FCPA Compliance and Ethics Blog

March 20, 2015

Miss Marple Short Stories and SEC Enforcement of the FCPA, Part V – Final Thoughts

Agatha ChristieI conclude my week of exploration of Agatha Christie’s Miss Marple short stories and the Securities and Exchange Commission’s (SEC) enforcement of the Foreign Corrupt Practices Act (FCPA) by reviewing some of the new things I’ve learnt during this week of research. I learned that Christie made several social observations and revealed much about herself through these stories. She is very much constrained by the roles given to women in the early to mid-1920s, including the lack of a proper education. She also writes about some of the disdainful attitudes of people to an older woman. I found a number of inside jokes that Christie placed into the stories, even referring to the prevalence of detective fiction in print and on the stage at the time the stories were written. Finally is the fact that people make the mistake of not noticing her but that she is watching them and listening and that they will remain unaware of her presence for not too much longer.

In his recent blog post, entitled “Are You An FCPA Contender Or Pretender?”, the FCPA Professor suggested that if you want to practice in the area of FCPA compliance, you really should take the time to read some of the very few underlying sources and documents relating to the subject. After my week exploration of the SEC enforcement of the FCPA, I would note that you can learn quite a bit by heeding his advice.

Internal Controls

There was a trend, beginning in the fall of 2014 of SEC FCPA enforcement actions, where the Department of Justice (DOJ) either declined to prosecute the company or settled with the company via a Non-Prosecution Agreement (NPA). This led me to conclude that the SEC was ramping up its review and enforcement of the accounting provisions under the FCPA separate and apart from criminal side enforcement of the FCPA by the DOJ. Earlier this month, when Andrew Ceresney, the SEC Director, Division of Enforcement, spoke at CBI’s Pharmaceutical Compliance Congress in Washington DC he discussed the importance of internal controls in SEC enforcement. While his remarks were primarily directed “in the context of financial reporting” I believe they could be equally applicable in the FCPA compliance context.

Ceresney said, “What kinds of practice pointers for how to avoid these issues? Well, in cases we have brought, we see controls that were not carefully designed to match the business, or that were not updated as the business changed and grew. And we see that senior leadership was not asking the tough questions – and sometimes not even asking the easy questions. Senior management in some cases was just not engaged in any real discussion about the controls. As a result, employees did not properly focus on them and the firm and its shareholders are put at risk.” I think these statements, particularly taken in the context of his overall remarks, portend a greater focus on internal controls review and enforcement in the FCPA context.

Finally, in the area of internal controls, is the interplay of Sarbanes-Oxley (SOX) with FCPA enforcement and several sections of the Act that have FCPA implications. These include SOX §302 that requires the principle officers of a company to “take responsibility for and certify the integrity of these company’s financial reports on a quarterly basis.” Under SOX §404 companies must present annually their conclusion “regarding the effectiveness of the company’s internal controls over accounting.” Finally, SOX §802 prohibits “altering, destroying, mutilating, concealing or falsifying records, documents or tangible objects” with the intent to obstruct or influence a federal investigation, such as the FCPA.

Every public company is required to report on its internal controls. The SEC may well start mining those required, annual public disclosures for information on compliance internal controls. If the SEC finds a company’s report lacking and then after requesting further information, still finds a company’s response lacking, a company may be looking at strict liability and a financial penalty based on profit disgorgement as I lay out next.

Strict Liability

I have written about the coming of strict liability to the SEC enforcement of the FCPA’s accounting provisions, including books and records and internal controls. However, after having read, re-read and reviewed the FCPA and commentary, I now believe that a strict liability interpretation for enforcement of the FPCA is fully supported by the plain language of the Act itself. I come to this conclusion because there is no language in the text of the Act that ties the accounting provision requirements to any other operative violation of the statute. In other words, there is no language that says that an accounting provisions violation must be tied to an offer or payment of a bribe to obtain or retain business. While the FCPA does not specifically say that a company will be strictly liable for a violation of the accounting provisions, it is certainly not prohibited. Since violations of the accounting provisions as enforced by the SEC are civil violations only, I now believe that such a position is not prohibited by the Act.

Profit Disgorgement 

Similar to my views on strict liability for accounting violations, I have also come to believe that profit disgorgement is a remedy fully supported and available to the SEC in FCPA enforcement actions. This change was made by an un-related law, entitled The Penny Stock Reform Act of 1990, which amended the Securities Exchange Act of 1934 to: allow the SEC to (1) impose tiered civil money penalties pursuant to administrative findings of violations of the Act; (2) enter an order requiring an accounting and disgorgement; (3) issue cease and desist orders; and (4) issue temporary restraining orders. Profit disgorgement has generally been considered an equitable remedy. Sasah Kalb and Marc Alain Bohn, in their article “Disgorgement: The Devil You Don’t Know, wrote “As an equitable remedy, disgorgement is not intended as tool to punish, but as a vehicle for preventing unjust enrichment. The SEC is therefore only permitted to recover the approximate amount earned from the alleged illicit activities. Disgorging anything more would be considered punitive.”

In conjunction with this equitable nature for profit disgorgement, is the concept of proportionality. In the article by David C. Weiss, entitled “The Foreign Corrupt Practices Act, SEC Disgorgement of Profits and the Evolving International Bribery Regime: Weighing Proportionality, Retribution and Deterrence”, he wrote that regarding proportionality “punishment schemes fail a utilitarian test when the punishment exceeds, or threatens to exceed, the offense. Put another way, deterrence requires that a punishment be proportionate to the harm—allowing for some multiplier based on the likelihood of being caught. Punishments that are not proportionate are not justified under this utilitarian theory.”

Profit Disgorgement as a Remedy for Strict Liability

In this final section, I give my opinion as to where I think the next step of SEC enforcement may be headed. I think it will be a combination of the enforcement of the accounting provisions of the FCPA through a strict liability reading of them by the SEC to the remedy of profit disgorgement. Admittedly this opinion seems contrary to the equitable nature of the remedy of profit disgorgement. However the greater focus of SEC scrutiny and enforcement of the accounting provisions point me in that direction. While it is also true that profit disgorgement has traditionally required some specific ill-gotten gains; with the statutory authority provided by the Penny Stock Act to the SEC allows for disgorgement with no language around its equitable beginning, this may be enough for the SEC to make such an intellectual leap. Further, as noted by Kalb and Bohn, “Because calculations like these often prove difficult, courts tend to give the SEC considerable discretion in determining what constitutes an ill-gotten gain by requiring only a reasonable approximation of the profits which are causally connected to the violation.”

The final component is the lack of judicial review in FCPA enforcement actions. Every practitioner is aware of the absolute dearth of cases in this area. With the SEC moving towards more administrative actions, through the 2010 Dodd-Frank amendment that enables the SEC to collect civil penalties through administrative proceedings, there may not be many federal district court reviews going forward. Of course to have a federal district court review of a remedy, it generally takes the defendant to make some objection and companies seemingly do not wish to take on the SEC in any FCPA enforcement matter (or the DOJ for that matter). But even if there was a federal district review of a Cease and Desist Order filed before it, you almost never hear the court reject an agreed Order on the grounds that the remedy was too harsh or unwarranted.

I hope you have enjoyed and learned something this week unique to the SEC enforcement of the FCPA. I know I have both enjoyed reading many of the excellent commentators I have reviewed during my research. David Weiss, Marc Alain Bohn, Sasha Kalb, Russ Ryan and the FCPA Professor have all contributed significant legal work and thought leadership in this area that I have built some of my theories on so I thank them for their contributions. Another joy was reading Agatha Christie’s Miss Marple short stories. If you have a few evenings or some down time for spring break or summer vacation, I suggest you pick up the volume. It is just like visiting with an old friend on a dark and stormy night…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

March 19, 2015

Ingots of Gold & SEC FCPA Enforcement – Communication – Part IV

Ingots of GoldToday I want to use the Christie’s story Ingots of Gold as an introduction to some of the regular communications that the Securities and Exchange Commission (SEC) representatives frequently provide in public forums, regarding their views on Foreign Corrupt Practices Act (FCPA) enforcement and, more importantly for the compliance practitioner, FCPA compliance. In this story, told by Miss Marple’s friend, he was spending a holiday in Cornwall with an acquaintance called John Newman. It involved a shipwreck and, as the title foretold, valuable cargo. After a stormy night Newman was missing but was later found bound and gagged in a ditch. It is revealed that Newman used this as ruse to cover his tracks from a theft of gold, which, of course, Miss Marple resolves when no one else can do so.

