FCPA Compliance and Ethics Blog

September 14, 2012

Ex-HP Managers Charged in Germany with Bribery – Will Failure to Self-Disclose Hurt?

As reported by Karin Matussek of Bloomberg News yesterday three former Hewlett-Packard (HP) managers were charged in Germany in a corruption investigation over improper payments made to win a €35 million ($45 million) sale of computers to Russia about nine years ago. One of the ex-managers charged is a Finnish woman. The other two are men, one American and one German. The German authorities started their probe back in 2009, after provincial tax authorities found, in a routine audit of an unrelated company, evidence of payments for which “real use could be established for some payments found in the accounts. The owner of that company was charged.”

HP’s subsidiary in Munich was subsequently investigated by German authorities, with the company’s offices being raided in December, 2009 and the company’s Moscow’s offices were searched in 2010. Matussek reported that German “Prosecutors asked the court to make Hewlett-Packard an associated party to the case.” She quoted Wolfgang Klein, spokesman for Saxony’s Chief Prosecutor’s Office, who told her that “If the court grants that request and the allegations are proved, Hewlett-Packard’s profits from the transaction may be seized”. The company itself said that it was fully cooperating with the authorities and a company spokesperson, Anette Nachbar, said in an email that HP “stresses that the company expects from employees and partners strict compliance of its business principles.”

The Bloomberg article reminded me about the underlying facts of the HP case and just how bad they were. On April 15, 2010, the Wall Street Journal (WSJ) reported that three middlemen were alleged to have paid invoices, using funds provided by HP, for equipment never purchased, to shell companies with bank accounts in Latvia, Lithuania, Austria, Switzerland and Belize. In return, the suspected middlemen allegedly received commissions totaling US$700,000, according to court documents. German authorities reported the investigation, which started in 2007, when a German tax auditor discovered bank records showing that between 2004 and 2006, a HP subsidiary paid €22 million into the account of ProSoft Krippner GmbH, a small computer-hardware company in Leipzig. The records indicated the payment was made for services performed in Moscow. It was the size of the payment to ProSoft that caught the tax auditor’s attention and he red-flagged the matter for transfer to a special prosecution team in Dresden who handle major corruption cases.
To top it all off, at least one witness has said that the above transaction was internally approved by HP through its then existing contract approval process. In the same WSJ article, Mr. Dieter Brunner, a bookkeeper who is a witness in the probe, said in an interview that he was surprised when, as a temporary employee of HP, he first saw an invoice from an agent in 2004. “It didn’t make sense,” there was no apparent reason for HP to pay such big sums to accounts controlled by small-businesses such as ProSoft Krippner. Mr. Brunner then proceeded to say he processed the transactions anyway because he was the most junior employee handling the file, “I assumed the deal was OK, because senior officials also signed off on the paperwork”.

Additionally, the New York Times (NYT), on April 16, 2010, reported that three former HP employees were arrested by German prosecutors back in December 2009, the same month police in Germany and Switzerland presented search warrants detailing allegations against 10 suspects. Although it was unclear from a WSJ article, on April 16, 2010, as to the time frame, whether in December 2009 or later, HP had retained counsel to work with prosecutors in their investigation. Apparently, since the Securities and Exchange Commission (SEC) only announced it had joined the investigation on or about April 15, HP had not self-disclosed the investigation or its allegations to either the US Department of Justice (DOJ) or SEC.

However, as bad as the facts appear to be based upon these reports, the position taken by HP not to self-disclose to the DOJ would seem to be equally questionable. Amazingly, HP did not self-disclose any of the above facts before or even after the raid on its German offices to the DOJ. Maybe HP thought a $10MM bribe and a dawn raid in Europe were “not material” due to its size. Whatever the reason that HP failed to self-disclose, it will be interesting to see the effect, if any on its failure to self-disclose. Perhaps the NYU Law School professors might analyze that enforcement action.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2012

September 13, 2012

Sometimes No Evidence is Meaningless: Voluntary Disclosure under the FCPA

The Foreign Corrupt Practices Act (FCPA) world went crazy last week with headlines along the lines of “No credit for self-reporting”; “No credit for cooperation”; and “Voluntary disclosure doesn’t change penalties”. All of these pronouncements were based upon a draft study done by Professors from the New York University School of Law (NYU School of Law) in an attempt to provide an answer. As reported by Sam Rubenfeld in Corruption Currents, in an article entitled “Study Says Voluntary Disclosure Doesn’t Change FCPA Penalties”, the study, which examines US anti-bribery enforcement actions from 2004 through 2011, found no evidence that voluntary disclosure of wrongdoing results in lesser penalties. He also quoted one of the study’s co-authors Kevin E. Davis, a Vice Dean at NYU School of Law, who said in an email, “We cannot rule out the possibility that voluntary disclosure does result in some form of leniency”.

