not Bilfinger and Willbros paying the bribes out of their collective corporate pocket but it was the people of Nigeria who were funding the western companies’ bribes. It does not get much worse or arrogant than that in the corporate world.

The Bilfinger enforcement action moves towards the ending of one of the sorriest examples of corporate malfeasance in the FCPA world. While it took a long time, justice has certainly been a long time coming. With the continued flight from justice of former Willbros employee James Tillery who renounce his US citizenship to try and escape prosecution by taking refuge in Nigeria; perhaps things are coming to an end. But with the conclusion of this corporate enforcement action against Bilfinger, perhaps there may be additional individual enforcement actions.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 8, 2013

And The Hits Just Keep on Coming for the ‘Sons and Daughters’ Hiring Program

About the best thing that you can say for the Houston Texans is that they did not lose on Sunday. Of course they did not play on Sunday, pathetically losing Week 14’s game last Thursday. For their season’s effort, the head coach was fired the next day. At least in the National Football League (NFL) there is accountability.

On the other hand, the hits just keep on coming for JP Morgan Chase. On the front page of Sunday’s New York Times (NYT), in an article entitled “Bank Tracked Business Linked to China Hiring”, reporters Ben Protess and Jessica Silver-Greenburg reviewed yet more potentially damning evidence in the Bank’s Foreign Corrupt Practices Act (FCPA) investigation. They were able to view documents which had been recently disclosed by JP Morgan Chase to the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in connection with the bank’s ongoing internal investigation into its ‘Sons and Daughters’ hiring program which apparently targeted the children of communist party officials and high ranking officials of state owned enterprises for employment in order to obtain business from their parents. The reporters noted, “Until now, the indications of a connection between the hires and business deals have not been so explicit.”

Emails, Spreadsheets and Whistleblowers

The reporters studied both documents and emails which seemed to indicate that the bank thought hiring of these sons and daughters would and did contribute in bringing business to the bank. The documents included spreadsheets “that list the bank’s “track record” for converting hires into business deals”. Another set of documents discussed in the article were described as “historical deal conversion” spreadsheets. The article went on to detail that in one column there was a list of the job candidates and in another column “the bank recorded its track record for winning business from the companies tied to the candidates.” There were other spreadsheets which listed the hires of well-connected children and the revenue that the bank earned from deals involving with hires linked to those companies. These other documents included spreadsheets which discussed “about 30 employees with ties to state-owned companies or Communist Party officials, including the daughter of the deputy minister of propaganda, a relative of a Chinese financial regulator and the nephew of the executive chairman at Sinotruk, which is part of a state-owned trucking enterprise.”

There were also emails cited in the article which seemed to indicate that depth and pervasiveness of the ‘sons and daughters’ hiring program. One email discussed “the “existing and potential business opportunities,” a senior JPMorgan executive in Hong Kong emphasized that the father of a job candidate was the chairman of the China Everbright Group, a state-controlled financial conglomerate. The executive also extolled the broader benefits of the hiring program, telling colleagues in another email: “You all know I have always been a big believer of the Sons and Daughters program — it almost has a linear relationship” with winning assignments to advise Chinese companies.”

In addition to these emails and documents discussed in the NYT article, the reporters also interviewed current and former bank employees. Apparently at least two whistleblowers came forward to identify the hiring scheme, “with one filing a complaint in April 2011 with the Hong Kong stock exchange and another coming forward to American authorities this year.” It has not been clear when JP Morgan Chase began its internal investigation or what was the genesis of the investigation.

The Tang Xiaoning Hiring

The article went into specifics with one of the hiring’s, that of “Tang Xiaoning, a onetime Goldman and Citigroup employee whose father is the chairman of the China Everbright Group, appeared to encapsulate the spirit of the “Sons and Daughters” program for state-owned clients. The father, approached a JPMorgan executive in Hong Kong in March 2010 about a position for his son, records and interviews show. The executive, who led JPMorgan’s China investment banking unit, welcomed the request and urged his colleagues in an email a day later to discuss “how we can leverage more on this account going forward.” But in an internal compliance form, the executive played down the significance of hiring Mr. Tang, documents show, saying there was “no expected benefit.”

Tang Xiaoning was subsequently hired on a one-year employment agreement. Thereafter his father, Tang Shuangning, who had done little if any business with the bank prior to the hiring of his son. But thereafter, “a China Everbright subsidiary hired the bank to advise on a $300 million private offering of shares, according to interviews. And in 2011, after Mr. Tang worked at JPMorgan for several months, China Everbright’s banking subsidiary hired JPMorgan as one of several financial advisers on its decision to become a public company, a deal that was delayed amid turmoil on the world’s markets.” In 2012, after two successive one-year extensions of his employment agreement, “China Everbright International, a subsidiary focused on alternative energy businesses, hired JPMorgan to advise on a $162 million sale of shares, according to Standard & Poor’s Capital IQ, a research service.” When the issue of a third one-year employment agreement it was clear what bank officials in China thought of the situation. The NYT article quoted an email which read, ““Given where we are on China Everbright, I think we may need another contract for Xiaoning,” the executive wrote.”

The article notes that the origins of the ‘Sons and Daughters’ hiring program was to comply with the FCPA. The reporters noted, “According to documents and interviews with current and former employees, JPMorgan created the “Sons and Daughters” program in 2006 with the expectation that the hires would receive heightened scrutiny. But by 2009, the “Sons and Daughters” program was putting the job candidates on the fast track to employment. The documents show that applicants from prominent Chinese families faced less stringent hiring standards — and fewer job interviews — than the average junior-level hire.” Moreover, there has apparently been no direct evidence of knowledge by the program at the corporate headquarters in New York.

Ongoing Monitoring is Critical

So for the compliance professional what are some of the lessons that can be drawn from this matter? First and foremost is that there needs to be ongoing monitoring to determine whether employees are staying within the compliance program. Even after all the important ethical messages from management have been communicated to the appropriate audiences and key standards and controls are in place, there should still be a question of whether the company’s employees are adhering to the compliance program. Two of the seven compliance elements in the Federal Sentencing Guidelines call for companies to monitor, audit, and respond quickly to allegations of misconduct. These three highlighted activities are key components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs.

Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks, and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local Finance departments in your foreign offices to ask if they’ve noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries in which they manage. Additionally, the global compliance committee should meet or communicate as often as every month to discuss issues as they arise. These ongoing efforts demonstrate that your company is serious about compliance.

This means that you may want to walk down the hall and talk to your company’s Human Resources (HR) Department to see if there is anything around hiring of the children or family members of government officials. You might also do some transaction monitoring to see if there are new clients, customers or projects which popped up suddenly as new business for the company. Or take it a step further to see if there were contracts or business retained because of any hiring.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 4, 2013

The Weatherford FCPA Settlement, Part III

Yesterday, I reviewed the conduct which Weatherford International Limited (Weatherford) engaged in over a period from 2002-2011 in connection with its Foreign Corrupt Practices Act (FCPA) investigation, noted the deficiencies in its compliance program and its internal controls and even how the company intentionally impeded the investigations of both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). Today, I want to look at how the company changed course in mid-stream during the investigation, brought in a top-notch and well respected lawyer as its Chief Compliance Officer (CCO), created a best-in-class compliance program; all of which saved the company millions of dollars in potential fines and penalties.