It was the language of this story that struck me. For as famous as Agatha Christie is for her puzzles, she had a great facility for language. At one point Miss Marple said, “You wouldn’t like my opinion, dear. Young people never do, I notice.” Later she describes the antagonist with the following, “his mind might run in strange, unrecognized channels”. Fortunately for the compliance community, one of the significant ways that the SEC communicates with compliance practitioners is through public speeches. We were recently treated to another such example when Andrew Ceresney, the SEC Director, Division of Enforcement, spoke at CBI’s Pharmaceutical Compliance Congress in Washington DC. Ceresney provided some clear guidelines for the compliance practitioner about what the SEC expects from companies in the area of FCPA compliance. More specifically he talked about some specific bribery schemes the SEC has seen in FCPA enforcement actions involving the pharmaceutical industry. These examples provided scenarios that any compliance practitioner in the pharmaceutical space can investigate for their organization.

Pharmaceutical Industry Bribery Schemes

Ceresney discussed ‘Pay-to-Prescribe’ bribery schemes where physicians and hospitals are paid bribes in “exchange for prescribing certain medication, or other products such as medical devices.” These schemes can involve payments of cash or other forms of non-cash benefits such as gifts, travel and entertainment. He described an example where a company “invited “high-prescribing doctors” in the Chinese government to club-like meetings that included extensive recreational and entertainment activities to reward doctors’ past product sales or prescriptions.” Another such scheme involved a running total of points for doctors who prescribed a company’s products, which could later be cashed in for items of value. Another involved a rebate of part of a hospitals overall purchase to certain doctors or hospital administrators.

Another form of bribery was seen where a company would direct charitable donations to the decision-makers “pet” charity. In a couple of FCPA enforcement actions, the charity had nothing to do with the pharmaceutical industry but in one case there was “a purported donation of nearly $200,000 to a public university to fund a laboratory that was the pet project of a public hospital doctor. In return, the doctor agreed to provide business to” the company in question. The point of all of these examples is that “that bribes come in many shapes and sizes, and those made under the guise of charitable giving are of particular risk in the pharmaceutical industry. So it is critical that we carefully scrutinize a wide range of unfair benefits to foreign officials when assessing compliance with the FCPA – whether it is cash, gifts, travel, entertainment, or charitable contributions.”

Compliance Programs

I certainly agree with Ceresney, only adding that I do not think you can say it too loud or too often, when he stated, “The best way for a company to avoid some of the violations that I have just described is a robust FCPA compliance program.” It all begins with a risk assessment so that you will understand what your company’s risks are and you can manage them accordingly through your compliance program. From there Ceresney said, “The best companies have adopted strong FCPA compliance programs that include compliance personnel, extensive policies and procedures, training, vendor reviews, due diligence on third-party agents, expense controls, escalation of red flags, and internal audits to review compliance.” He also specifically mentioned third parties, as they are still perceived to be the highest risk in any FCPA risk matrix. He stated, “To properly combat against these abuses, a compliance program must thoroughly vet its third-party agents to include an understanding of the business rationale for contracting with the agent. Appropriate expense controls must also be in place to ensure that payments to third-parties are legitimate business expenses and not being used to funnel bribes to foreign officials.”

Self-Reporting and Cooperation

Next Ceresney turned to self-reporting and cooperation. After initially noting that the current enforcement environment is greatly aided by self-reporting, he went on to explain why it is in a company’s interest to do so. Beyond the simple credit a company receives for self-reporting, by doing so “parties are positioned to also help themselves by aggressively policing their own conduct”. The SEC will also “continue to find ways to enhance our cooperation program to encourage issuers, regulated entities, and individuals to promptly report suspected misconduct. The Division has a wide spectrum of tools to facilitate and reward meaningful cooperation, from reduced charges and penalties, to non-prosecution or deferred prosecution agreements in instances of outstanding cooperation.” He ended this section of his remarks with a couple of thoughts that I believe succinctly provided the SEC’s position on self-reporting and cooperation. First he said “When I was a defense lawyer, I would explain to clients that by the time you become aware of the misconduct, there are only two things that you can do to improve your plight – remediate the misconduct and cooperate in the investigation.” He then ended with the following, “Companies that choose not to self-report are thus taking a huge gamble because if we learn of the misconduct through other means, including through a whistleblower, the result will be far worse. “

Internal Controls 

Ceresney had some interesting remarks around internal controls. He said they were in the “context of financial reporting”; however I found that they might well have significant implications for the compliance practitioner. I thought his money line was “Internal control problems have been prominently featured in recent enforcement cases we have brought in the financial reporting area, even in cases without accompanying charges of fraud.  This reflects our view that adequate internal controls are the building blocks for accurate financial reporting and can prevent fraudulent activity.” While the specified area of these remarks was around SOX §§302 and 404, I think this portends directly to internal controls under the FCPA.

He went on to state, “my key takeaway is that senior leadership of companies should place strong emphasis on the importance of designing and implementing strong internal controls. Senior officers need to ask questions about what they are being told about their internal controls – but perhaps more importantly, ask questions about the things that are not being reported to them. Dropping those occasional inquiries into conversations where they won’t be expected sends a powerful message that you want these issues to be on your employees’ minds. And what is needed is not just involvement from senior leadership but also from the audit committee. Instead of a check-the-box mentality, it is important to use careful thought at the outset to how controls should be designed in light of a firm’s business operations. This entails an up-front assessment of financial reporting risks, designing controls that address those risks, and ensuring that the resulting controls are well documented and communicated. And, as the company’s business evolves and changes, management must consider whether the existing internal controls are appropriate, or need to be enhanced or changed. Appropriate resources and attention also need to be devoted to monitoring those controls for effectiveness and making changes as needed.” Every time you see the words ‘financial’ simply substitute compliance and I think you will see where the SEC is headed in its internal controls enforcement of the FCPA.

Just as Agatha Christie communicated with her audience in ways broader than simply puzzles, through her great facility for delicious language, the SEC communicates in substantive ways with the compliance community through its speeches. You really do not have to read the tea leaves when you have such a clear message as was delivered by Ceresney at the CBI conference. Moreover, with all the sites that reported on it, talked about it and even linked to the printed text, you did not have to pay to attend. It is all there for you to read and to read for free.

For a copy of the text of Ceresney’s remarks, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

March 18, 2015

The Blue Geranium – SEC Enforcement of the FCPA – Part III

Blue GeraniumIn Christie’s The Blue Geranium a difficult and cantankerous semi-invalid wife is looked after by a succession of nurses. They changed regularly, unable to cope with their patient, with one exception Nurse Copling who somehow managed the tantrums and complaints better than others of her calling. The wife had a predilection for fortunetellers and one announced that the wallpaper in the wife’s room was evil; pronouncing she should “Beware of the Full Moon. The Blue Primrose means warning; the Blue Hollyhock means danger; the Blue Geranium means death.” Four days later, one of the primroses in the pattern of the wallpaper in the wife’s room changed color to blue in the middle of the night, when there had been a full moon.

On the morning after the next full moon, the wife was found dead in her bed with only her smelling salts beside her. Once again Miss Marple has the solution remembering that potassium cyanide resembled smelling salts in odor. The wife took what she thought were smelling salts but was in reality potassium cyanide. The flowers on the wallpaper had been treated with litmus paper which the turned the geranium in question blue, which unmasked the killer.

I found this story to be an interesting way to introduce the topic of the Securities and Exchange Commission’s (SEC’s) damage remedies. While some are obvious, such as the fines and penalties which are listed in the text of the Foreign Corrupt Practices Act (FCPA), another one, that being profit disgorgement must be seen through the lens of multiple legislations.

