Top Ten Enforcement Actions for 2012

As we welcome in 2013, it is appropriate to reflect back on some of the things which have occurred over 2012 and in the Foreign Corrupt Practices Act (FCPA) enforcement world, it was quite a significant year. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) both have used enforcement actions to educate compliance professionals on several different aspects of the FCPA and FCPA compliance. This is my list of what I believe to be the most significant enforcement actions over the past year and the lessons which can be drawn from them.

1. Morgan Stanley – without a doubt the most significant enforcement action of 2012 was the Declination given to Morgan Stanley, when one of its Managing Directors, Garth Peterson, pled guilty to a FCPA violation. The DOJ Press release set out the detailed compliance program which Morgan Stanley had and the specific trainings, certifications and acknowledgements from Peterson all avowing he was in compliance with the FCPA.

Key Takeaway – if anyone ever doubted that the DOJ provides credit for a robust compliance program, this Declination made clear that the DOJ does so. The Press Release gives information on what steps you can take immediately to improve the quality of your FCPA compliance program.

2. Smith and Nephew – the first in several enforcement actions from 2012 that answered once and for all the issue of whether distributors in the sales chain are covered by the FCPA. Smith and Nephew used Isle of Mann domiciled distributors, receiving up to 40% discounts on the list price of the products, to sell medical devices into Greece.

Key Takeaway – once and for all time distributors are treated the same as agents, resellers, sales representatives and any other third parties in the sales chain.

Double Key Takeaway – do not use any foreign sales representatives, who are domiciled in the Isle of Mann, for work outside that country.

3. BizJet – a company which literally sent ‘bags of money’ across the border to pay bribes received a penalty ⅓ below the Sentencing Guidelines suggested minimum fine. The potential fine ranged between a low of $17.1MM to a high of $34.2MM. The final agreed upon monetary penalty was $11.8MM. BizJet’s reduction was 30% off the bottom of the fine range and a whopping 65% off the top of the fine range.

Key Takeaway – no matter how bad the facts appear to be if a company engages in ‘extraordinary cooperation’, after self-disclosure to the DOJ, it will obtain much credibility in the settlement negotiations and can potentially lead to a significant fine reduction.

4. Biomet – for reported bribes paid somewhere over $1.5MM, the company had documented fines, penalties and losses of over $29MM, which did not include any of the investigative costs. The company’s internal auditors had completely failed to follow up on obvious red flags. These included the fact that Internal Audit was aware of the bribery and even discussed the payments in a memorandum to Biomet’s home office. Biomet’s Internal Audit took no steps to determine the reason for royalty payments to doctors or why they were 15-20% of sales. Internal Audit did not obtain any evidence of services which the doctors might have performed entitling them to the payments.

Key Takeaway – the Deferred Prosecution Agreement (DPA) outlined some of the DOJ’s most current thinking of the role of Internal Audit in a FCPA compliance program.

5.      Eli Lilly – the company engaged in multi-year, multi-country FCPA violations, those countries being Russia, Poland, Brazil and China. There were multi-bribery schemes used with all forms of the sale chain model; employees as sales representatives, distributors and commissioned agents. However the company only paid fines and penalties of $29MM to the SEC based upon a civil Complaint. There was no DPA nor any criminal allegations of FCPA violations made by the DOJ.

Key Takeaway – this enforcement action has one of the best discussions of the different types of bribery schemes and the compliance tools available to prevent, detect and ultimately remedy such systematic failure.

6. Orthofix – when Mexico passed a law that hospital administrators could no longer approve contracts, in a bid to end corruption in the health care system, Orthofix simply began to bribe the regional government official charged with taking over the contract letting process.

Key Takeaway – if your foreign employees to do not speak English, you really need to translate your Code of Conduct and FCPA compliance policy into their native tongue. For extra credit – do not call your bribe payments ‘giving chocolates’. It insults Forest Gump and gives chocolates a bad name.

7. Pfizer – a massive and multi-year internal investigation turned up a plethora of FCPA violations, yet the company received only a $15MM fine. But it did join the Top Ten list of profit disgorgements for its $45.2MM in disgorgement and pre-judgment interest to the SEC. The Company’s “Enhanced Compliance Obligations” provided an excellent discussion of how to structure a compliance group within a company, the role of a Chief Compliance Officer (CCO), what disciplines should be a part of a FCPA audit team and what their roles should be, how to perform risk assessments and proactive reviews and post-acquisition FCPA obligations.

Key Takeaway – today’s ‘Enhanced Compliance Obligation’ will become tomorrow’s best practices.

8. Tyco – a company which was under a prior DPA for past FCPA violations discovered a wide-ranging and systemic bribery program in at least twelve different post-injunction illicit payment schemes occurring at Tyco subsidiaries across the globe. However, due to extraordinary cooperation of Tyco, it only received a Non-Prosecution Agreement (NPA) from the DOJ and a fine of $26MM.