  1. I.                    DOJ Fine Calculation

To resolve the criminal aspects of this case, Weatherford agreed to pay an $87.2 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ. There was also another $65.6 million paid to the SEC. However the figure paid to the DOJ was at the very bottom range of a potential criminal penalty. The range listed in the DPA was from $87.2 to $174.3 million. In coming up with this range under the Federal Sentencing Guidelines, it is significant for the actions that Weatherford did not receive credit for during the pendency of the investigation. The company did not receive a credit for self-reporting. The company only received a -2 for its cooperation because prior to 2008 the company engaged in activities to impede the regulators’ investigation.

So the fine range could have been more favorable to the company. But the key is that Weatherford received the low end of the range. How did they do this?

A.     New Sheriff in Town

One of the key things Weatherford did was bring in Billy Jacobson as its CCO and give him a seat at the table of the company’s Executive Board. He was a Federal Prosecutor in the Fraud Section, Criminal Division, US Department of Justice. He also served as an Assistant Chief for FCPA Enforcement Department so we can assume he understood the FCPA and how prosecutors think through issues. (Jacobson also worked as a State Prosecutor in New York City, with my former This Week in FCPA co-host Howard Sklar, so shout out to Howard.) Jacobson was not hired directly from the DOJ but after he had left the DOJ and had gone into private practice. There is nothing that shows credibility like bringing in a respected subject matter expert and giving that person the tools and resources to turn things around.

But more than simply bringing in a new sheriff, Weatherford turned this talk into action by substantially increasing its cooperation with the government, thoroughly investigating all issues, turning over the results to the DOJ and SEC and providing literally millions of pages of documents to the regulators. The company also cleaned house by terminating officers and employees who were responsible for the illegal conduct.

B.     Increase in Compliance Function

In addition to establishing Jacobson in the high level CCO position, the company significantly increased the size of its compliance department by hiring 38 compliance professionals and conducted 30 anti-corruption compliance reviews in the countries in which Weatherford operates. This included the hiring of outside consultants to assess and review the company’s compliance program and beefing up due diligence on all third parties, including those in the sales and supply chain, joint venture (JV) partners and merger or acquisition (M&A) candidates. The company also agreed to continue to enhance its internal controls and books and records to prevent and/or detect future suspect conduct.

If you have ever heard any of the current Weatherford compliance professionals speak at FCPA conferences, you can appreciate that they are first rate; that they know their stuff and the company supports their efforts on an ongoing basis.

C.     Best in Class Compliance Program

During the pendency of the investigation, Weatherford moved to create a best practices compliance program. They appear to have done so and agreed in the DPA to continue to maintain such a compliance program. Under Schedule C to the DPA, it set out the compliance program which the company had implemented and continued to keep in place, at least during the length of the DPA. It included the following components.

  1. High level commitment from company officials and senior management to do business in compliance with the FCPA.
  2. A substantive written anti-corruption compliance code of conduct.
  3. Written policies and procedures to implement this code of conduct.
  4. A robust system of internal controls, including accounting and financial controls.
  5. Risk assessments and risk reviews of its ongoing business.
  6. No less than annual assessments of its overall compliance program.
  7. Appropriate oversight and responsibility of a Chief Compliance Officer.
  8. Effective training for all employees and relevant third parties.
  9. An effective compliance function which can provide guidance to company employees.
  10. A robust internal reporting system.
  11. Effective investigations of any reported compliance issue.
  12. Appropriate incentives for employees to do business ethically and in compliance.
  13. Enforced discipline for any employee who violates the company’s compliance program.
  14. Suitable due diligence and management of third parties and business partners.
  15. A correct level of pre-acquisition due diligence for any merger or acquisition candidate, including a risk assessment and reporting to the DOJ if the company uncovers and FCPA-violative conduct during this pre-acquisition phase.
  16. As soon as practicable, Weatherford will integrate any newly acquired entity into its compliance regime, including training of all relevant new employees, a FCPA forensic audit and reporting of any ongoing violations.
  17. Ongoing monitoring, testing and auditing of the company’s compliance function, taking into account any “relevant developments in the field and the evolving international and industry standards.”

D.    Monitor

Weatherford also agreed to an external monitor. However, the term of the monitor is not the entire length of the three-year DPA; the term of the monitor is only 18 months. The monitor’s primary function is to assess the company’s compliance with the terms of the DPA and report the results to the DOJ at least twice during the terms of the monitorship. After this 18 month term the DOJ will allow the company to self-report to the regulators. It should be noted that the term of the external monitor can be extended by the DOJ.

II.                Conclusion

It certainly has been a long, strange journey for Weatherford. I should note that I have not discussed at all the Oil-For-Food aspect of this settlement, which was an additional $100MM penalty to the company. However, with regard to the FCPA aspects of the matter, there are some very solid and telling lessons to be drawn from this case. First and foremost is that cooperation is always the key. But more than simply cooperating in the investigation is that a company should take a pro-active approach to putting a best-in-class compliance program in place during, rather than after the investigation concludes. Also, a company cannot simply ‘talk-the-talk’ but must come through and do the work to gain the credit. The bribery schemes that the company had engaged in and the systemic failures of its compliance program and internal controls, should serve as a good set of examples for the compliance practitioner to use in assessing a compliance program.

The settlement also sends a clear message from both the DOJ and SEC on not only what type of conduct will be rewarded under the US Sentencing Guidelines, but what they expect as a compliance program. One does not have read tea leaves or attempt to divine what might be an appropriate commitment to compliance to see what the regulators expect these day.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

December 3, 2013

The Weatherford FCPA Settlement, Part II

Yesterday, I reviewed the Weatherford International Limited (Weatherford) Foreign Corrupt Practices Act (FCPA) settlement. Today I will take a more focused look at the bribery schemes involved and the failure of the company to bring internal controls up to standard or even follow its own compliance program. Weatherford’s compliance program was a joke but worse was its conduct, which many in the company knew was illegal and reported internally but the company did not stop the conduct. The company also, early on in the investigation, actively impeded regulators access to personnel and documents. However, and this is one of the key messages from the Weatherford FCPA enforcement action, the company truly ‘turned it around’. Tomorrow we will explore how the company made this dramatic turnaround.

The bribery schemes had four basic scenarios and, for those of you keeping score at home, I have summarized them below.

I.                   Corrupt Conduct

Weatherford Bribery Box Score

Country Bribery Scheme Government or SOE Official Involved Amount of Bribe Paid
Angola Payments through 3rd parties Sonagol Drilling Manager $250K
Angola JV Partners Government Ministers, wives and other relatives $810K
Congo Payments thru 3rd parties SOE officials $500K
Middle East Countries Unauthorized distributor discounts SOE officials $11.8MM
Algeria Improper travel and entertainment SOE officials $35K
Albania Misappropriation of company funds Tax Auditors $41K

Angola

In Angola two separate bribery schemes were used. The first involved payment of a $250,000 bribe to the Sonagol Drilling Manager. To funnel the bribe the company retained a Swiss agent who paid the money. This Swiss agent billed Weatherford for non-existent and fraudulent services. He would retain a percentage of the total he billed as a commission and would pass the remainder to the Sonagol Drilling Manager. The bribery of the Drilling Manager also included a week long, all-expenses paid trip to Italy and Portugal, where only one of the days was business related.