Monetary Fines

The damages that are available to the SEC differ in some significant aspects from those available to the Department of Justice (DOJ) in its enforcement of the criminal side of the FCPA. According to the FCPA Guidance, “For violations of the anti-bribery provisions, cor­porations and other business entities are subject to a civil penalty of up to $16,000 per violation. Individuals, including officers, directors, stockholders, and agents of companies, are similarly subject to a civil penalty of up to $16,000 per violation, which may not be paid by their employer or principal. For violations of the accounting provisions, SEC may obtain a civil penalty not to exceed the greater of (a) the gross amount of the pecuniary gain to the defendant as a result of the violations or (b) a specified dollar limitation. The specified dollar limitations are based on the egregious­ness of the violation, ranging from $7,500 to $150,000 for an individual and $75,000 to $725,000 for a company.”

As straightforward as these monetary amounts may seem, the totals can become very large very quickly. As noted by Russ Ryan in a guest post on the FCPA Professor’s blog, entitled “Former SEC Enforcement Official Throws The Red Challenge Flag, the SEC significantly multiplied those amounts in a default judgment context against former Siemens executives by claiming that “four alleged bribes should be triple-counted as three separate securities law violations – once as a bribe, again as a books-and-records violation, and yet again as an internal-controls violation – thus artificially multiplying four violations to create twelve.” Further, under the specific books-and-records and internal-controls allegations “the SEC was super aggressive, taking the position that these classically non-fraud violations involved “reckless disregard” of a regulatory requirement, thus allowing the SEC to demand the maximum $60,000 per violation in “second-tier” penalties rather than the $6,000 per violation in the “first-tier” penalties ordinarily associated with non-fraud violations.”

Profit Disgorgement

In addition to the above statutory fines and penalties, “SEC can obtain the equitable relief of disgorgement of ill-gotten gains and pre-judgment interest and can also obtain civil money penalties pursuant to Sections 21(d)(3) and 32(c) of the Exchange Act. SEC may also seek ancillary relief (such as an accounting from a defendant). Pursuant to Section 21(d)(5), SEC also may seek, and any federal court may grant, any other equitable relief that may be appropriate or necessary for the benefit of investors, such as enhanced remedial measures or the retention of an independent compliance consultant or monitor.” These remedies can be sought in a federal district court of through the SEC administrative process.

As explained by Marc Alain Bohn, in a blog post on the FCPA Blog entitled “What Exactly is Disgorgement?” profit “Disgorgement is an equitable remedy authorized by the Securities Exchange Act of 1934 that is used to deprive wrong-doers of their ill-gotten gains and deter violations of federal securities law. The Act gives the SEC the authority to enter an order “requiring accounting and disgorgement,” including reasonable interest, as part of administrative or cease and desist proceedings”. In another article Bohn co-authored with Sasha Kalb, entitled “Disgorgement – the Devil You Don’t Know” published in Corporate Compliance Insights (CCI), they set out how such damages are calculated. They said, “In calculating disgorgement, the SEC is required to distinguish between legally and illegally obtained profits. The first step in such calculations is to identify the causal link between the unlawful activity and the profit to be disgorged. Once this causal link is established, the SEC may assert its right to disgorge illicit profits that stem from this wrong-doing. Because calculations like these often prove difficult, courts tend to give the SEC considerable discretion in determining what constitutes an ill-gotten gain by requiring only a reasonable approximation of the profits which are causally connected to the violation.”

However if you read the FCPA quite closely you will not find any language regarding profit disgorgement as a remedy. Nevertheless a simple reading of the statute does not limit our inquiry as to this remedy. In a Note, published in the University of Michigan Journal of International Law, entitled “The Foreign Corrupt Practices Act, SEC Disgorgement of Profits and the Evolving International Bribery Regime: Weighing Proportionality, Retribution and Deterrence”, author David C. Weiss explained the development of the remedy of profit disgorgement. As noted by Bohn, profit disgorgement was always available to the SEC from the very beginning of its existence, through the enabling legislation of 1934. But as explained by Weiss, in the completely unrelated legislation entitled The Penny Stock Reform Act of 1990, profit disgorgement was “authorized by statute [as a remedy to the SEC] without a limitation to the FCPA.”

Finally, and what many compliance practitioners do not focus on for SEC enforcement of the FCPA, was the enactment of Sarbanes-Oxley Act of 2002 (SOX). Weiss said, “The most recent change to the way in which the SEC enforces the FCPA—and a critical development to consider—is SOX, which affects virtually all of the SEC’s prosecutions, including those under the FCPA. When assessing penalties, the SEC draws on SOX to provide great latitude in determining the types of penalties it enforces. While SOX did not amend the FCPA itself, it did amend both civil and criminal securities laws relating to compliance, internal controls, and penalties for violations of the Exchange Act. Since the enactment of SOX, the SEC has possessed the power to designate how a particular penalty that it assesses will be classified.” [citations omitted]

There has been criticism of the SEC using profit disgorgement as a remedy. As far back as 2010, the FCPA Professor criticized this development in his article “The Façade of FCPA Enforcement” where he found fault with the remedy of profit disgorgement for books and records violations or internal controls violations only, where there is no corresponding “enforcement action charging violations of the anti-bribery provisions.” He wrote “It is difficult to see how a disgorgement remedy premised solely on an FCPA books and records and internal controls case is not punitive. It is further difficult to see how the mis-recording of a payment (a payment that the SEC does not allege violated the FCPA’s anti-bribery provisions) can properly give rise to a disgorgement remedy.”

Bohn and Kalb said, “Over the last six years, disgorgement has served to significantly increase the financial loss that companies are exposed to in FCPA enforcement matters. In addition to the considerable civil penalties often imposed by the SEC as part of FCPA settlements, the SEC has made clear that it will not hesitate to seek recovery of large sums through disgorgement provided they are reasonably related to the alleged misconduct. Yet the methodology used by the SEC to support the amounts it seeks to disgorge has not been much discussed.  In the absence of adequate guidance as to how these sums are calculated, disgorgement poses an even greater risk in the current aggressive FCPA enforcement climate.” I would only add to their conclusion that profit disgorgement is here to stay.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 17, 2015

The Companion and SEC Enforcement of the FCPA – Part II

The CompanionI will use Agatha Christie’s short story The Companion as the introduction to today’s blog post. This story, related by one of the Tuesday story-telling group of detective aficionados, Dr. Lloyd, and is about two people who are related yet take different paths. It involves the death of a woman while on vacation on the Island of Gran Canaria. The deceased was named Mary Barton and she died while trying to save her companion, one Amy Durrant, from drowning. Sometime later Miss Durrant was deemed missing and presumed drowned off the coast of Cornwall. However there was a double crime as Durrant had actually drowned Barton in Gran Canaria and then faked her own death in Cornwall, however she had returned home to Australia where she actually died within a month of returning. It turned out that Durrant was a cousin to Barton and her only living relation. Since both women were now dead, Barton’s not inconsiderable estate passed on to Durrant’s children, which was her plan all along.

All of which informs today’s topic that being the difference in Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) enforcement resolution tools from those used by the Department of Justice (DOJ). While both the SEC and DOJ use Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs); there are other tools in the SEC arsenal, which the DOJ does not use. These revolve around the fact that in FCPA enforcement, the DOJ handles criminal prosecution and the SEC handles things on the civil side of FCPA enforcement.

Traditionally the SEC obtains a Cease and Desist order by going to a federal district court. The FCPA Guidance states, “In a civil injunctive action, SEC seeks a court order compelling the defendant to obey the law in the future. Violating such an order can result in civil or criminal contempt proceedings. Civil contempt sanctions, brought by SEC, are remedial rather than punitive in nature and serve one of two purposes: to compensate the party injured as a result of the violation of the injunction or force compliance with the terms of the injunction.”