Key Takeaway – the Tyco SEC Compliant is chocked full of information regarding what an internal auditor needs to look for in reviewing expenses charged by employees; commissions paid to employees; invoices by agents and other third party representatives and over-inflated sales contracts; all used to disguise corrupt payments..

9. Oracle – the company got into hot FCPA water because its Indian subsidiary directed its distributor to set up a separate slush fund of monies which could be, and were used, to pay monies to persons unknown.

Key Takeaway – if your company uses distributors to handle or supplement its sales channels, you should immediately review the entire process, from business purpose, to due diligence, to contract terms and post-contract management, to make sure that your company is following minimum best practices with regards to this sales mechanism.

10. Allianz – the German company had shares and bonds registered with the SEC. It invested in an Indonesian joint venture, which made, without the company’s apparent knowledge or approval, improper payments to employees of state-owned entities in Indonesia between seven to eleven years ago.

Key Takeaway – a company does not have to be listed on a US stock exchange to be an ‘issuer’ for FCPA purposes. Jurisdiction can also lie if shares and/or bonds are registered with the SEC.

 Every year has its share of interesting, topical and important FCPA enforcement actions. I think that 2012 will be remembered as a year where both the DOJ and SEC provided solid information about their views on a minimum best practices compliance program. The 2012 enforcement actions, coupled with Opinion Releases and the FCPA Guidance, give direct, informative and practical advice to allow a compliance practitioner to create, enhance and implement a best practices compliance program.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Morgan Stanley: “With Thanksgiving”

Ed. Note-we conclude our two week guest series of posts from our colleague Mary Jones with today’s look at the Morgan Stanley declination to prosecute. I want to take this opportunity to thank Mary for her hard and great work and hope that you have found her posting useful for your compliance practice. I know I have found them useful for mine. 

It seems fitting that we end this series the week before Thanksgiving Day on a positive note.  (Well, perhaps not so positive for Garth Peterson, but certainly one for Morgan Stanley)  In an unusual move, the DOJ and SEC charged Garth Peterson with violations of the FCPA, but declined to bring any actions against Morgan Stanley. Both agencies specifically cited the following compliance practices as reasons not to bring an enforcement action against the company itself:

• Maintaining strong internal controls: The Justice Department credited Morgan Stanley with maintaining a system of internal controls designed “to ensure accountability for its assets and to prevent employees from offering, promising, or paying anything of value to foreign government officials.” The company additionally took care to update such controls on a regular basis “to reflect regulatory developments and specific risks, prohibit bribery, and address corruption risks.”

• Frequent training on internal policies: Morgan Stanley frequently trained its employees on its internal policies, the FCPA, and other anti-corruption laws.  Between 2002 and 2008, Morgan Stanley trained various groups of Asia-based personnel on anti-corruption policies on at least 54 occasions.  During the same period, Morgan Stanley trained Peterson on the FCPA at least seven times. In addition to live and Web-based training, Peterson participated in a teleconference training seminar in June 2006 conducted by Morgan Stanley’s global head of litigation and the global head of its anti-corruption group, according to the SEC.

• Written compliance certifications: Morgan Stanley additionally required that each of its employees, including Peterson, provide annual written certifications that employees are adhering to Morgan Stanley’s code of conduct, which includes a portion that directly addresses corruption risks and activities in violation of the FCPA.

• Frequent FCPA-related compliance reminders:  A Morgan Stanley compliance officer specifically informed Peterson in 2004 that employees of Yongye were government officials for purposes of the FCPA. Peterson also received at least 35 FCPA-related compliance reminders. These reminders included circulations of Morgan Stanley’s anti-corruption code of conduct; policies on gift-giving and entertainment; guidance on engagement with consultants; and policies addressing specific high-risk events, including the Beijing Olympics.

• Continuous monitoring: The Justice Department further credited Morgan Stanley for its continuous monitoring practices: “Morgan Stanley’s compliance personnel regularly monitored transactions, randomly audited particular employees, transactions, and business units, and tested to identify illicit payments.”

• Conducting extensive due diligence on all new foreign business partners and for imposing stringent controls on payments made to business partners. “Both were meant to ensure, among other things, that transactions were conducted in accordance with management’s authorization and to prevent improper payments, including the transfer of things of value to officials of foreign governments,” according to the SEC. Morgan Stanley additionally required its employees, including Peterson, annually to disclose their outside business interests.