However, if one reads the study by Davis and Stephen Choi, entitled “Foreign Affairs and Enforcement of the Foreign Corrupt Practices Act”, it becomes clear that the purpose of the study was to test “the extent to which four broad theories explain the recent pattern of enforcement of the FCPA.” Using a dataset of FCPA cases resolved from 2004 to 2011, the inquiry revolved around the extent to which these four theories explain variations in the treatment of actors who violate the FCPA.

I.                    Proportionality Theory

The first theory is described by the authors as the “most consistent with the text of the relevant legislation, guidelines and international conventions.” Not surprising given its names, this theory “suggests that differences in treatment of defendants will depend entirely on differences in their moral culpability. This may reflect the idea that the purpose of the FCPA is to make a statement that bribery is equally immoral regardless of where it takes place. Alternatively, proportionality may reflect an attempt to apply deterrence optimally (at least in a rough sense), imposing greater sanctions on more egregious and extensive harms all other things being equal (such as detection probability).” Interestingly, and I find somewhat unpersuasively, the authors believe that the Proportionality Theory contrasts with the three other theories because the Proportionality Theory “is inherently parochial because it suggests that patterns of enforcement will not be affected by foreign policy considerations or the presence (or absence) of foreign regulators.”

II.                 Altruism Theory

The second theory suggests that FCPA enforcement is influenced by foreign policy considerations. The authors believe that the Altruism Theorysuggests that the FCPA will be enforced with a view to the interests of foreign actors, with U.S. enforcement making up for the shortcomings of foreign states that are not capable of regulating transnational activity on their own. On this account, differences in treatment of defendants might be explained by the needs or institutional capacity of the country whose official has been bribed.”

III.               Self-Interest Theory

This third theory suggests that US enforcement will tend to promote the interests of the US. This implies that factors such as the nationality of the defendant and the extent to which the misconduct prejudiced US firms ought to be taken into account.

IV.               Coordination Theory

The fourth theory suggests that US officials’ enforcement decisions will be influenced by the actions of foreign regulators, such as those at the UK Serious Fraud Office (SFO) or the German prosecutors in the Siemens case. The authors posit that these overseas regulators might “complement U.S. enforcement actions by helping to gather evidence. Alternatively, foreign regulators might impose sanctions that serve as substitutes for U.S. enforcement.”

So what did the authors conclude? First, they found “support for the hypothesis that Proportionality drives the SEC [Securities and Exchange Commission] and DOJ [Department of Justice] in specific cases. Once a case is filed, the sanction imposed in a FCPA action increases with the size of the bribe, the profit related to the bribe, and the amount of business affected by the bribe. The sanction also increases with measures of the extensiveness of the FCPA violation, including, in particular, whether a subsidiary is sufficiently involved to face separate FCPA charges.” Second, the authors found “mixed support for our Altruism theory. Sanctions in individual FCPA actions do not vary with the underlying economic development, as measured by GNI [Gross National Income] per capita, or strength of legal institutions, as measured by World Bank rule of law scores. In contrast, Altruism does appear important in how the DOJ and SEC distribute sanctions among violation countries.” Third, the authors found “mixed evidence that Self-Interest motivates the SEC and DOJ. The SEC and DOJ impose greater sanctions, all other things being equal, on foreign companies.” Finally, for the fourth theory the authors found there is “mixed evidence on the Coordination theory. At the level of individual FCPA actions, we find that the activity of a foreign regulator (both an investigation as well as a sanction) correlates with significantly higher and not lower sanctions.”