In most cases the defendant does not contest these Orders and there are no admissions made by the defendant regarding conduct that may have violated the FCPA. While there has been significant criticism of ‘No Admission’ settlements entered into by the SEC, these types of settlements are not expected to change where there is no corresponding criminal action. In a 2013 speech, SEC Chair Mary Jo White announced an expansion of the “admit” policy, and explained that while “neither admit nor deny” settlements would remain the norm, the SEC would now require defendants to admit wrongdoing “in certain cases where heightened accountability or acceptance of responsibility through the defendant’s admission of misconduct may be appropriate”. SEC enforcement chief, Andrew Ceresney, has added that defendants may be required to admit violations in cases of “egregious misconduct,” such as cases involving obstruction of the SEC’s investigation or harm to large numbers of investors.

However the past year or so, the SEC has moved to handle FCPA enforcement actions through an administrative process. As explained in the FCPA Guidance, “SEC has the ability to institute various types of administrative proceedings against a person or an entity that it believes has violated the law. This type of enforcement action is brought by SEC’s Enforcement Division and is litigated before an SEC administrative law judge (ALJ). The ALJ’s decision is subject to appeal directly to the Securities and Exchange Commission itself, and the Commission’s decision is in turn subject to review by a U.S. Court of Appeals.”

In a post on the FCPA Blog, entitled “Are Administrative Proceedings the New Civil Complaints?” Marc Alain Bohn explored this expanded use of administrative law proceedings in SEC enforcement of the FCPA, by noting, “which was facilitated in part by a 2010 Dodd-Frank amendment to the Securities and Exchange Act of 1934 that enables the SEC to collect civil penalties through administrative proceedings.” Moreover, Bohn noted a couple of significant differences in going through a federal district court to obtain a Cease and Desist Order and going through the SEC administrative process. He said, “FCPA cases resolved via administrative proceeding require no judicial approval, as opposed to the settlement of formal civil complaints. This distinction is important because district court judges have complicated several SEC prosecutions in recent years by demanding changes to negotiated settlements or dismissing charges or otherwise limiting claims. In addition, the imposition of a cease-and-desist order under an administrative proceeding requires only that the SEC establish a likelihood that a defendant will violate federal securities law, in contrast with the “reasonable likelihood” required by a court-ordered injunction.” [citations omitted]

The FCPA Professor has been unremitting in his criticism of this administrative settlement process, citing a complete lack of transparency in the process, among other criticisms. Mike Volkov, perhaps more charitably, wrote, “The SEC’s “new” use of administrative proceedings for FCPA cases demonstrates its unwillingness to face judicial scrutiny and undermines the effectiveness of its enforcement program. The SEC likes to play on its home turf and for some reason feels that going to court is not as important.” Whatever your view on the use of the administrative process might be I would only say that it is here to stay so you had better be ready to participate in it if you find yourself in a SEC FCPA enforcement action.

Another criticism of this process is what might be called the home court advantage. In an article in the Wall Street Journal (WSJ), entitled “Firms oppose SEC’s internal enforcement process”, reporter Hazel Bradford quoted Terry Weiss, an attorney with Greenberg Traurig LLP in Atlanta, for the following “I have no problem with fairness when (a case) is brought in a federal District Court and when it is overseen by a federal District Court judge who is appointed by the president of the United States and approved by the U.S. Senate. I have a significant problem when you have (administrative law judges) who are picked by the SEC.” The problem with this argument is that ALJ’s have been a part of the federal enforcement process for a wide variety of agencies, department and issues since the 1930s. To say the SEC is using an approved administrative process that violates the Constitution seems to me to be a stretch.

Another area the SEC has in common with the DOJ in FCPA enforcement is that they both sometimes decline to bring enforcement actions. The FCPA Guidance cites back to the SEC Enforcement Manual for the “guiding principles” in determining whether the Commission will bring a FCPA enforcement action. The factors the SEC will determine, which are the same for enforcement actions against entities or individuals., are listed as follows:

  • the seriousness of the conduct and potential violations;
  • the resources available to SEC staff to pursue the investigation;
  • the sufficiency and strength of the evidence;
  • the extent of potential investor harm if an action is not commenced; and
  • the age of the conduct underlying the potential violations.

It is important to understand these differences in resolution vehicles and tactics used by the SEC, separate and apart from the DOJ. The civil jurisdiction of FCPA enforcement entails some differences in approach by the SEC. It is important that any Chief Compliance Officer (CCO) or compliance practitioner understand these differences in the event their company goes through a FCPA investigation or enforcement action. We saw three significant FCPA enforcement actions last fall, Smith & Wesson, Layne Christensen and Bio-Rad, where there was no corresponding DOJ FPCA enforcement action brought jointly with the SEC enforcement action. As anti-corruption compliance programs mature, it may well be that this could portend the future. Just as with The Companion simply because it appears that two are together, they may have their own separate callings. Tomorrow I review some of the unique damages available to the SEC in a FCPA enforcement action.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 16, 2015

Miss Marple Short Stories and SEC Enforcement of the FCPA, Part I

Miss Marple Short StoriesI am a huge Agatha Christie fan. I have read most of the Poriot novels and many of the Jane Marple novels as well. However, I was not aware of Christie’s work in the short story format until I recently read a volume entitled Miss Marple Short Stories. This volume included 13 short stories first published in 1932. In many ways reading them was like revisiting an old friend, who had new stories to tell me that I had not previously heard. So in honor of my love of Agatha Christie and her short stories, I will theme my blog posts this week around one of her original short stories, published as The Thirteen Problems.

The first story was called The Tuesday Night Club and introduced Miss Marple and her cast of characters around these stories. Each was asked to relate some mystery and the others would try and solve the mystery. As with most of Christie’s writing, there were the stories and the characters who were, in many ways, stories themselves so there was a double layer of intersection. In this story a wife died of poisoning and her husband was the prime suspect. However Miss Marple deduced that the couple’s longtime housekeeper who has gotten “into trouble” through a liaison with the husband had poisoned the wife in hope’s of marrying the now widow. The group around Miss Marple was astounded when her deduction was confirmed by the storyteller when he related the housekeeper’s own deathbed confession.

Just as many readers may not have focused on Agatha Christie’s work in the short story format, many Foreign Corrupt Practices Act (FCPA) practitioners tend to focus on Department of Justice (DOJ) FCPA enforcement actions. However, just as Christie aficionados who did not focus on her short stories, many FPCA compliance practitioners do not tend to focus on FCPA enforcement by the Securities and Exchange Commission (SEC). To help address this, over the next week I will discuss issues relating to SEC enforcements.

Today, I begin with reviewing some jurisdictional issues unique to the SEC; commonly referred to as the FCPA accounting provisions, they consist of the books and records provisions which, as set out in the FCPA Guidance, requires that “issuers must make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of an issuer’s assets and internal controls requirements.” Under the internal controls provisions, “issuers must devise and maintain a system of internal accounting controls sufficient to assure management’s control, authority, and responsibility over the firm’s assets.”

Perhaps the most interesting thing about the ‘accounting provisions’ under the FCPA as stated in the FCPA Guidance, is as follows: , “Although the accounting provisions were originally enacted as part of the FCPA, they do not apply only to bribery-related violations. Rather, the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail”. [emphasis supplied] This means there can be strict liability for stand alone violations of these provisions, with no ties back to the corrupt intent or elements of a FCPA violation are present.

Who is covered under SEC enforcement of the FCPA? 

The SEC prosecutes ‘issuers’ who are defined as a company “that has a class of securities registered pursuant to Section 12 of the Exchange Act or that is required to file annual or other period reports pursuant to Section 15(d) of the Exchange Act.” The SEC also enforces the FCPA against companies “whose securities trade on a national securities exchange in the United States, including foreign issuers with exchange traded American Depository Receipts” and trade in over-the counter markets. While the SEC does not bring enforcement actions against private companies, private companies are also subject to the FCPA, just as public companies for bribing a foreign government official, in violation of the FCPA.