There are other instances which we can cite to in which the DOJ and SEC declined to take any enforcement actions against companies which exhibited solid compliance programs. I happen to be personally familiar with one case in particular!  In March of 2010, Global Industries, Ltd.  (one of the companies involved in the industry wide investigation of Panalpina) announced that “representatives of the Securities and Exchange Commission and the Department of Justice informed the Company that each agency had concluded its FCPA investigation. Neither agency recommended any enforcement action or the imposition of any fines or penalties against the Company.” Both the General Counsel and I believed that the reason we received this result was due to the following reasons:

• Historical evidence of a strong FCPA compliance program

–      FCPA policies since 2000

–      FCPA (in person) training since 2000

–      FCPA clauses in contracts with sales agents since 1995

–      FCPA due diligence on sales agents since 2001

–      Consistent “Tone at the Top” emphasizing FCPA compliance

• Global’s internal controls identified the FCPA issues

–      Internal controls identified issues with a freight forwarder in 2006

–      For one issue identified through the Company’s internal controls, the Company stopped a payment before it was made; thereby preventing a potential FCPA violation

–      Prior to Vetco Gray, in 2006 Global identified issues and held up payment on certain of the freight forwarder’s invoices

–      Audits of other freight forwarding agents identified no similar issues in other geographic areas

• Management took prompt and effective action

–      Immediate steps taken to preserve relevant documents

–      Immediately implemented temporary enhanced controls, which included Legal Department review of invoices from freight forwarding/customs clearance agents

–      Prompt internal investigation

–      Immediate additional FCPA training of employees

–      Sought advice from FCPA counsel

–      Disciplined several of the employees involved

–      Global senior management issued prompt reminders of FCPA policies and procedures

• Implementation of an enhanced compliance program

–      Yearly in-person training in dual languages: English/native language

–      Web-based training

–      Training of sales agents and logistic service providers

–      Annual certification of employees, sales agents, and logistic service providers

–      Compliance audits of invoices and supporting documentation

–      Monthly compliance newsletter

• Thorough investigation and cooperation with the enforcement authorities

–      Global’s audit committee decided to conduct a comprehensive investigation using independent outside counsel

–      Global management and employees cooperated fully with outside counsel conducting the investigation

–      Global cooperated fully with the SEC and DOJ in all respects

–      Global was one of four companies to self-report in the customs/freight forwarder investigation before the DOJ launched an industry-wide investigation

–      Global shared its findings from the comprehensive independent investigation with the SEC and DOJ.

Implementing a solid compliance program, and instilling a culture of compliance, can be done- at a cost which is proportionate to the size of your company.  While there is no “one size fits all” program, there are certain essential elements that should be included in any compliance program to demonstrate a company’s commitment to abide by FCPA mandates:

Board and Senior Management Oversight

Company Compliance Officer –direct reporting to the Board

Standards and Procedures

Code of Conduct

Detailed Policies and Procedures

Contractual Compliance (in terms and conditions of contracts)

Screening

Due Diligence of certain employees, agents, and third parties

Monitoring and Auditing

Anonymous Reporting System

Periodic Evaluation of Program

Promotion and Enforcement

Training

Enforcing through Disciplinary Action

Responding to Violations 

Thank you for listening the last two weeks.  I hope that you found this series beneficial in evaluating and/or improving your own Companies compliance program.

—————————————————————————————————————————-

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries.  She was of the first individuals in the United States to earn TRACE Anti-bribery Specialist Accreditation (TASA).  She can be reached at msjones@msjllc.com or 337-513-0335. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

—————————————————————————————————————————–

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.

Did I Drink the Kool-Aid, Read the Pleadings or Hear it at a Conference?

Last week the FCPA Professor wrote, in a post entitled “Stop Drinking The Kool-Aid”, about the Declination to Prosecute that Morgan Stanley received from the Department of Justice (DOJ) in the affair involving the Morgan Stanley Managing Director Garth Peterson and his self-admitted Foreign Corrupt Practices Act (FCPA) violation. Once again showing that sometimes the Professor and I look at (or read or hear) the same thing and come to different conclusions, as I would posit that the Morgan Stanley Declination was the most significant FCPA enforcement (or perhaps non-enforcement) matter of 2012 to date.

One of the things that I learned in my years as a trial lawyer was that in the litigation realm, every time you open your mouth to the other side, file a pleading, say something in court or in any other way communicate you are providing information to the other side. Sometimes you do so by design and sometimes not. I was taught the art of advocacy for trial lawyers but I was also taught that the art is listening is equally important. This long ago training still forms the prism of how I view things up to this day, practicing law and compliance.

One of the frustrations for any compliance practitioner or indeed business executive trying to comply fully with the FCPA is the dearth of case law precedent to draw from in guiding a best practices compliance program going forward. There are, however, other types of information which compliance practitioners can draw upon such as Opinion Releases, enforcement actions involving Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) and talks by DOJ and Securities and Exchange Commission (SEC) [more about the speeches later] and now we have a new source of information – Declinations to Prosecute.

In his post the Professor notes that Peterson engaged in the following conduct:

• “Peterson and Chinese Official 1 had a close personal relationship before Peterson joined Morgan Stanley.”
• A shell company used to facilitate the scheme was owned 47% by Chinese Official 1 and 53% by Peterson and a Canadian Attorney.
• “Without the knowledge or consent of his superiors at Morgan Stanley, Peterson sought to compensate Chinese Official 1”
• “Peterson concealed Chinese Official 1’s personal investment [in certain properties] from Morgan Stanley”
• “Peterson used Morgan Stanley’s past, extensive due diligence [as to certain of the investment properties] to benefit his own interests and to act contrary to Morgan Stanley’s interests.”