The company continued this further creativity when it set up a joint venture (JV) which had two local JV partners, JV Partner A and JV Partner B. Partner A consisted of Sonagol government officials, their wives and other relatives and held a 45% stake in the overall JV. JV Partner B’s principals included the relative of an Angolan Minister, the relative’s spouse, and another Angolan official. It held 10% of the overall JV interest. Neither of these JV Partners contributed capital, expertise or labor to the JV. In addition to the straight quid pro quo of awarding Weatherford 100% of the Angolan well screens market, these JV Partners had contracts which were awarded to Weatherford competitors, revoked after the initial award and then awarded them to Weatherford.

Congo

In the Congo, Weatherford made over $500,000 in commercial bribe payments through the same Swiss Agent they had utilized in the initial Angolan bribery scheme to employees of a commercial customer, a wholly-owned subsidiary of an Italian energy company, between March 2002 and December 2008. The Swiss Agent’s role in the scheme included submitting false invoices and sending payments to individuals as directed by Weatherford Services Limited (WSL) employees and others. WSL employees created and sent false work orders to the Swiss Agent. The Swiss Agent, WSL employees and others knew the services would not be performed and that the work orders were a pretext to funnel money to the Swiss Agent. The Swiss Agent forwarded the money, less a commission, once again based on fraudulent invoices for non-existent services.

The Middle East

In certain un-named Middle Eastern countries between the years of 2005 and 2011 another Weatherford subsidiary employed another bribery scheme to funnel payments to officials of state owned National Oil Company (NOC). This bribery scheme entailed the awarding of improper “volume discounts” to a company that served as an agent, distributor and reseller which supplied Weatherford products to a state-owned and controlled NOC, believing that those discounts were being used to create a slush fund with which to make bribe payments to decision makers at the NOC.

The Securities and Exchange Commission (SEC) Complaint noted that as early as 2001, officials at the un-named national oil company directed Weatherford to sell goods to the company through a particular distributor. Prior to entering into the contract with the distributor, Weatherford did not conduct any due diligence on the distributor, despite: (a) the fact that the distributor would be furnishing Weatherford goods directly to an instrumentality of a foreign government; (b) the fact that a foreign official had specifically directed the company to contract with that particular distributor; and (c) the fact that Weatherford executives knew that a member of the country’s royal family had an ownership interest in the distributor. In late 2001, the company entered into a representation agreement with the distributor to sell its Completion and Production Systems products to the NOC.

Thereafter, the distributor created a slush fund by providing the distributor with unauthorized volume and pricing discounts, in addition to the agent’s 5% commission. Company employees intended that the slush fund would be used to pay officials at the un-named NOC. The “volume discounts” to the distributor were typically between 5-l0% of the contact price. The discounts allowed the distributor to accumulate funds which were used to pay bribes to the NOC officials.

Algeria

Weatherford also provided improper travel and entertainment to officials of the Algerian NOC, Sonatrach, which did not have any legitimate business purpose. The SEC Complaint detailed the following improper travel and entertainment provided to Sonatrach officials:

  • June 2006 trip by two Sonatrach officials to the FIFA World Cup soccer tournament in Hanover, Germany;
  • July 2006 honeymoon trip of the daughter of a Sonatrach official; and
  • October 2005 trip by a Sonatrach employee and his family to Jeddah, Saudi Arabia, for religious reasons that were improperly booked as a donation.

In addition, on at least two other occasions, Weatherford provided Sonatrach officials with cash sums while they were visiting Houston. For example, in May 2007, Weatherford paid for four Sonatrach officials, including a tender committee official, to attend a conference in Houston. Further, the company provided an approximate $24,000 cash advance for the trip where there was no evidence of any legitimate business purpose or promotional expenses.

Albania

In Albania, Weatherford had a tax evaluation problem. To deal with this issue the general manager and financial manager of the company’s Italian subsidiary misappropriated over $200,000 of company funds, to fund a bribery scheme involving Albanian tax auditors. The general manager, financial manager and the Albania country manager made $41,000 in payments to Albanian tax auditors who questioned details of the company’s accounts and demanded payment to close out the audit or speed up the certification process in 2001, 2002 and 2004.

The general manager and financial manager misappropriated the funds by taking advantage of Weatherford’s inadequate system of internal accounting controls. They misreported cash advances, diverted payments on previously paid invoices, misappropriated government rebate checks and received reimbursement of expenses that did not relate to business activities. A memo drafted by the general manager and financial manager in the months after their co-worker confronted them discussed the misappropriated funds and indicated that funds were paid to tax auditors in Albania and others for the benefit of Weatherford. This was the bribery scheme which was reported to the company and the internal whistle-blower employee was terminated.

II.                Program Deficiencies Lack of Cooperation

The DPA laid out in equally stark terms the complete and utter disregard, non-existence of and/or complete failure of any systemic compliance program, prior to 2008. These deficiencies included:

  • Failure to establish internal accounting controls to prevent bribery and corruption;
  • Failure to perform due diligence on any prospective third parties, including who they were, ultimate beneficial ownership and business justifications;
  • Failure to perform due diligence or in any meaningful manage joint venture partners;
  • Failure to have any meaningful internal controls for gifts, travel and entertainment;
  • No effective internal reporting system for FCPA violations or issues; and
  • (Most amazingly) No Chief Compliance Officer or even compliance professionals in a multi-billion dollar, multi-national company in the energy industry.

In addition to all of the above, Weatherford engaged in active conduct to impede the investigations of both the SEC and DOJ. In one instance, the company told investigators that a key witness was dead when he was not only still alive and well but working for Weatherford. In other instances, the company, emails were deleted by employees prior to the imaging of their computers. It was also noted that Weatherford failed to secure important computers and documents and allowed potentially complicit employees to collect documents subpoenaed by the staff.

Tomorrow, the Weatherford compliance comeback.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

April 18, 2013

What’s the Message from BizJet? Self-Disclose and Cooperate

Over the past week there has been a plethora of Foreign Corrupt Practices Act (FCPA) enforcement actions released. One group was the four enforcement actions involving individuals concerning BizJet. While I cannot say that the enforcement actions against the individuals were stunning, perhaps what was surprising were the penalties that two of the individual received. The lineup of those three BizJet executives and one employee involved in these enforcement actions is as follows:

  1. Bernd Kowalewski – President and Chief Executive Officer (CEO);
  2. Peter DuBois – Vice President of Sales and Marketing;
  3. Neal Uhl – Vice President of Finance; and
  4. Jald Jensen – Regional Sales Manager

Defendants DuBois and Uhl pled guilty in January, 2012 and had their pleas unsealed on April 5, 2013. Defendants Kowalewski and Jensen were charged by Criminal Indictment, also in January, 2012 but are still at large today. The Department of Justice (DOJ) Press Release states that “The two remaining defendants are believed to remain abroad.”

BizJet Bribery Box Score

From the previously released Bizjet Deferred Prosecution Agreement (DPA) and the recently released documents, I have updated the “BizJet Bribery Box Score”.