Accounting Provisions

Consistent with the concern that bribe payments are often disguised as other types of payments in a company’s books and records, “requires issuers to “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.”” The “in reasonable detail” qualification was adopted by Congress “in light of the concern that such a standard, if unqualified, might connote a degree of exactitude and precision which is unrealistic.” The addition of this phrase was intended to make clear “that the issuer’s records should reflect transactions in conformity with accepted methods of recording economic events and effectively prevent off-the-books slush funds and payments of bribes.”

The Guidance goes on to give several examples of SEC enforcement actions of the books and record provisions where bribes were mischaracterized in a company’s books and records. Such examples include bribes paid out in the guise of commissions, royalties or consulting fees. Another prominent example includes reimbursement for sales and marketing or miscellaneous expenses where no such activity occurred. A favorite has been mischaracterized travel and entertainment expenses. Finally, a large group of often over-looked expenses include free goods for demonstration products, intercompany accounts, vendor payments and customer write-offs.

A key distinction of FCPA enforcement by the SEC from other types of accounting fraud is that there is no materiality requirement under the FCPA. Typically, internal audit, external audit or even forensic accounting, only review material transactions. Obviously for a large multi-national company subject to the FCPA, materiality could be millions of dollars or multiplies thereof. However we have seen FCPA enforcement actions with corrupt payments made in the low thousands of dollars.

Internal Controls Provisions

The FCPA says that internal controls requires issuers to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—

(i) transactions are executed in accordance with management’s general or specific authorization;

(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and

(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

As further explained in the FCPA Guidance, “the Act defines “reasonable assurances” as “such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.” Neither the FCPA nor the FCPA Guidance specifies a particular set of controls that companies are required to implement. However the FCPA Guidance does note, “the internal controls provision gives companies the flexibility to develop and maintain a system of controls that is appropriate to their particular needs and circumstances.”

Moreover, the FCPA Guidance recognizes that “An effective compliance program is a critical component of an issuer’s internal controls.” To do so, a company needs to access its risk and then design and implement a system of internal controls to “account the operational realities and risks attendant to the company’s business.” The FCPA Guidance suggests some of these areas should include “the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption”. But the over-riding key is to assess your company’s FCPA compliance risks and set up a set of internal controls to help manage those risks effectively.

Other SEC Enforcement Areas Relating to FCPA Compliance 

In addition to the accounting provisions there are other laws and regulations that the SEC enforces and ties into FCPA enforcement. As noted in the FCPA Guidance, “Issuers have reporting obligations under Section 13(a) of the Exchange Act, which requires issuers to file an annual report that contains comprehensive information about the issuer. Failure to properly disclose material information about the issuer’s business, including material revenue, expenses, profits, assets, or liabilities related to bribery of foreign government officials, may give rise to anti-fraud and reporting violations under Sections 10(b) and 13(a) of the Exchange Act.”

There are also several sections under the Sarbanes-Oxley Act (SOX) that have FCPA implications. These include SOX §302 that requires the principle officers of a company “take responsibility for and certify the integrity of these company’s financial reports on a quarterly basis.” Under SOX §404 companies must present annually their conclusion “regarding the effectiveness of the company’s internal controls over accounting.” Finally, SOX §802 prohibits “altering, destroying, mutilating, concealing or falsifying records, documents or tangible objects” with the intent to obstruct or influence a federal investigation, such as the FCPA.

The remainder of this week I will tie another Miss Marple short story to another SEC FCPA enforcement issue. I hope that you will tune in for the next installment.

TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 12, 2015

Protections for CCOs from Wrongful Termination

Wrongful TerminationThis week the Houston Texans unceremoniously cut the franchise’s greatest player in its short history, receiver Andre Johnson. This was after his being hauled into the office of the head coach and being told that he would only need to work half as hard next year. As reported by Jerome Solomon in the Houston Chronicle article entitled “Move inevitable, but team bungles its handling”, Head Coach Bill O’Brien told Johnson that his catch total would drop from the 84 he has averaged in his 12 year career with the Texans down to “around 40 passes next season.” But O’Brien went on to add the team’s certain Hall of Fame receiver “wasn’t likely to be a starter next season, definitely not for all of the games.” So much for playing your best player at his position on a full-time basis, but hey, at least the information was made public.

Now imagine you are a Chief Compliance Officer (CCO) and have been one of your company’s senior management for the better part of the past 12 years. While you may not have been the most important member of the management team you certainly have helped navigate the company through rough compliance waters. Now imagine the company Chief Executive Officer (CEO) who tells you that although he has no one in mind to replace you (other than a less experienced and a smaller-salaried compliance specialist) your services will only be needed half the time in the coming year. What if this is in response to advice the head of the company did not like? What should the response be?

You can consider the departure from MF Global of its Chief Risk Officer, the financial services equivalent of a CCO. As reported in a New York Times (NYT) article entitled “MF Global’s Risk Officer Said to Lack Authority” Ben Protess and Azam Ahmed reported that the company replaced its Chief Risk Officer, Michael Roseman, after he “repeatedly clashed with Mr. Corzine [the CEO] over the firm’s purchase of European sovereign debt.” He was given a large severance package and left the company. When he left, there was no public reason given. His replacement was brought into the position with reduced authority.

If you are a public company, you may well need to heed the advice of fraud and compliance expert Jonathan Marks, a partner at Crowe Horwath LLP, who advocates that any time a CCO, a key executive, is dismissed it should be an 8K reporting event because the departure may be a signal of a change in the company’s attitude towards compliance or an alleged ethical breach had taken place. A similar view was expressed by Michael W. Peregrine in a NYT article entitled “Another View: MF Global’s Corporate Governance Lesson”, where he wrote that a “compliance officer is the equivalent of a “protected class” for governance purposes, and the sooner leadership gets that, the better.” Particularly in the post Sarbanes-Oxley world, a company’s CCO is a “linchpin in organizational efforts to comply with applicable law.” When a company fires (or asks him/her to resign), it is a significance decision for all involved in corporate governance and should not be solely done at the discretion of the CEO alone.

In its Code of Ethics for Compliance and Ethics Professionals, the Society for Corporate Compliance and Ethics (SCCE) has postulated Rule 1.4, which reads, “If, in the course of their work, CEPs become aware of any decision by their employing organization which, if implemented, would constitute misconduct, the professional shall: (a) refuse to consent to the decision; (b) escalate the matter, including to the highest governing body, as appropriate; (c) if serious issues remain unresolved after exercising “a” and “b”, consider resignation; and (d) report the decision to public officials when required by law.” As commentary to this rule, the SCCE said, “The duty of a compliance and ethics professional goes beyond a duty to the employing organization, inasmuch as his/her duty to the public and to the profession includes prevention of organizational misconduct. The CEP should exhaust all internal means available to deter his/her employing organization, its employees and agents from engaging in misconduct. The CEP should escalate matters to the highest governing body as appropriate, including whenever: a) directed to do so by that body, e.g., by a board resolution; b) escalation to management has proved ineffective; or c) the CEP believes escalation to management would be futile. CEPs should consider resignation only as a last resort, since CEPs may be the only remaining barrier to misconduct. A letter of resignation should set forth to senior management and the highest governing body of the employing organization in full detail and with complete candor all of the conditions that necessitate his/her action. In complex organizations, the highest governing body may be the highest governing body of a parent corporation.”

What about compensation? The Department of Justice (DOJ) has made clear that it expects a CCO to resign if the company refuses advice and violates the Foreign Corrupt Practices Act (FCPA). The former head of the DOJ-FCPA unit Chuck Duross went so far as to compare CCOs and compliance practitioners to the Texans at the Alamo. To be fair to Duross, I think he was focusing more on the line in the sand part of the story, while I took that to mean they were all slaughtered for what they believed in. But whichever interpretation you may choose to put on it, the DOJ clearly expects a CCO to stand up and if a CEO does not like what they say, he or she must resign. This puts CCOs and compliance practitioners in a very difficult position, particularly if there is no exit compensation for doing the right thing by standing up.