Penultimately, the Professor adds that in the DOJ Press Release regarding this prosecution, Assistant Attorney General Lanny Breuer said “Mr. Peterson admitted … that he actively sought to evade Morgan Stanley’s internal controls in an effort to enrich himself and a Chinese government official.” Finally, the Professor wrote “An experienced FCPA practitioner, who otherwise holds Breuer in high regard, recently told me that Breuer’s recent speeches on Morgan Stanley’s so-called declination are a “joke.” [Italics mine] I cannot opine on whether there were sufficient facts to support any enforcement action against Morgan Stanley. However, I can state what happened at the end of the day and that was that Morgan Stanley was not prosecuted.

Moreover after reading the Peterson Information (the Professor always embeds links to all relevant documents) it demonstrated the robust nature of Morgan Stanley’s compliance program. Most compliance practitioners are well aware of the factors set out in the DOJ/SEC Press Releases on the Declination to Prosecute, which are:

(1)    Morgan Stanley trained Peterson on anti-corruption policies and the FCPA at least seven times between 2002 and 2008.

(2)    Morgan Stanley distributed to Peterson written training materials specifically addressing the FCPA, which Peterson maintained in his office.

(3)    A Morgan Stanley compliance officer specifically informed Peterson in 2004 that employees of Yongye, a Chinese state-owned entity, were government officials for purposes of the FCPA.

(4)    Peterson received from Morgan Stanley at least thirty five FCPA-compliance reminders.

(5)    Morgan Stanley required Peterson on multiple occasions to certify his compliance with the FCPA. These written certifications were maintained in Peterson’s permanent employment record.

(6)    Morgan Stanley required each of its employees, including Peterson, annually to certify adherence to Morgan Stanley’s Code of Conduct.

(7)    Morgan Stanley required its employees, including Peterson, annually to disclose their outside business interests.

(8)    Morgan Stanley had policies to conduct due diligence on its foreign business partners, conducted due diligence on the Chinese Official and Yongye before initially conducting business with them, and generally imposed an approval process for payments made in the course of its real estate investments.

However, found in the Peterson Information is an entire treasure trove of detail. So from that Information we learn the following:

• Morgan Stanley’s Compliance Department had direct reporting lines up to its Board of Directors.
• Morgan Stanley worked with outside counsel to conduct due diligence into potential business partners.
• Morgan Stanley compliance personnel regularly surveilled and monitored client and employee transactions.
•  Morgan Stanley randomly audited selected personnel in high-risk areas; Morgan Stanley regularly audited and tested Morgan Stanley’s business units.
• Morgan Stanley completed additional anti-corruption initiatives by, for instance, aggregating and evaluating expense reports to attempt to detect potential illicit payments.
• The Morgan Stanley compliance team specialized in particular regions, including China, in order to evaluate region-specific risks.
• Morgan Stanley had a hotline, monitored 24 hours, 7 days per week and such hotline could field calls in every major language including Chinese.

Regarding transaction monitoring, Morgan Stanley engaged in controls to detect and prevent improper payments. These controls required multiple employees to be involved in the approval of any payments above the specific amounts that were mandated in various contracts between Morgan Stanley and outside companies or individuals. Payments above these amounts could not be made until the following procedures, among others, were completed: an asset manager or acquisition-team member familiar with the project activities drafted a contract for the payment; a junior asset manager or junior acquisition-team manager initiated the payment process and sought approval; and an officer-level asset manager or acquisition-team manager with the title of vice-president or above had approved the payment.

How about some words on risk assessments and updating the Morgan Stanley compliance program? Consider the following from the Peterson Information. Morgan Stanley continually evaluated and improved its compliance program and internal controls. For instance beginning in 2007, Morgan Stanley engaged in risk based FCPA auditing intended to detect transactions, payments, and partnerships that suggested increased risks for Morgan Stanley to violate the FCPA. Morgan Stanley checked the efficacy of its controls through various systems including internal audits and desk reviews that included meetings between employees and compliance personnel to discuss anti-corruption risks. Morgan Stanley compliance personnel regularly reviewed and updated the company’s compliance program and policies to reflect regulatory developments and changing risk. Morgan Stanley, in conjunction with outside legal counsel, also annually conducted a formal review of each of its anti-corruption policies.

Consider the specific due diligence performed on the transaction and Chinese government officials at issue in the Peterson FCPA violation by Morgan Stanley. Consistent with Morgan Stanley’s established diligence practices, this due diligence included reviewing Chinese government records concerning Yongye; speaking with sources familiar with the Shanghai real-estate market; checking Yongye’s payment records and credit references; reviewing litigation records concerning Yongye; conducting a site visit to Yongye’s offices; searching media sources concerning Yongye; making a pre textual phone call to Yongye’s  offices; and running a criminal background check on Yongye’s principals.