BizJet Executive or Employee Named Payment Made To Amount of Payment Others Involved
Jald Jensen Official 6 Cell Phone and $10K Peter DuBois and Neal Uhl
Jald Jensen Official 3 $2K Peter DuBois
Peter DuBois, Neal Uhl and Jald Jensen Official 2 $20K
Neal Uhl Official 2 $30K Jald Jensen
Peter DuBois Mexican Federal Police Chief $10K Neal Uhl and Jald Jensen
Neal Uhl Official 5 $18K Jald Jensen
Jald Jensen Official 4 $50K
Jald Jensen Mexican Federal Police $176 Neal Uhl
Jald Jensen Official 4 $40K
Jald Jensen Mexican Federal Police $210K Neal Uhl
Jald Jensen Official 5 $6K Neal Uhl
Neal Uhl Official 5 $22K

The above bribes were characterized as “commission payments” and “referral fees” on the company’s books and records. Payments were made from both international and company bank accounts here in the United States. In other words, this was as clear a case of a pattern and practice of bribery, authorized by the highest levels of the company, paid through US banks and attempts to hide all of the above by mis-characterizing them in the company’s books and records.

Penalty Box Score

As bad as the conduct of the BizJet executives and sales manager was – and it was very bad – the thing that stood out in the enforcement actions announced last week was the sentences. So without further ado here is the “Penalty Box Score” for defendants DuBois and Uhl.

Individual Fine or Disgorgement Potential Incarceration Actual Incarceration
Peter DuBois $159,950 108 to 120 months in jail 8 months home incarceration, 60 month’s probation
Neal Uhl $10,000 60 months in jail 60 month’s probation

The clear import of the BizJet DPA was that a company can make a comeback in the face of very bad facts. In the BizJet DPA, the calculation of the fine, based upon the factors set out in the US Sentencing Guidelines, ranged between a low of $17.1MM to a high of $34.2MM. The final agreed upon monetary penalty was $11.8MM. This was a significant reduction from the suggested low or high end, or as was noted by the FCPA Blog “BizJet’s reduction was 30% off the bottom of the fine range, and a whopping 65% off the top of the fine range.” Finally, BizJet was able to avoid having an external monitor put in place.

Cooperation is the Key

What led to these sentence reductions? Quite simply the answer is full cooperation with the DOJ. The FCPA Professor stated, in a post entitled “Unsealed Documents In Enforcement Acton Against Former BizJet Executives Reveal A Trove Of Information”, that “As part of his plea agreement, DuBois worked in an undercover capacity for the government. The motion specifically states as follows. “As part of his work in an undercover capacity, Mr. DuBois has recorded conversations with former BizJet executives and other subjects of the government’s ongoing investigation.” Later, the motion to seal states that “public identification of Mr. DuBois as a defendant who likely is cooperating with the government may jeopardize the undercover aspect of the government’s investigation.”

In addition to his work as an undercover operative, the Professor quoted from the DOJ Sentencing Memorandum that “assisted in the investigation from the outset and cooperated fully with the government throughout its investigation. DuBois submitted to multiple interviews by the government and has assisted in every way that the government has asked. DuBois told the truth to the government from the outset and continued to do so up until this very day. DuBois’ cooperation not only assisted the government in connection with its investigation into BizJet, but also led to the investigation of another maintenance, repair, and overhaul company engaged in a similar scheme to pay bribes to government officials overseas.”

With regarding to UHL, the Professor quoted from the DOJ Motion for a Downward Departure as follows, “Uhl “agreed to a voluntary proffer session and, when confronted by the government, admitted to the illegal conduct. Throughout the course of the investigation, Uhl was cooperative and provided truthful information that substantially assisted the government in confronting other co-conspirators and witnesses. Uhl offered to assist in any way that he could.”

In another post, entitled “Where Was the BizJet Board?”, the FCPA Professor noted that the conduct engaged in by BizJet was “egregious” and I would certainly second that, perhaps adding that it was about as bad as it could get in the FCPA world. He goes on to state that “Yet, BizJet was allowed to resolve the enforcement action via a deferred prosecution agreement, meaning that should it abide by the terms and conditions of the agreement, BizJet will never be required to plead guilty to anything.” He went on to pose the question, “If that is the DOJ position, then it must be asked – does corporate criminal liability actually mean anything if a company like BizJet – given the DOJ’s allegations – is not actually criminally prosecuted or required to plead guilty?” He ended his post with the following, “In short, the resolution vehicles the DOJ has created and championed has again lead to a “facade of enforcement” – albeit an instance on the opposite end of the spectrum that I normally highlight.”

I think that there is another way to look at the BizJet enforcement action and the individual enforcement actions against DuBois and Uhl. BizJet self-disclosed to the DOJ, engaged in what the DOJ termed “extraordinary cooperation” and remediated the people and conduct in question. Further, DuBois and Uhl not only offered themselves up but actively worked with and assisted the DOJ in its investigation going forward. If one of the goals of the DOJ is to achieve greater compliance with the FCPA, I think that the BizJet cases is a clear demonstration that if a company has FCPA violations they can self-disclose and be given credit for working very diligently in conjunction with the DOJ to remedy the conduct at issue and move the investigation forward.

I believe the same is true for individuals who have engaged in FCPA violations. If a person provides the same level of cooperation as DuBois and Uhl and the DOJ then prosecutes them to the full extent of the US Sentencing Guidelines, how much cooperation do you think the DOJ will engender going forward once the word gets out in the white collar defense bar?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

September 7, 2012

The Five Essential Elements of a Corporate Compliance Program-Part I

Next Tuesday morning, at the University Club of Chicago, Stephen Martin and I will co-present at a Foreign Corrupt Practices Act (FCPA) event hosted by Kreller. If you are in or near Chicago I hope that you can join us. The title of our presentation is “Anti-Corruption/FCPA Developments & Best Practices” and we will focus on a concept that Stephen and his partners at the law firm of Baker & McKenzie have developed which are five essential elements of a corporate compliance program. Over the next two posts, I will sketch out what Stephen and I will be presenting. In today’s post I will present the background to the development of the five essential elements and in Part II, I will go through the remaining elements.

First a word about Stephen Martin; for those of you who do not know Stephen Martin, he has a long and distinguished legal and compliance career. He was at the Department of Justice (DOJ) and then moved in-house, helping some of America’s largest companies to wade through major corporate scandals. He was most recently the General Counsel (GC) at Corpedia before heading into private practice at Baker & McKenzie. He has been around the (compliance) block more than once and I can assure you that he knows his FCPA compliance stuff. He is certainly one of the practitioners that I would go see to make a FCPA compliance presentation.

Why is it important to have such a compliance program? I will answer in two words, Morgan Stanley. The declination to prosecute, issued by the DOJ, provides the most recent and powerful evidence of the benefits of investing in compliance. Morgan Stanley’s pre-existing compliance program was highlighted in press releases and public comments as the biggest reason for the Government’s decision not to prosecute the bank. The decision not to prosecute was based on evidence of:

•           Rigorous internal controls;

•           Regular training and reminders on FCPA policy and compliance;

•           Internal policies addressing the corruption risks associated with the giving of gifts, business entertainment, travel, lodging, meals, charitable contributions and employment, that were updated regularly to reflect regulatory developments and specific risks;

•           Compliance program monitoring and auditing; and

•           Extensive pre-retention due diligence on business partners and stringent controls on payments to business partners.