I think the next step should be for the DOJ and Securities and Exchange Commission (SEC) to begin to discuss the need for contractual protection of CCOs and other compliance practitioners against retaliation for standing up against corruption and bribery. The standard could simply be one that protects a CCO and other compliance practitioners against termination without cause. Just as the SEC is investigating whether companies are trying to muzzle whistleblowers through post-employment Confidentiality Agreements, I think they should consider whether CCOs and other compliance practitioners need more employment protection. I think the SEC should also consider the proposals of Marks regarding the required 8K or other public reporting of the dismissal or resignation of any CCO. Finally, I would expand on Peregrine’s suggestion and require that a company Board of Directors approve any dismissal of a CCO. With these protections in place, a CCO or compliance practitioner would have the ability to confront management who might take business decisions that violate the FCPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

 

March 10, 2015

Taking the Rolls Out for a Spin? Maybe You Should Avoid Brazil

Rolls RoyceJust as the GlaxoSmithKline PLC (GSK) case in China heralded a new day in international anti-corruption enforcement, the Petrobras case may be equally important going forward. The scope and breadth of the investigation is truly becoming worldwide. Last fall, one of the first questions raised was why was the US Securities and Exchange Commission (SEC) was investigating the company as it is headquartered in Brazil. While there is subsidiary Petrobras USA, which is a publicly listed company, it was not immediately apparent what role the US entity might have had in the bribery scandal, which was apparently centered in Brazil. However some recent revelations from across the pond may shed some light on the topic.

As with any corruption scandal there are both bribe payors and bribe receivers. The Petrobras corruption scandal initially focused on the bribe receivers in Petrobras. But last month one of the key bribe receivers, who is now cooperating with the Brazilian authorities, Pedro Barusco has identified the UK Company Rolls-Royce Group PLC as a bribe payor. As reported in the Financial Times (FT) by Samantha Pearson and Joe Leahy, in an article entitled “Rolls-Royce accused in Petrobras scandal”, Barusco has “told police he personally received at least $200,000 from Rolls-Royce — only part of the bribes he alleged were paid to a ring of politicians and other executives at the oil company.”

However the allegations moved far beyond simply Rolls-Royce. The article also reported, “Brazil’s authorities are already investigating allegations that Petrobras officials accepted bribes from SBM Offshore, a Netherlands-based supplier of offshore oil vessels. SBM has said it is co-operating with the investigation. Units of two Singaporean companies, Keppel Corporation and Sembcorp Marine, along with three Brazilian shipbuilders with large Japanese shareholders, have also been accused of participating in the bribes-for-contracts scheme.” Finally, they reported that “Mr Barusco alleged that his friend Luiz Eduardo Barbosa, a former executive of Swiss engineering group ABB, was responsible for organising bribes from Rolls-Royce, SBM and Alusa, a Brazilian construction company.”

Rolls-Royce is currently under investigation by the UK Serious Fraud Office (SFO) and Department of Justice (DOJ) for allegations of corruption in several countries. Katherine Rushton, reporting in The Telegraph in an article entitled “Rolls-Royce investigated in US over bribery claims”, said “Rolls-Royce is being investigated by the US Department of Justice (DoJ), following allegations that its executives bribed officials in Indonesia, China and India in order to win lucrative contracts.” She cited to the company’s annual report for the following, ““The group is currently under investigation by law enforcement agencies, primarily the Serious Fraud Office in the UK and the US Department of Justice. Breaches of laws and regulations in this area can lead to fines, penalties, criminal prosecution, commercial litigation and restrictions on future business.””

But more than simply Rolls-Royce, readers will recognize several names from a rogue gallery of companies either implicated with corruption violations or under investigation. SBM Offshore was a poster child last year for the DOJ deferring to foreign authorities to prosecute claims of bribery and corruption. I wonder if SBM Offshore attested in its settlement documents with the relevant Netherlands authorities that it had not engaged in any other bribery and corruption beyond that which was the basis of its settlement? I wonder if the company made any such averments to the DOJ? I wonder if the DOJ will make any such deferments again given the SBM Offshore settlement with the Dutch authorities? What about ABB?

In addition to the above, SBM Offshore may be the most relevant example in the debate of an international double jeopardy standard. Jordan Moran, writing in the Global Anti-Corruption Blog, has consistently argued that international double jeopardy is a bad idea. Most recently, in an article entitled “Why International Double Jeopardy Is a Bad Idea”, he said, “when it comes to the global fight against transnational bribery, double jeopardy probably isn’t all it’s cracked up to be. To begin, most arguments calling for the U.S. and other OECD member countries to recognize international double jeopardy are nonstarters.”

Also interesting was the reference to ABB as the company went through its own Foreign Corrupt Practices Act (FCPA) enforcement action. As reported by Dick Cassin, in a 2010 FCPA Blog post entitled “ABB Reaches $58 Million Settlement (Updated)”, the company “reached a settlement Wednesday with the DOJ of criminal FCPA charges and will pay a fine $19 million. And in resolving civil charges with the SEC, the company will disgorge $22.8 million and pay a $16.5 million civil penalty. ABB Ltd’s U.S. subsidiary, ABB Inc., pleaded guilty to a criminal information charging it with one count of violating the anti-bribery provisions of the FCPA and one count of conspiracy to violate the FCPA. The court imposed a sentence that included a criminal fine of $17.1 million.” There was no information at that time as to whether the individual that Barusco named as the bribe payment facilitator, one Luiz Eduardo Barbosa, was involved in the prior ABB enforcement action in any way.

We have one or more companies, who are under current DOJ investigations, now being investigated in connection with the Petrobras bribery scandal. There are also companies that have gone through prior bribery and corruption enforcement actions now identified in the scandal. All of this now leads me to have some type of understanding of why the SEC might be investigating Petrobras USA. First, and most probably, it would be to see if the US entity was involved in the apparent decade long bribery scheme that the Brazilian parent now finds itself embroiled in. What if the US subsidiary was paying bribes to its parent to obtain or retain a benefit? Next would be any evidence of violations of the accounting provisions or internal controls requirements found in the FCPA. Finally, the SEC might be looking at Petrobras USA to see who its suppliers might be and if those companies merited investigation. Similar to looking that the Panalpina customer lists the SEC could review the Petrobras USA contractor list.

Just as GSK heralded the first time the Chinese government prosecuted a western company for violation of Chinese law, I believe the Petrobras bribery scandal will be a watershed. The outpouring of information and allegations at this time point to a multi-year, truly worldwide, bribery scheme. While it may in part have been Petrobras officials shaking down contractors for payments, it really does not matter under the FCPA or UK Bribery Act. If any company subject to either or both of those laws paid monies to Petrobras I expect they will be fully prosecuted. Further, given the arguments against an international double jeopardy standard made by Moran and others AND the apparent recidivism of prior bribery offenders, some companies may be in for a long and expensive ride.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 5, 2015

Is Strict Liability Coming to FCPA Enforcement?

Strict LiabilityI think that a strict liability standard is coming to Foreign Corrupt Practices Act (FCPA) enforcement. A number of factors have caused me to come to this conclusion. While there may well be wide disagreement as to whether such a standard is warranted under the FCPA, I think it is coming and it is something every Chief Compliance Officer (CCO) and compliance practitioner needs to be ready to address if and when the day comes that your company is under the shadow of a FCPA investigation.

I do not think this strict liability standard is coming for criminal enforcement of the FCPA by the Department of Justice (DOJ) because there is still a requirement of intent under the Act. Intent can be inferred by conscious indifference but I still do not think that day of reckoning is near for DOJ enforcement. However I do think that a confluence of events, FCPA enforcement actions by the Securities and Exchange Commission (SEC) and statements by the SEC representatives, all point towards a new enforcement angle to the FCPA. I think that the SEC is moving towards a strict liability standard for internal controls under the FCPA. That means if your compliance internal control regime is investigated, you will have to demonstrate that it meets some minimum standard that satisfies the SEC. If not, there will be a SEC administrative complaint filed against your company, alleging failure to maintain appropriate internal controls as required by the FCPA and your company will bear the burden of proof to demonstrate that you have designed and implemented an effective system of compliance internal controls.