So when I look at Morgan Stanley’s Declination I see information. It is information that the compliance practitioner can use in his or her company’s compliance program. As for Lanny Breuer saying “”Because Morgan Stanley voluntarily disclosed Peterson’s misconduct, fully cooperated with our investigation, and showed us that it maintained a rigorous compliance program, including extensive training of bank employees on the FCPA and other anti-corruption measures, we declined to bring any enforcement action against the institution in connection with Peterson’s conduct.  That is smart, and responsible, enforcement.”; I say that he needs to keep providing this information because these are the facts on the ground.

FCPA Conference Circuit

Which brings me to my next topic, also recently considered by the FCPA Professor in a post entitled “It Ought To Stop”, of the FCPA conference circuit. For the record let me say that I detest paying $2000 to $4000 to attend anything other than a vacation with my wife. In his post the Professor posed four questions, which I will try and answer in turn.

1. Should public servants be allowed to speak at private conferences and events that charge thousands of dollars to attend? Of course the answer is yes. The conferences are the crème-de la crème of the FCPA knowledge across the country. It is of great value to hear what Lanny Breuer or any other DOJ/SEC official has to say. Do they have prepared remarks – you bet they do, but they always, and I mean always, will give you some additional information in a Q&A or other informal session. But the key is that you have to listen.
2. Should public servants be used as pawns by corporate conference organizers to boost attendance and thus revenue? Am I am pawn if I speak at such a conference, hmmm, or am I articulating a position or am I sharing information (or am I marketing)? Perhaps all four. Should conference organizers invite public officials to conferences to articulate DOJ/SEC positions and afford the attendees the opportunity to hear such remarks. I think that is smart marketing.
3. Should the enforcement agencies release all speeches, comments and remarks, including answers to questions posed by the audience? Yes
4. Do small to medium size enterprises have the resources to attend such events? Last June, during Compliance Week 2012, the local DC Bar held a lunch event on the Gun Sting case which had on the panel the FCPA Professor, Stanley Sporkin, DOJ and SEC representatives and defense lawyers from the case. Cost – $125. Even our local, provincial Houston Bar Association has had DOJ/SEC representatives speak at our events. But would Lanny Breuer come to Houston to speak at the Houston Bar Association Corporate Counsel monthly luncheon and talk to 35 lawyers or speak to 500 plus folks at ACI or Compliance Week or Dow Jones or Ethisphere? (Or go all out and speak to the 1000+ at the annual SCCE conference?) (I will leave that answer to you—which size audience do you think the Number 2 lawyer in the DOJ would speak in front of?)

The Professor raises another point that bears comment. That is sponsorship of events. These events are all pay-to-play and they are big bucks for everyone. Are they marketing? Absolutely. Do I hate it that sponsors can knock me off any chance of speaking because they perceive me as competition? You bet I do. For instance ACI has never even contacted me to speak at the ACI Boot Camp in Houston. You might think that for one of the top events on Houston they might at least even approach me to speak. But obviously some sponsor doesn’t want me anywhere near that podium. But here is the rub; it is one of the best FCPA events held in Houston. Is it in my personal self-interest to pay and attend, absolutely and I will do so again in 2013. After all ACI is in this field to make money.

So did I drink the Kool-Aid? That is up for you to decide. But I think that the DOJ provided solid information to the compliance practitioner in the Morgan Stanley Declination and the Peterson Information. As to whether any of the DOJ/SEC folks should attend ‘for pay’ conferences and provide additional information to the rest of us I can only quote Captain Jean-Luc Picard- ENGAGE.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

The Battle of Hastings and Diversity – How to Integrate It Into Your Compliance Culture

Sunday, October 14^th was the anniversary of the Battle of Hastings, in 1066. In addition to being the last time there was a successful invasion of Britain, several other positive things came from this most historic event for English-speaking people. An article in the Telegraph, entitled “In everything we say, there is an echo of 1066”, writer Alan Massie said that “the most enduring legacy is also the richest: our wonderful hybrid language and the golden treasury that is English literature.” He went on to state that “Without the Norman Conquest, Shakespeare would not have been Shakespeare, because his language would have resembled 16th-century German or Dutch. He would never have written a phrase like “the multitudinous seas incarnadine”. Our language often loses vitality if it moves too far from the Anglo-Saxon and is overweighed by Latinate words, but much of its richness and scope derives from its dual inheritance. “Shall I compare thee to a summer’s day?  / Thou art more lovely and more temperate.”