The five essential elements of a corporate compliance program are based upon the best practices  as set out in the seven elements of a corporate compliance program under the US Sentencing Guidelines; the 13 Good Practices by the OECD on Internal Controls, Ethics, and Compliance; and the UK Bribery Act’s Six Principles of an Adequate Procedures compliance program. The following chart lists the elements of each.

While the above guidelines and statutes vary in length, tone and detail, depending on the jurisdiction and the enforcement agency, from this comparison Martin and his colleagues distilled five essential elements which they believe make up a best practices compliance program. They are as follows:

  • Leadership – color coded Red.
  • Risk Assessment – color coded Yellow.
  • Standards and Controls – color coded Blue.
  • Training and Communication – color coded Green.
  • Oversight – color coded Grey.

I.                   Leadership

The point means more than simply “Tone-at-the-top”. A successful compliance program must be built on a solid foundation of ethics that are fully and openly endorsed by senior management; otherwise the program may amount to little more than a hollow set of internal rules and regulations. There should be an unambiguous, visible and active commitment to compliance. But even more than support or the right tone, compliance standards require that companies must have high-ranking compliance officers with the authority and resources to manage the program on a day-to-day basis. And compliance officers must have the ear of those ultimately responsible for corporate conduct, including the board of directors.

Some of the questions you might think about in connection with the leadership of your compliance program are the following: How is board oversight implemented? Is there an ethics or audit committee reporting to the full board? What is the role of the Chief Compliance Officer? What is the role of the General Counsel? How do the legal and compliance departments interact? Does the CCO have “real power”? Is she or he treated as a second-class citizen?

Equally the Board of Directors has a key role to fulfill. The Board must ensure compliance policies, systems and procedures are in place and it should monitor implementation and effectiveness of the compliance program:

  • Be actively involved
  • Attend Board meetings
  • Review, consider and evaluate information provided
  • Inquire further when presented with questionable circumstances or potential issues
  • Once Board knows of a potential compliance issue it must act.
  • Regularly receive compliance briefings and training.

I think everyone agrees and understands that the Chief Compliance Officer (CCO) is a key, if not the key, role in a company’s compliance program. Some of the important indicia of a CCO are that they are high ranking within the company and are dedicated to compliance and responsible for day-to-day management and oversight of compliance program. The position should have direct access to the Board or appropriate Board committee and the Compliance Department should be provided sufficient resources to achieve its goals.

In addition to the role of the CCO, there should be compliance officers in high-risk markets who regularly communicate with managers in the field because country and/or regional managers are often the employees in the trenches who are responsible for overseeing sales people and third-party agents who are producing, selling and distributing the company’s products and services. Lastly, local managers are often in the best position to set the tone for compliance and to detect and address illegal or unethical practices before they become issues that put the company at risk.

II.                Risk Assessment

The implementation of an effective compliance program is more than simply following a set of accounting rules or providing effective training. Compliance issues can touch many areas of your business and you need to know not only what your highest risks are but where to marshal your efforts in moving forward. A risk assessment is designed to provide a big picture of your overall compliance obligations and then identify areas of high risk so that you can prioritize your resources to tackle these high risk areas first.

What are some of the areas where you need to assess your risks? As set out in the DPA’s of Tyson Foods, Alcatel-Lucent and Maxwell Technologies the following are suggested:

  1. Country Risk - What is the correlation between growth markets and corruption risk and what is the perceived level of corruption? In other words, the Transparency International Corruption Perceptions Index or similar list.
  2. Sector Risk - Has government publicly stated industry is under scrutiny or already conducted investigations in sector? Are there corruption risks particular to the industry?
  3. Business Opportunity Risk - Is the business opportunity a high value project for your company? Are there multiple contractors or intermediaries involved in the bidding or contract execution phase?
  4. Business Partnership Risk - Does this business opportunity require a foreign government relationship? Does a foreign government require you to rely upon any third parties?
  5. Transaction Risk - Will your company be required to make any “compelled giving” through any requirements for political or charitable contributions? Are you required to use any intermediaries to obtain licenses and permits?

In addition to an initial risk assessment to either (1) inform your compliance program or (2) help you to identify high risks and prioritize their remediation, risk assessments should be a regular, systemic part of compliance efforts rather than an occasional, ad hoc exercise cobbled together when convenient or after a crisis. These should be conducted at the same time every year and deputize a consistent group, such as your internal audit department or enterprise risk management team, to conduct the annual review. Such annual risk assessments act as a strong preventive measure if they are performed before something goes wrong. In addition, enforcement trends and government priorities change rapidly so it is vital to stay up to date and conduct regular assessments. Lastly, it avoids a “wait and see” approach.

Risk assessments should also be used to scrutinize new business partners and third-party agents. The majority of FCPA/anti-corruption investigations and enforcement actions involve some use of third parties, including consultants, distributors, contractors and sales agents. By conducting a formal risk assessment each year it provides an opportunity to take a closer look at recently-established business relationships to make sure partners and third parties do not have improper connections to government officials or some involvement in unethical or illegal conduct. Additionally conducting such a risk assessment allows your company to proactively address and remediate any risks that are uncovered.

Stephen Martin and the Baker & McKenzie team have put together an excellent resource for the compliance practitioner in their five essential elements of a corporate compliance program. I hope that you can attend our FCPA event next week. For those of you who cannot attend in person, you can email me for the slide deck and other materials after the event.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

June 20, 2012

DS&S DPA: Lessons Learned for the Compliance Practitioner

On Monday, June 18, the Department of Justice (DOJ) announced the resolution of a matter involving violations of the Foreign Corrupt Practices Act (FCPA) by Data Systems & Solutions LLC (DS&S), a US entity based in Virginia. The settlement resulted in the company agreeing to a two year and 7 day Deferred Prosecution Agreement (DPA). The case was interesting for a number of reasons and it has some significant lessons which the compliance practitioner can put into place in a corporate compliance program. The charges related to DS&S’s business included the design, installation and maintenance of instrumentation and controls systems at nuclear power plants, fossil fuel power plants and other critical infrastructure facilities. In reading the Criminal Information, I can only say that this was no one-off or rogue employee situation but this was a clear, sustained and well known bribery scheme that went on within the company.

I.                   The Criminal Information

The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.

The Players Box Score

DS&S Officials INPP Officials Subcontractors
Exec A – VP of Marketing and Business Development (BD) Official 1 – Deputy Head of Instrumentation and Controls Department Subcontractor A – Simulation Technology Products and Services
Official 2 – Head of Instrumentation and Controls Department Subcontractor B – Beneficially owned by Official 1 and which employed INPP Officials
Official 3 – Director General at INPP Subcontractor C – Shell company used a funneling entity to pay bribes
Official 4 – Head of International Projects at INPP
Official 5 – Lead SW Engineer at INPP

The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid in the Information reflected the following techniques used by:

  •       Payment of bribes by Subcontractors to Officials on behalf of DS&S;
  •       Direct payment of bribes by DS&S into US bank accounts controlled by INPP Officials;
  •       Creation of fictional invoices from the Subcontractors to fund the bribes;
  •      Payment of above-market rates for services allegedly delivered by the Subcontractors so the excess monies could be used to fund bribes;
  •      Payment of salaries to INPP Officials while they were ‘employed’ by Subcontractor B;
  •       Providing travel and entertainment to Officials to Florida, where DS&S has no facilities and which travel and entertainment had no reasonable business purpose; and last but not least…
  •      Purchase of a Cartier watch as a gift.