The FCPA says that internal controls requires issuers to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—

(i) transactions are executed in accordance with man­agement’s general or specific authorization;

(ii) transactions are recorded as necessary (I) to per­mit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and

(iv) the recorded accountability for assets is com­pared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences. 

As further explained in the FCPA Guidance, “the Act defines “reasonable assurances” as “such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.” The Act does not specify a particular set of controls that companies are required to implement. Rather, the internal controls provision gives companies the flexibility to develop and maintain a system of controls that is appropriate to their particular needs and circumstances.””

My evolution of thinking on this issue began last fall with the Smith & Wesson (S&W) FCPA enforcement action. There was nothing in the reported settlement documents that tied the failure of S&W internal controls to the payment (or offer to pay) of a bribe or the obtaining of any benefit. The claims made against S&W were basically along the lines of this language laid out in the Order Instituting Cease-and-Desist Proceedings, “Despite making it a high priority to grow sales in new and high risk markets overseas, the company failed to design and implement a system of internal controls or an appropriate FCPA compliance program reasonably designed to address the increased risks of its new business model.” It should be noted that S&W did not ‘admit or deny’ any of the allegations made against it, the company simply consented to the entry of the Order.

In its Administrative Order, the SEC stated, “Smith & Wesson failed to devise and maintain sufficient internal controls with respect to its international sales operations. While the company had a basic corporate policy prohibiting the payment of bribes, it failed to implement a reasonable system of controls to effectuate that policy.” Additionally, the company did not “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed in accordance with management’s general or specific authorization; transactions are recorded as necessary to maintain accountability for assets, and that access to assets is permitted only in accordance with management’s general or specific authorization.”

All of this was laid out in the face of no evidence of the payment of bribes by S&W to obtain or retain business. This means it was as close to strict liability as it can be without using those words. Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit, was quoted in a SEC Press Release on the matter that ““This is a wake-up call for small and medium-size businesses that want to enter into high-risk markets and expand their international sales.” When a company makes the strategic decision to sell its products overseas, it must ensure that the right internal controls are in place and operating.””

The second factor that informs my thinking on this issue is the updated COSO 2013 Framework that became effective in December 2014. Larry Rittenberg, in his book COSO Internal Control-Integrated Framework, said that the original COSO framework from 1992 has stood the test of time “because it was built as conceptual framework that could accommodate changes in (a) the environment, (b) globalization, (c) organizational relationship and dependencies, and (d) information processing and analysis.” Moreover, the updated 2013 Framework was based upon four general principles which include the following: (1) the updated Framework should be conceptual which allows for updating as internal controls (and compliance programs) evolve; (2) internal controls are a process which is designed to help businesses achieve their business goals; (3) internal controls applies to more than simply accounting controls, it applies to compliance controls and operational controls; and (4) while it all starts with Tone at the Top, compliance is the responsibility for the implementation of effective internal controls resides with everyone in the organization.”

For the compliance practitioner, this final statement is of significant importance because it directly speaks to the need for the compliance practitioner to be involved in the design and implementation of internal controls for compliance and not to simply rely upon a company’s accounting, finance or internal audit function to do so.

The updated Framework also gives a precise model for the SEC to use to inquire from companies about their compliance internal controls. How many companies could not only present evidence of implementation of compliance internal controls along the lines of the updated Framework but also evidence of their effectiveness? Unfortunately the answer is not many.

There is one other factor that informs my evolution of thinking regarding a strict liability standard under the FCPA. Under Sarbanes-Oxley (SOX), Section 404, public companies are required to report on the adequacy of the company’s internal control on financial reporting. The report must affirm the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting. The report must also contain an assessment, as of the end of the most recent fiscal year of the Company, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. External auditors must also assess and make such a report. To do so, most companies, and their external auditors were using the prior COSO Framework.

Now imagine a situation where your external auditors have made their report and your company has made such report public, under its SOX 404 reporting obligation. What if the SEC took that report, reviewed it and made an initial assessment that your compliance internal controls around bribery and corruption were not sufficient, as required under the FCPA? What if the SEC sent you a letter asking for evidence of development and implementation of compliance internal controls, also asking for your audited evidence of effectiveness? What if you respond in due course and you receive another letter from SEC, which opines that your compliance internal controls are insufficient under the FCPA giving your proposed fine. You protest that there is no evidence of bribery or corruption regarding this insufficiency of your compliance internal controls. What if your company is then invited to contest this issue through the SEC Administrative process?

Does that sound far-fetched? Maybe it is but, from where I sit, that is the direction I see the issue of internal controls going in FCPA enforcement. I think a strict liability regime is coming under SEC enforcement of the FCPA. As a CCO or compliance practitioner in a public company, you need to be ready to defend your compliance internal controls.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 4, 2015

Minnie Minoso Broke Barriers; Goodyear Pushes Compliance Forward

Minnie MinosoYesterday we celebrated the hard-nosed playing style of Anthony Mason, who recently passed away. Today we honor a true pioneer in professional baseball, Minnie Minoso, or Mr. White Sox. Minoso was the first black Cuban to play in Major League Baseball (MLB) when he debuted for the Cleveland Indians in 1949. In 1951, he was traded to the Chicago White Sox and he became a southside fixture for the rest of the decade. While his numbers were less than 2000 hits and 200 home runs, he was a fearless and speedy base runner and a nine-time All Star. Similarly to Mr. Cub, Ernie Banks, the Chicago White Sox erected a statue in tribute to Mr. White Sox outside their ballpark. Even President Obama was moved to release a statement about Minoso saying in part, “Minnie may have been passed over by the Baseball Hall of Fame during his lifetime, but for me and for generations of black and Latino young people, Minnie’s quintessentially American story embodies far more than a plaque ever could.”

The contribution of Minoso in the exorable march of MLB towards integration informed part of my reading of the recent Goodyear Tire & Rubber Company (Goodyear) Foreign Corrupt Practices Act (FCPA) enforcement strategy of the Securities and Exchange Commission (SEC). This enforcement action was a solo effort by the SEC; there was no corresponding Department of Justice (DOJ) criminal enforcement action. So following this past fall’s triumvirate of SEC enforcement actions involving Smith & Wesson, Layne Christenen and Bio-Rad, the SEC continues to bring enforcement actions based upon the books and records and internal controls civil requirements of the FCPA. Therefore the Goodyear enforcement action is one which provides many lessons to be learned by the Chief Compliance Officer (CCO) or compliance practitioner going forward and should be studied quite carefully by anyone in the compliance field.

The Bribery Schemes

As set out in the SEC Cease and Desist Order (the Order), Goodyear used several different bribery schemes in different countries, all violating the FCPA. In Kenya, Goodyear became a minority owner in a locally owned business which apparently paid bribes the old-fashioned way, in cash to the tune of over $1.5MM, yet falsely recorded the cash bribe payments as “promotional expenses.” In Angola, a wholly-owned subsidiary of the company paid approximately $1.6MM in bribes by falsely marking up invoices with “phony freight and customs clearing costs.” The subsidiary made the payments in cash and through wire transfers to various government officials. Finally, the subsidiary apparently cross-referenced the bribes it paid as follows, “As bribes were paid, the amounts were debited from the balance sheet account, and falsely recorded as payments to vendors for freight and clearing costs.” In other words a complete, total and utter failure of internal controls to forestall any of the foregoing.

Internal Controls Violations

The Order set out the section of the FCPA that the company violated. Regarding the internal controls, the Order stated, “Under Section 13(b)(2)(B) of the Exchange Act issuers are required to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that (i) transactions are executed in accordance with management’s general or specific authorization; (ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.”

The Comeback

Equally important for the CCO or compliance practitioner are the specific steps that Goodyear took to remediate the situation it found itself in through these illegal payments. When the company received the initial reports about “the bribes, Goodyear promptly halted the improper payments and reported the matter to Commission staff.” Moreover, the company also cooperated extensively with the SEC. As noted in the Order, “Goodyear also provided significant cooperation with the Commission’s investigation. This included voluntarily producing documents and reports and other information from the company’s internal investigation, and promptly responding to Commission staff’s requests for information and documents. These efforts assisted the Commission in efficiently collecting evidence including information that may not have been otherwise available to the staff.”