I thought about Massie’s article when reading this past Sunday’s New York Times (NYT) Corner Office section in which reporter Adam Bryant interviewed Hilton Worldwide President and Chief Executive Officer (CEO) Christopher Nassetta, in an article entitled “On a Busy Road, a Company Needs Guardrails”. For all you compliance practitioners who work at large multi-national companies with employee numbers between 50,000 to 100,000; you should think about the compliance challenge at Hilton, which has over 300,000 employees worldwide. Nassetta said that one of the things he found when he initially took the position was that “I discovered when I joined the company five years ago is that we had a lot of segments of the company that operated very independently, and we had massive amounts of duplication and fragmentation. We needed alignment. We needed people to understand who we were, what we stood for and the key priorities of the company. And we needed them, once they understood that, to get their oars in the water and head in a common direction.” Nassetta traveled all over the world and met with employees. He believed that Hilton employees had good values but that as many times as he asked what the company values were, he got as many different answers. There were so many different value formulations that he “stopped counting when I got to 30 different value statements at our offices.” Nassetta viewed his job, as the CEO, was “to create the right culture, set the tone, the high-level strategy.” To accomplish this in the company Nassetta set up teams around the world to look at their value statements and “boil them down.” They then took all of the formulations and derived 6, which they stated as follows:

• H for hospitality
• I for integrity
• L for leadership
• T for teamwork
• O for ownership
• N for now.

He felt by using the Hilton name as the acronym for the company’s values, it could be reinforced every time the name was used. In other words, it drove these values down into the company’s DNA by continual reinforcement. While acknowledging that repeating can lead to value fatigue, Nassetta felt like he and the company could not say it enough. He stated, “in my case, there are 300,000 people who need to hear it, and I can’t say it enough. So what might sound mundane and like old news to me isn’t for a lot of other people. That is an important lesson I learned as I worked in bigger organizations.”

Nassetta’s message drove home to me that a company cannot only integrate a wide variety of compliance values into its culture but more so, that the message needs to be repeated. I thought about the Morgan Stanley declination which was released in May. As a part of the Department of Justice (DOJ) release they noted that Morgan Stanley had done the following for the employee Garth Peterson, who pled guilty to violations of the Foreign Corrupt Practices Act (FCPA): The Securities and Exchange Commission (SEC) Complaint detailed the compliance program Morgan Stanley had in place and how it directly related to Peterson. The Compliant specified:

(1) Morgan Stanley trained Peterson on anti-corruption policies and the FCPA at least seven times between 2002 and 2008. In addition to other live and web based training, Peterson participated in a teleconference training conducted by Morgan Stanley’s Global Head of Litigation and Global Head of Morgan Stanley’s Anti-Corruption Group in June 2006.

(2) Morgan Stanley distributed to Peterson written training materials specifically addressing the FCPA, which Peterson maintained in his office.

(3) A Morgan Stanley compliance officer specifically informed Peterson in 2004 that employees of Yongye, a Chinese state-owned entity, were government officials for purposes of the FCPA.

(4) Peterson received from Morgan Stanley at least thirty five FCPA-compliance reminders. These reminders included FCPA-specific distributions; circulations and reminders of Morgan Stanley’s Code of Conduct, which included policies that directly addressed the FCPA; various reminders concerning Morgan Stanley’s policies on gift-giving and entertainment; the circulation of Morgan Stanley’s Global Anti-Bribery Policy; guidance on the engagement of consultants; and policies addressing specific high-risk events, including the Beijing Olympics.

(5) Morgan Stanley required Peterson on multiple occasions to certify his compliance with the FCPA. These written certifications were maintained in Peterson’s permanent employment record.

(6) Morgan Stanley required each of its employees, including Peterson, annually to certify adherence to Morgan Stanley’s Code of Conduct, which included a portion specifically addressing corruption risks and activities that would violate the FCPA.

(7) Morgan Stanley required its employees, including Peterson, annually to disclose their outside business interests. In other words, Morgan Stanley continued to drive home the message of compliance during the tenure of Peterson’s employment with the company.

Further, when the DOJ came calling, Morgan Stanley was able to prove to the DOJ’s satisfaction that the company had indeed done what it had claimed because the documentation was available to present to the DOJ. So just as Nassetta continues to preach the HILTON values of the company, Morgan Stanley was providing direct information to Peterson on his responsibilities under the FCPA. Nassetta said one other thing that struck me as important in his interview. He said, “One simple philosophy I have as a leader of a big organization is to have really steady hands on the wheel. In a tumultuous world, with so many things going on around you, you have to know who you are, what you stand for and where you are going, and keep everyone pointed in the same direction and have the discipline to stick with it.”

From this I understand that if you know your values and have the discipline to stick with them during turbulent times, these values will protect you. I think that Morgan Stanley shows that training on the FCPA, certification by its employees to abide by it, training on their Code of Conduct or Business Ethics, including conflicts of interest and annual certifications; can go a long way towards protecting a company in the event of a FCPA investigation. And please do not forget those email compliance reminders, the DOJ specifically pointed out that Morgan Stanley sent Peterson 35 email reminders about the FCPA over 7 years. Even with my trial lawyer math, that is only 5 per year.