II.                The Deferred Prosecution Agreement

I set out these details with some specificity for two reasons. The first is that the Information is a must read for anyone in Internal Audit who reviews books and records. It gives you the precise types of Red Flags to look for. But secondly is the fact that DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines. The calculation as listed in the DPA is as follows:

Calculation of Fine Range:

Base Fine $10,500,000

Multipliers 1.20(min)/2.40(max)

Fine Range $12,600,000/$25,200,000

The ultimate fine paid by DS&S was only $8.82MM, which the DPA states is “an approximately thirty-percent reduction off the bottom of the fine range…” So for the compliance practitioner the question is what did DS&S do to get such a dramatic reduction? We know that one thing they did NOT do was self-report as the DPA notes that this case began as a DOJ investigation and DS&S received Subpoenas “in connection with the government’s investigation.” However, after this initial delivery of Subpoenas DS&S engaged a clear pattern of conduct which led directly to this 30% discount of the low end of the fine range. The DPA reports that DS&S took the following steps:

 

  • Internal Investigation. DS&S initiated an internal investigation and provided real-time reports and updates of its investigation into the conduct described in the Information and Statement of Facts.
  • Extraordinary Cooperation. DS&S’s cooperation has been extraordinary, including conducting an extensive, thorough, and swift internal investigation; providing to the Department searchable databases of documents downloaded from servers, computers, laptops, and other electronic devices; collecting, analyzing, and organizing voluminous evidence and information to provide to the DOJ in a comprehensive report; and responding promptly and fully to the DOJ’s requests.
  • Extensive Remediation. The number of steps DS&S took in regard to remediation included the following:
    • Termination of company officials and employees who were engaged in the bribery scheme;
    • Dissolving the joint venture and then reorganizing and integrating the dissolved entity as a subsidiary of DS&S;
    • Instituting a rigorous compliance program in this newly constituted subsidiary;
    • Enhancing the company’s due diligence protocols for third-party agents and subcontractors;
    • Chief Executive Officer (CEO) review and approval of the selection and retention of any third-party agent or subcontractor;
    • Strengthening of company ethics and compliance policies;
    • Appointment of a company Ethics Representative who reports directly to the CEO;
    • The Ethics Representative provides regular reports to the Members Committee (the equivalent of a Board of Directors in a LLC); and
    • A heightened review of most foreign transactions.
    • Enhanced Compliance Program. More on this in the next section.
    • Continued Cooperation with DOJ. The company agreed to continue to cooperate with the Department in any ongoing investigation of the conduct of DS&S and its officers, directors, employees, agents, and subcontractors relating to violations of the FCPA and to fully cooperate with any other domestic or foreign law enforcement authority and investigations by Multilateral Development Banks.

III.             Enhanced Compliance Obligations

One of the interesting aspects of the DS&S DPA is that there are 15 points listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:

13. DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.

14. DS&S will ensure that DS&S’s policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S’s policies and procedures regarding anticorruption laws.

b. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S’s FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during Mergers and Acquisitions (M&A). The five keys under these new items, 13 & 14 highlighted above, are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities “as quickly as practicable”; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might “present a corruption risk to DS&S” on the company’s policies and procedures and the law.

IV.              Summary

The DS&S DPA provides some key points for the compliance practitioner. First and foremost, I believe that it demonstrates the reasonableness of the DOJ. The bribery scheme here was about as bad as it can get, short of suitcases of money carried by the CEO to pay bribes. The company did not self-report, yet received a significant reduction on the minimum level of fine. The specificity in the DPA allows a compliance practitioner to understand what type of conduct is required to not only avoid a much more significant monetary penalty but also a corporate monitor. Lastly, is the specific guidance on FCPA compliance in relation to M&A activities, to the extent that if anyone in the compliance arena did not understand what was required in the M&A context; this question would seem to be answered in the DS&S DPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

April 12, 2012

How the DOJ Looks at Compliance Programs in an Enforcement Action – Part II

Today’s post is Part II in our two-part series of how the Department of Justice (DOJ) looks at compliance programs during the pendency of an enforcement action. Today we will review how a prosecutor may review the existence and effectiveness of a Foreign Corrupt Practices Act (FCPA) compliance program based upon the Principles of Federal Prosecution of Business Organizations (“the Principles) and an analysis of what is an effective compliance program under the US Sentencing Guidelines (“the Guidelines). Both yesterday and today’s post are based upon the tract “Complying with the Foreign Corrupt Practices Act: A Practical Primer” (herein “the Primer”), published by the ABA Criminal Justice Section, Global Anti-Corruption Task Force.

Independent Evaluation of Compliance Programs

The Primer reports that under this analysis, prosecutors look into three broad categories to make a determination if a compliance program was in existence and effective “at the time of the FCPA violation.” These categories and their specific inquiries are as follows:

  1. The Existence and Design of the Compliance Program

(a)    Whether a compliance program is adequately designed for maximum effectiveness in preventing and detecting wrong doing by employees;

(b)   Whether the compliance program is designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business;

(c)    The comprehensiveness of a compliance program; and

(d)   Whether the compliance program has established corporate governance mechanisms that can effectively detect and prevent misconduct.

2.   The Administration of the Program

(a)    Whether the company’s management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives;

(b)   Whether a compliance program is being applied earnestly and in good faith;

(c)    Whether a compliance program ‘works’;

(d)   Whether a compliance program is merely a ‘paper program’ or whether it was designed, implemented, reviewed and revised, as appropriate, in an effective manner;

(e)    Whether the company has provided for a staff sufficient to audit, document, analyze, and utilize the results of the company’s compliance efforts; and

(f)    Whether the company’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it.

3.   The Misconduct in Question

(a)    The extent and pervasiveness of the misconduct in question;

(b)   The nature and level of the corporate employees involved in the misconduct;

(c)    The seriousness, duration and frequency of the misconduct;

(d)   Whether a corporation has taken remedial actions including discipline against past violators and revisions to the company’s compliance program in light of lessons learned; and

(e)    The promptness of any disclosure of wrongdoing to the government.

As the Primer points out, these factors are “not exhaustive and are often overlapping but they do provide insight into how DOJ prosecutors conduct investigations and determine whether to bring charges under the FCPA.”

I find this final section on how the DOJ analyzes compliance programs the most helpful for the compliance practitioner, particularly when they must explain to management what is required and why the resources need to be expended. Remember, this analysis is performed based upon your company’s compliance program at the time the FCPA violation arose, not after program remediation. So just think about some of the questions posed above:

  • Have we trained the appropriate employees?
  • If so, how do we prove it?
  • Has anyone ever been disciplined for a Code of Conduct violation or more appropriately a compliance program violation?
  • If so, is it documented?
  • Prior to our FCPA violation, had the company ever audited or even reviewed the state of its compliance policy?
  • If so, were any changes made to the compliance program? What changes were made and why?
  • Our Chief Executive Officer (CEO) signed a cover letter, written by the Legal/Compliance Department, which introduced our compliance program when we rolled it out (fill in the blank) years ago. What evidence is there of the CEO’s continued commitment to the company’s compliance program since roll-out that can be documented?
  • Have we opened any new business lines or gone into any new geographic areas since the compliance program roll-out? Did we assess these new business initiatives?
  • When was the last time we did a comprehensive compliance risk assessment?
  • Do we have effective internal controls?
  • If we believe so, how do we know?
  • When was the last time a compliance audit was conducted?
  • What were the results or lessons learned?
  • Did the company incorporate any of these lessons learned into an enhanced or modified compliance program?
  • What criteria is the sales team evaluated upon?
  • Is there a compliance component to their annual review/evaluation?
  • What is the budget for the Compliance Department?
  • Is a senior person assigned to lead the company’s compliance efforts or is it everyone’s responsibility? (i.e.: if everyone is in charge then no one is in charge.)