In the area of internal remediation, regarding the entity in Kenya, where Goodyear was a minority owner in a local business, the company got rid of its from its corrupt partners by divesting its interest and ceasing all business dealings with the company. Goodyear is also divesting itself of its Angolan subsidiary. The Order also noted that Goodyear had lost its largest customer in Angola when it halted its illegal payment scheme. The company also took decisive disciplinary action against company employees “including executives of its Europe, Middle East and Africa region who had oversight responsibility, for failing to ensure adequate FCPA compliance training and controls were in place at the company’s subsidiaries in sub-Saharan Africa.”

Finally, in a long paragraph, the SEC detailed some of the more specific steps Goodyear took in the area of remediation. These steps included:

  • Improvements to the company’s compliance function not only in sub-Saharan Africa but also world-wide;
  • In Africa, both online and in person training was beefed up for “subsidiary management, sales and finance personnel”;
  • Regular audits were instituted by the company’s internal audit function, which “specifically focused on corruption risks”;
  • Quarterly self-assessment questionnaires were required of each subsidiary regarding business with government-affiliated customers;
  • For each subsidiary, there were management certifications required on a quarterly basis that required, “among other things controls over financial reporting; and annual testing of internal controls”;
  • Goodyear put in a “new regional management structure, and added new compliance, accounting, and audit positions”;
  • The company made technological improvements to allow the company to “electronically link subsidiaries in sub-Saharan Africa to its global network”;

However these changes were not limited to improvement of Goodyear’s compliance function in Africa only. At the corporate headquarters, Goodyear created the new position of “Vice President of Compliance and Ethics, which further elevated the compliance function within the company”. There was expanded online and in-person training at the corporate headquarters and other company subsidiaries. Finally, the company instituted a new “Integrity Hotline Web Portal, which enhanced users’ ability to file anonymous online reports to its hotline system. With that system, Goodyear is also implementing a new case management system for legal, compliance and internal audit to document and track complaints, investigations and remediation.”

The specific listing of the compliance initiatives or enhancements that Goodyear pushed after its illegal conduct came to light is certainly a welcomed addition to SEC advice about what it might consider some of the best practices a company may engage in around its compliance function. Moreover, this specific information can provide audit and information to the compliance practitioner of strategies that he or she might use to measure a company’s compliance program going forward. The continued message of cooperation and remediation as a way to lessen your overall fine and penalty continues to resonate from the SEC. Finally, just as Minoso helped move forward the integration of baseball and civil rights in general, the Goodyear FCPA enforcement action demonstrates that the SEC will continue to prosecute cases around the failure of or lack of internal controls. The clear import is that a company must have an appropriate compliance internal control regime in place. We are moving towards a strict liability standard under the FCPA around internal controls, which I will have much more to say about later but for now – you have been warned.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

February 25, 2015

Doing Less with Less and the Unification of Germany

Sqeezed Piggy BankI am attending the SCCE Utilities and Energy Conference in Houston this week. As usual, the SCCE has put on a great event for the compliance practitioner. This year there is live blogging by Kortney Nordum so there should be much about the conference up on the SCCE blogsite, this week and into the future. Lizza Catalano has put together a first rate program for compliance practitioners of many stripes. As an added benefit, SCCE Chief Executive Officer (CEO) Roy Snell has brought some cold weather down to Houston for the event for our late February enjoyment. While it was 80 on Saturday, today is was a balmy 36 courtesy of our Minnesotan guests.

As you might guess the current economic downturn is on everyone’s mind and a subject of much conversation. Last week I wrote a post about the depression of oil and gas prices in the energy space and some of the increased Foreign Corrupt Practices Act (FCPA) or other anti-corruption risks that might well arise from this economic downturn. Over the next couple of days, I want to explore how a Chief Compliance Officer (CCO) or compliance practitioner might think through responses to this increased compliance risk. Today I will focus on doing less with less. Tomorrow I will suggest some technological solutions.

I have been around long enough to see more than one of these economic events in the energy space. While not suggesting that we Texans never learn not to repeat our mistakes, they do seem to have a pattern. Prices drop precipitously, companies who are overstocked, over-leverage or generally over-panic; over-react and cut head count and spending dramatically to some level that is not based on rational economic analysis. Then they get some handle on where the numbers might be heading and the cuts start to flatten out and some type of equilibrium is reached.

Right now, in the energy space, we are in the cutting phase. That means loss of personnel (head count) and loss of resources even if it was calculated last year based on a summer or fall 2014 economic projection in your annual budgeting process. This means one thing you will need get for a quarter or two will be financial resources to place the personnel your compliance function may have lost. This means that you will have to figure out a way to accomplish more with fewer resources. While I often advocate that the compliance function can and should draw on other disciplines such as Human Resources (HR), IT, Internal Audit and Marketing for support; those functions have most probably been ‘right-sized’ as well so they may not be able to assist the compliance function as much they could have previously.

Now would be a very good time to put into practice what Dresser-Rand CCO Jan Farley often says, “Don’t sweat the small (compliance) stuff.” Farley often speaks about the need not to waste your scarce compliance resources on areas or matters that are low compliance risks. But to do this, you need to understand what are your highest compliance risks. Since you will not have additional resources to perform such an analysis, I would suggest now would be a very good time for you to assess your compliance program and your business model to see what are your highest risks. If you believe there are several, you can fprioritize them. This exercise will give you the basis to deliver your ever-scarcer compliance resources to your highest risk areas.

While I do not believe the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) will be sympathetic to some unsubstantiated claim along the lines of ‘I did my best with what I had’; they also made clear in the FCPA Guidance that “An effective compliance program promotes “an orga­nizational culture that encourages ethical conduct and a commitment to compliance with the law.” Such a program protects a company’s reputation, ensures investor value and confidence, reduces uncertainty in business transactions, and secures a company’s assets. A well-constructed, thought­fully implemented, and consistently enforced compliance and ethics program helps prevent, detect, remediate, and report misconduct, including FCPA violations.” (emphasis supplied)

So while the DOJ and SEC will not accept you bald-faced claims that our company simply did not have the money to spend on compliance, they will most-probably consider a compliance program where you have looked at your risks, in the context of this economic downturn, and delivered the compliance resources you do have to those risks. But the key is Document, Document, and Document your decision-making calculus and your implementation. (Stephen Martin would probably add here that if your annual spend on Yellow Post-It Notes is a factor of 10X your compliance spend, this approach would not be deemed credible.)

In her On work column in the Financial Times (FT), Lucy Kellaway wrote about this the concept of doing less with less for the corporate executive personally, in an article entitled, “No need to ‘lean in’ when laziness can be just as effective”. She cited to the Prussian General Helmuth von Moltke for “devising one of the world’s fist management matrices” when he assessed his officers on two scales: “clever v. dim and lazy v. energetic.” From this he came up with four permutations:

  • Dim and lazy – Good at executing orders.
  • Dim and energetic – Very dangerous, as they take the wrong decisions.
  • Clever and energetic – Excellent staff officers.
  • Clever and lazy – Top field commanders as they get results.

The point of Kellaway’s article has direct implications for the CCO or compliance practitioner currently facing an economic downturn, “It is only by being lazy that we become truly efficient, and come to see what is important and what is not.” Kellaway cautioned “the sort of laziness to encourage is not the slobbish variety that means you do bad work. That is not laziness: it is stupidity. Instead, we need the clever version that comes from knowing there is an opportunity cost to every minute we spend working, so we must use our time wisely.”

From the compliance perspective, this translates directly into using your compliance resources wisely. So whether you want to cite the Prussian general who unified Germany, columnist Kellaway, Dresser-Rand CCO Farley or this article’s theme of doing less with less, I would suggest to you there is a manner to maintain “A well-constructed, thought­fully implemented, and consistently enforced compliance and ethics program helps prevent, detect, remediate, and report misconduct, including FCPA violations” even in an economic downturn.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

 

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 5,197 other followers