Massie in his article about what the Battle of Hasting meant for Britain wrote, “So, if you were to begin by asking, in Monty Python style, “what have the Normans ever done for us?” you might first reply that the most enduring consequence of the Conquest is the richness of the English language, with its Anglo-Saxon base and Franco-Latin superstructure. This mixture gives us a huge vocabulary, and many words with essentially the same meaning, yet a different shade of emphasis: fatherly and paternal, for example.” This richness came from diversity. The values of the Hilton Corporation came from the values of its 300,000 employees. The richness is out there and one of your jobs as a compliance practitioner is to use that diversity to create a compliance program that works for your entire company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

2012 First Half FCPA Enforcement Round-Up: Part II

In yesterday’s post we reviewed three of the most significant enforcement actions so far for 2012. In today’s post we conclude with the final three enforcement actions that I believe provide the best or most recent insights for the compliance practitioner.

IV.       Biomet

On March 26, 2012, both the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) announced the resolution of enforcement actions against Biomet Inc. a US entity which manufactures and sells global medical devices around the world. It is headquartered in Fort Wayne, Indiana. The Company admitted to a lengthy run of bribery and corruption of doctors to purchase its products and paid a criminal fine of $17.3MM to resolve charges brought by the DOJ. It also agreed with the SEC to settle civil charges by paying $5.5MM in disgorgement of profits and pre-judgment interest.

A.     Bribery and Corruption Facts

The Company engaged in an eight (8) year scheme to bribe and corrupt doctors in the countries of Argentina, Brazil and China to induce the physicians to purchase Biomet products. The SEC Complaint reported that “2000 to August 2008, Biomet Argentina employees paid bribes to doctors employed by publicly owned and operated hospitals in Argentina in exchange for sales of  Biomet’s medical device products. The doctors were paid approximately 15-20 percent of each sale.” In Brazil, the SEC Compliant reported that from 2001 until 2008, Biomet’s “Brazilian Distributor, paid bribes to doctors employed by publicly owned and operated hospitals to purchase Biomet’s implants. Brazilian Distributor paid the doctors bribes in the form of “commissions” of 10-20 percent of the value of the medical devices purchased.” In China, Biomet subsidiaries and its Chinese distributor paid from 5% up to 25% commissions to doctors for the sale of its products which were used during surgeries and also paid for Chinese surgeons to travel for training “including a substantial portion of the trip being devoted to sightseeing and other entertainment at Biomet’s expense.”

B.     Internal Audit Failures

The SEC Compliant reported that the Company’s Internal Audit was not only aware of the bribery program but discussed it in Memorandum to the Company’s home office, including the head of the Company’s Internal Audit Department. For instance in Argentina, the Company’s head of Internal Audit noted, as early as 2003, they “circulated an internal audit report on Argentina to Senior Vice President and others in Biomet in Indiana in which he stated, “[R]oyalties are paid to surgeons if requested. These are disclosed in the accounting records as commissions.” The Internal Audit report described the payments to surgeons, but only in the context of confirming that the amount paid to the surgeon was the amount recorded on the books.” However, the Company’s Internal Audit Department, took no steps to determine why royalties were paid to doctors or why the payments to the doctors were 15-20% of sales. Internal Audit did not obtain any evidence of services which the doctors might have performed entitling them to the payments. The SEC Complaint noted that Internal Audit “concluded that there were adequate controls in place to properly account for royalties paid to surgeons without any supporting documentation” and Internal Audit’s only recommendation was to change the journal entry from “commission expenses” to “royalties.”

The SEC Complaint also noted that “Biomet’s books and records did not reflect the true nature of those payments. The Company’s payments were improperly recorded as “commissions,” “royalties”, “consulting fees”, “other sales and marketing”, “scientific incentives”, “travel” and “entertainment.” The SEC Compliant concluded with the following “False documents were routinely created or accepted that concealed the improper payments.”

C.     Lessons Learned for Internal Audit

The SEC Complaint had some very clear guidance for the role of Internal Audit in detecting bribery and corruption in a best practices Foreign Corrupt Practices Act (FCPA) compliance program. First, if there are any types of commission payments being made, Internal Audit needs to review the documentation supporting why such payments are being made. A review of contracts or other legal requirements which may obligate a company to make such payments should be a basic undertaking in any internal audit. After an internal auditor has determined if commission payments are legally authorized, the internal auditor should review the evidence that such commission payments have been earned. Another role delineated in the SEC Complaint for Internal Audit is to correctly classify payments so that the books and records of the company accurately reflect them as expenses. As noted, the Director of Internal Audit instructed that bribes paid during clinical trials of the Company’s products should be reclassified as ‘expenses’.

Key Takeaway: This enforcement action lists the specific role of Internal Audit in a FCPA compliance program.

V. Morgan Stanley and Garth Peterson

This is the first instance of the public release of a Declination to Prosecute a company under the FCPA, where an employee agreed to an underlying FCPA violation. Morgan Stanley Managing Director Garth Peterson conspired with others to circumvent Morgan Stanley’s internal controls in order to transfer a multi-million dollar ownership interest in a Shanghai building to himself and a Chinese public official. Peterson encouraged Morgan Stanley to sell an interest in a Chinese real-estate deal to Shanghai Yongye Enterprise (Yongye) a state-owned and state-controlled entity through which Shanghai’s Luwan District managed its own property and facilitated outside investment. However, the DOJ declined to prosecute Morgan Stanley and noted in its Press Release, “After considering all the available facts and circumstances, including that Morgan Stanley constructed and maintained a system of internal controls, which provided reasonable assurances that its employees were not bribing government officials, the Department of Justice declined to bring any enforcement action against Morgan Stanley related to Peterson’s conduct. The company voluntarily disclosed this matter and has cooperated throughout the department’s investigation.”