These are just some of the questions that come to my mind in looking at how a prosecutor might review a compliance program. There are obviously many, many others. I highly recommend that you consider some of these questions plus any that you can develop. I would also urge you to download, read and then keep handy the Primer. It is free and one of the best FCPA compliance resources around.

US Sentencing Guidelines

The Primer notes that the Principles are not the only source of authority which a prosecutor might refer to in evaluating a company’s compliance program during an enforcement action. The US Sentencing Guidelines note that one of the two factors which can mitigate downwards in determing the amount of a fine and penalty is “the existence of an effective compliance and ethics program”. Further under the Amended November 2010 Guidelines, the Primer says that the “government may now significantly reduce fines and other sanctions if an organization takes reasonable steps to achieve compliance with its standards, e.g., by utilizing monitoring and auditing systems reasonably designed to detect criminal conduct by its employees and other agents.”

The Guidelines provide in broad parameters how a prosecutor will evaluate compliance programs during the pendency of a FCPA enforcement action. As such they also provide guidance to the compliance practitioner on DOJ thinking. While there is not a specific program listed, the Guidelines place “an emphasis on the results of a program—that is, whether it is reasonably designed, implemented and enforced so that [it] is generally effective in preventing and deterring criminal conduct.” The Primer goes on to note that an effective compliance program consists of documentation that an organization “exercise[s] due diligence to prevent and detect criminal conduct; and otherwise promote[s] an organizational culture that encourages ethical conduct and a commitment to compliance with the law.”

One of the key factors is that the Guidelines do rely on the existence of a written compliance program. This means that a prosecutor’s primary focus is on the effectiveness of a company’s compliance program. The Primer lists out the following parameters, which the Guidelines suggest that a compliance program should minimally include and I cite from the Primer in its entirety:

  • The organization to “establish standards and procedures to prevent and detect criminal conduct.
  • The “organization’s governing authority . . . be knowledgeable about the content and operation of the compliance and ethics program and . . . exercise reasonable oversight . . .
  • High-level personnel of the organization . . . ensure that the organization has an effective . . . program . . . .
  • Specific individual(s) within the organization . . . be delegated day-to-day operational responsibility for the . . . program . . . [and] shall report periodically . . . on the effectiveness of the . . . program.
  • To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority.
  • The “organization . . . use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known . . . has engaged in illegal activities or other conduct inconsistent with an effective . . . program.
  • The “organization . . . take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the . . .program . . . by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities, to “members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.
  • The organization . . . take reasonable steps . . . to ensure that the organization’s . . . program is followed, including monitoring and auditing to detect criminal conduct.
  • The organization . . . take reasonable steps . . . to evaluate periodically the effectiveness of the organization’s . . . program.
  • The organization shall take reasonable steps . . . to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.
  • The organization’s . . . program . . . be promoted and enforced consistently throughout the organization through appropriate incentives to perform in accordance with the . . . program; and appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct
  • After criminal conduct has been detected, the organization . . . take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s . . . program
  • And in doing all of the above, “the organization . . . periodically assess the risk of criminal conduct and . . . take appropriate steps to design, implement, or modify each [above] requirement . . . to reduce the risk of criminal conduct identified through this process.

I believe that the DOJ has presented significant information to the compliance practitioner about not only it’s most current thinking on what may constitute a minimum best practices compliance program in recent Deferred Prosecution Agreements (DPAs) and Non Prosecution Agreements (NPAs) but with through the Principles and the Guidelines, the DOJ provides guidance of how a prosecutor will look at and analyze a company’s compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

April 11, 2012

How the DOJ Looks at Compliance Programs in an Enforcement Action-Part I

Although often discussed in Deferred Prosecution Agreements (DPAs) or Non-Prosecution Agreements (NPAs), most compliance practitioners are not familiar with one of the most important sources of Department of Justice (DOJ) policy regarding the charging of corporations under the Foreign Corrupt Practices Act (FCPA). This source is found in the United States Attorney’s Manual section, entitled “Principles of Federal Prosecution of Business Organizations” (“the Principles”). However, there is an excellent discussion found on this issue in the January 2012 publication of “Complying with the Foreign Corrupt Practices Act: A Practical Primer” (“the Primer”), published by the ABA Criminal Justice Section, Global Anti-Corruption Task Force. The Primer has several authors including Salen Churi, David Finkelstein, Joe Mueller; persons from the University of Chicago School of Law, Dean David Zarfes, Michael Bloom and Sean Kramer; the Microsoft Corporation, including John Frank and Michel Gahard (collectively “the authors”).

The Principles themselves recognize that while prosecutors are to apply “the same factors in determining whether to charge a corporation as they do with respect to individuals” such as evidence, likelihood of trial success, deterrent to others similarly situated and others factors, the prosecution of corporations is different than prosecuting individuals. The Primer notes that the Principles state “that prosecutors have a duty to protect economic and capital market, to protect those compete in those markets through lawful means and to generally protect the American public from corporate misconduct.”  To assist prosecutors in making these determinations, the Principles provide a list of factors which must be considered in any decision on whether or not to bring charges or enter into DPAs or NPAs with companies. They are:

  • The nature and seriousness of the offense, including the risk of harm to the public and any policies governing the prosecution of corporations for specific types of crimes;
  • The pervasiveness of wrongdoing within the corporation, including managerial complicity;
  • The organization’s history of similar misconduct;
  • The corporation’s disclosure of wrongdoing and willingness to cooperate;
  • The existence and effectiveness of the corporation’s compliance program;
  • The corporation’s remedial actions, including efforts to implement or improve effective compliance programs, to replace management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with government agencies;
  • The harmful collateral consequences of charges or agreements, including those to investors and the public;
  • The adequacy of personal prosecution as opposed to organizational prosecution; and
  • The adequacy of non-criminal remedies.

In addition to these specific guidelines, the Principles “indicate that compliance programs are specifically relevant to the DOJ’s evaluation of four general contexts: (1) the pervasiveness of wrongdoing within the corporate; (2) the history of a corporation’s conduct; (3) whether a corporation should be eligible for a reduced sanction because of voluntary disclosures; and (4) whether a corporation has taken significant remedial actions to deter future violations.” The Principles also require a prosecutor to “independently consider the sufficiency of a company’s compliance program.” The Primer further discussed these four general contexts plus the requirement for an independent consideration of a company’s compliance program.