A.     Declination to Prosecute

Both the DOJ and SEC went out of their way to praise the Morgan Stanley compliance program. This written praise demonstrated that not only do company’s receive credit from the DOJ for having a compliance program in place but also gave solid information as to why the DOJ declined to prosecute Morgan Stanley. In other words, it was a very public pronouncement of a declination to prosecute.

The SEC Complaint detailed the compliance program it had in place and how it directly related to Peterson.

(1) Morgan Stanley trained Peterson on anti-corruption policies and the FCPA at least seven times between 2002 and 2008.

(2) Morgan Stanley distributed to Peterson written training materials specifically addressing the FCPA.

(3) A Morgan Stanley compliance officer specifically informed Peterson in 2004 that employees of Yongye, a Chinese state-owned entity, were government officials for purposes of the FCPA.

(4) Peterson received from Morgan Stanley at least thirty five FCPA-compliance reminders.

(5) Morgan Stanley required Peterson on multiple occasions to certify his compliance with the FCPA.

(6) Morgan Stanley required each of its employees, including Peterson, annually to certify adherence to Morgan Stanley’s Code of Conduct.

(7) Morgan Stanley required its employees, including Peterson, annually to disclose their outside business interests.

(8) Morgan Stanley had policies to conduct due diligence on its foreign business partners, conducted due diligence on the Chinese Official and Yongye before initially conducting business with them, and generally imposed an approval process for payments made in the course of its real estate investments.

B.        Compliance Program as Compliance Defense

If it was not clear that a company receives credit for having a best practices compliance program it is now. Recognizing that a compliance program is not available as a formal affirmative defense, it is clear that Morgan Stanley was able to use not only their written compliance program, but its ongoing maintenance, communication and due diligence aspects to shield the employer from liability. The bottom line is what the DOJ and SEC representatives have been saying all along and that is that companies with best practices compliance programs receive credit in negotiating with the government.

Key Takeaway: The compliance defense is alive and well.

Key Takeaway II (for the DOJ): Publicize Declinations to Prosecute. It is solid information for the compliance practitioner to use and it will help companies do business in compliance with the FCPA.

VI. DS&S

Last, but certainly not least, we end our Top 6 of 2012, to date, with the Data Systems & Solutions LLC (DS&S) case.

A.     The Bribery Scheme

The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.

The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid out in the Information reflected the following techniques used:

• Payment of bribes by Subcontractors to Officials on behalf of DS&S;
• Direct payment of bribes by DS&S into US bank accounts controlled by INPP Officials;
• Creation of fictional invoices from the Subcontractors to fund the bribes;
• Payment of above-market rates for services allegedly delivered by the Subcontractors so the excess monies could be used to fund bribes;
• Payment of salaries to INPP Officials while they were ‘employed’ by Subcontractor B;
• Providing travel and entertainment to Officials to Florida, where DS&S has no facilities and which travel and entertainment had no reasonable business purpose;

and last but not least…

• Purchase of a Cartier watch as a gift.

B.     The Discounted Fine

DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines, which specified a fine between $25MM down to $12.6MM. The ultimate fine paid by DS&S was only $8.82MM, which the Deferred Prosecution Agreement (DPA) states is “an approximately thirty-percent reduction off the bottom of the fine range…” In addition to its real-time internal investigation and extraordinary cooperation, the DPA reports that DS&S took the following extensive remediation steps:

• Termination of company officials and employees who were engaged in the bribery scheme;
• Dissolving the joint venture and then reorganizing and integrating the dissolved entity as a subsidiary of DS&S;
• Instituting a rigorous compliance program in this newly constituted subsidiary;
• Enhancing the company’s due diligence protocols for third-party agents and subcontractors;
• Chief Executive Officer (CEO) review and approval of the selection and retention of any third-party agent or subcontractor;
• Strengthening of company ethics and compliance policies;
• Appointment of a company Ethics Representative who reports directly to the CEO;
• The Ethics Representative provides regular reports to the Members Committee (the equivalent of a Board of Directors in a LLC); and
• A heightened review of most foreign transactions.

1. C.     Mergers & Acquisitions

There were two new additions are found on items 13 & 14 on Schedule C of the DPA that dealt with mergers and acquisitions (M&A). They draw from and build upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. The five keys under these new items are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities “as quickly as practicable”; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might “present a corruption risk to DS&S” on the company’s policies and procedures and the law.

Key Takeaway: Minimum best practices evolve so you should stay abreast of them. IN the M&A arena, the DOJ continues to listen to comments on ‘buying a FCPA violation’ and provide guidance to manage the risk.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012