Pervasiveness of Wrongdoing

The Primer initially notes that a company should not be held liable for isolated or small numbers of FCPA violations by company employees particularly if the company has a “robust compliance program in place.” Pervasiveness will be determined on a case-by-case basis and is a fact intensive analysis. However, one of the clearest pronouncements is that corporate management is responsible for “a corporate culture in which criminal conduct is either discouraged or tacitly encouraged”. In other words, tone at the top does matter. The Primer relates that “in evaluating pervasiveness, compliance programs are relevant in determining when any wrongdoing can be fairly attributed to the actions of a corporate management and the culture it has fostered.”

History of Conduct

The history of a wrongful conduct is relevant in how the DOJ may well resolve a case. This means that your company had better have a written compliance program in place but such written program should not simply be a paper program, present as window dressing in case the DOJ comes knocking. This is the document, document and document part that I continually write and speak about. Not only must you document your actions and decisions but you must be able to call up such documentation in a reasonable time frame. Further, if the company has a history of misconduct it may well be construed by the DOJ as “probative of a corporate culture” which condones, if not actively encourages, violations of the FCPA.

Voluntary Disclosures

Voluntary disclosures and compliance programs converge in the DOJ’s analysis because, as the Primer denotes the DOJ desires that company’s “conduct internal investigations and to disclose …relevant facts to the appropriate authorities.” Recognizing that under Dodd-Frank, or other legislation, a disclosure could come to the DOJ via another mechanism, it is still important to understand that a prosecutor “may consider a corporation’s timely and voluntary disclosure in evaluating the adequacy of the corporation’s compliance program and its management’s commitment to the compliance program.”

Remedial Actions

The Primer reports that the DOJ assesses several factors when looking at a corporation’s response to a FCPA violation. The Primer lists these factors as the following:

  • Has the corporation “appropriately disciplined the wrongdoers, even if they are at the highest level of seniority?;
  • Is the company focused on ‘the integrity and credibility of its remedial and disciplinary measures” rather than the protection of the wrongdoers?;
  • Has the corporation paid restitution in advance of a court order, most particularly under the restitution has the corporation accepted responsibility for its actions?; and
  • Whether the corporation “quickly recognized the flaws in its compliance program and has made efforts to improve the program?”

These four factors seem to boil down into two areas: (1) did the company take “meaningful” steps to ensure the conduct does not occur again; and (2) did the company take responsibility for its own actions?

Tomorrow we will take a look at how a prosecutor might analyze a company’s compliance program and also review the US Sentences Guidelines related to FCPA compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

March 19, 2012

The BizJet DPA: Cooperation is the Key

Last week, the Department of Justice (DOJ) announced the resolution of an enforcement action under the Foreign Corrupt Practices Act (FCPA) involving the Tulsa based company, BizJet. The company is in the business of providing aircraft maintenance, repair and overhaul services (MRO) to customers in the US and internationally. BizJet ran into FCPA trouble regarding its Latin American operations, specifically in the countries of Mexico and Panama. BizJet employees and executives were involved in multi-year running bribery scheme which paid hundreds of thousands of dollars for these MRO contracts. These payments were discussed at the highest levels of the company, including the Board of Directors, and occurred from 2004 until 2010.

BizJet Bribery Box Score

The Deferred Prosecution Agreement (DPA) listed the following instances of recorded bribery, a/k/a the “BizJet Bribery Box Score”.

BizJet Executive or Employee Named Payment Made To Amount of Payment Others Involved
Sales Manager  A Official 6 Cell Phone and $10K Executive B and C
Sales Manager A Official 3 $2K Executive  B
Executive B, C and Sales Manager A Official 2 $20K
Executive C Official 2 $30K Sales Manager A
Executive B Mexican Federal Police Chief $10K Executive C and Sales Manager. A
Executive C Official 5 $18K Sales Manager A
Sales Manager A Official 4 $50K
Sales Manager A Mexican Federal Police $176 Executive C
Sales Manager A Official 4 $40K
Sales Manager A Mexican Federal Police $210K Executive C
Sales Manager A Official 5 $6K Executive C
Executive C Official 5 $22K

The above bribes were characterized as “commission payments” and “referral fees” on the company’s books and records. Payments were made from both international and company bank accounts here in the United States. In other words, this was as clear a case of a pattern and practice of bribery, authorized by the highest levels of the company, paid through US banks and attempts to hide all of the above by mis-characterizing them in the company’s books and records.

Reduction in Monetary Fine

I set out these facts as listed in the DPA in some detail to show the serious nature of enforcement action. However, the clear import that I found in this is that a company can make a comeback in the face of very bad facts. The calculation of the fine, based upon the factors set out in the US Sentencing Guidelines, ranged between a low of $17.1MM to a high of $34.2MM. The final agreed upon monetary penalty was $11.8MM. This is obviously a significant reduction from the suggested low or high end, or as was noted by the FCPA Blog “BizJet’s reduction was 30% off the bottom of the fine range, and a whopping 65% off the top of the fine range.”

How did BizJet achieve this reduction and avoid an external monitor? As reported by the FCPA Professor, the following were factors:

(a) following discovery of the FCPA violations during the course of an internal audit of the implementation of enhanced compliance related to third-party consultants, BizJet initiated an internal investigation and voluntarily disclosed to the DOJ the misconduct …;

(b) BizJet’s cooperation has been extraordinary, including conducting an extensive internal investigation, voluntarily making U.S. and foreign employees available for interviews, and collecting, analyzing, and organizing voluminous evidence and information for the DOJ;

(c) BizJet has engaged in extensive remediation, including terminating the officers and employees responsible for the corrupt payments, enhancing its due diligence protocol for third-party agents and consultants, and instituting heightened review of proposals and other transactional documents for all BizJet contracts;

(d) BizJet has committed to continue to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in the” corporate compliance program set forth in an attachment to the DPA; and

(e) “BizJet has agreed to continue to cooperate with the DOJ in any ongoing investigation of the conduct of BizJet and its officers, directors, employees, agents, and consultants relating to violations of the FCPA.

Reports to the DOJ

As mentioned, the company avoided an external monitor. However, it agreed that it would report “at no less that twelve-month intervals during the three year term” [of the DPA] to the DOJ on “remediation and implementation of the compliance program and internal controls, policies and procedures” which were listed in Attachment C to the DPA (the DOJ guidelines for a minimum best practices compliance program). The initial report was required to be delivered one year from the date of the DPA and would also include BizJet’s proposals “reasonably designed to improve BizJet’s internal controls, policies and procedures for ensuring compliance with the FCPA and other applicable anti-corruption laws.”

Cooperation is the Key

Last week I attended the Ethisphere 2012 Global Ethics Summit where Lanny Breuer closed the conference. He did not present a speech but engaged in dialogue with Alex Brigham and took questions from the audience. One of the clear points Breuer emphasized was that if companies will come to the DOJ, make a voluntary disclosure and fully cooperate, it will pay dividends. I believe that this is clearly the case in the BizJet matter. Here you had a multi-year bribery scheme in place, not only approved at the highest levels of the company but with active involvement from senior managers, yet the final monetary penalty was almost 30% below even the lowest in the Sentencing Guideline range. Clearly BizJet benefited through its cooperation with the DOJ and that message should be made clear to any other company which might find itself in such a “fine mess.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Next Page »

Customized Rubric Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,201 other followers