The authors ultimately found “evidence that the magnitude of sanctions imposed on defendant companies in FCPA actions depends not only on what they did but where they are from and where they committed their violations.” Personally I do not see such a finding as unreasonable, unwarranted or even surprising. FCPA prosecutions are based upon the US Sentencing Guidelines and the DOJ has, for some time, set out the formulas under which it determines a range of proposed fines and penalties. This range is certainly influenced by self-disclosure as it is one of the listed factors for determining the range. However, it is only one of many factors and it is possible to see the reduction in any number of recent Deferred Prosecution Agreements (DPAs). So quoting from the BizJet DPA is the following:

(g)(1)   The organization, prior to imminent threat of disclosure or government investigation and within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct

This is not a DOJ guideline but was derived by the US Sentencing Guidelines, which are promulgated by the US Sentencing Commission and passed upon by Congress. Do I wish there was a specific line item for early, self-disclosure; you bet I do but there is not. Self-disclosure is lumped in with cooperation, recognition of responsibility for criminal conduct. How much is self-disclosure worth? It could be 25% or not, there is simply no way to know with the current system, under which the DOJ is mandated to operate. Conversely, will your company be penalized if they do not self-disclosure? Once again there is no way to know. So sometimes no evidence has meaning and sometimes it does not.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

January 4, 2012

From Whistleblower to RICO Claimant

The holiday season is past and many of us have returned to work. However, if you are a Chief Compliance Officer (CCO) there is a gift that you may wish to give yourself, it is “The Whistleblower’s Handbook – A Step-by-Step Guide to Doing What’s Right and Protecting Yourself” authored by Stephen Martin Kohn, Executive Director of the National Whistleblowers Center. I do not suggest that CCO’s purchase this volume for their own protection, although the former Chief Executive Officer (CEO) of Olympus might have been able to use it before he was fired by the Olympus Board last October. No, I suggest that CCOs purchase this because many others in your company may well do so and it is the best single volume collection of all laws, rights and obligations related to whistle-blowing that I have come across.

I thought about Kohn’s book when I came across a couple of whistleblower related items last month. The first one was an article in the December 28, 2011 edition of the Wall Street Journal (WSJ), entitled “Internal BNY Mellon Documents Show Panicby Jean Eaglesham and Michael Siconolfi. In the article they report on some of the emails and other documentary evidence that whistleblower Grant Wilson was able to obtain during the two year period that he was operating “as a government informant” while employed by Bank of New York Mellon (BNY). The WSJ obtained this evidence through an open-records request. Wilson was part of a group which brought a series of whistleblower lawsuits against BNY, which have led to several states, and the Manhattan US attorney, filing civil suits against BNY. Eaglesham and Siconolfi also reported that “the bank’s [BNY] foreign-exchange traders grew concerned about a leaker” and in an earlier WSJ article, entitled “Secret Informant Surfaces in BNY Currency Probe”, reporter Carrick Mollenkamp stated “BNY Mellon sought to discover the insider’s identity and to fight the lawsuits.”

I quote that final line because of a December 15, 2011 Court of Appeals decision from the Seventh Circuit Court of Appeals, styled “DeGuelle v. Camilli et al”, which is a whistleblower retaliation claim. As reported by Richard Renner, in an article entitled “Major Victory for Whistleblowers in Seventh Circuit Says Retaliation is a RICO Violation, in the Whistleblowers Protection Blog, the Court of Appeals found valid a claim for damages under the Racketeer Influenced and Corrupt Organizations Act (RICO) for the retaliation against a whistleblower who provides information about corporate fraud to law enforcement officers under Sarbanes-Oxley Act (SOX).  SOX itself makes it a felony to retaliate against whistleblowers who bring forward such information.

The SOX provision in question states that Congress made it a crime to:

“knowingly, with intent to retaliate, take[] any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense[.]” 18 U.S.C. 1513(e).

The novelty and significance of the Seventh Circuit decision is that it held “When an employer retaliates against an employee, there is always an underlying motivation. In this case, for example, the motivation was to retaliate against DeGuelle for disclosing the tax scheme. Retaliatory acts are inherently connected to the underlying wrongdoing exposed by the whistleblower.”

This means that any company which terminates or in any other way retaliates against a whistleblower may have engaged in a violation of RICO, which itself is a criminal statute. This becomes relevant to Foreign Corrupt Practices Act (FCPA) whistleblowers through the Dodd-Frank Whistleblowers provision. In excerpts from the final Securities and Exchanges Commission (SEC) comments, they stated “Employees who report internally in this manner will have anti-retaliation employment protection to the extent provided for by Section 21F(h)(1)(A)(iii) of the Exchange Act, which incorporates the broad anti-retaliation protections of Sarbanes-Oxley Section 806, see 18 U.S.C. 1514A(b)(2).” In other words, if a person reports internally to a company or externally to the SEC of a FCPA violation and there is retaliation against that person, a RICO claim may arise.

Ladies and Gentlemen, this is scary stuff so your company had better be ready and have a robust investigative protocol in place when an internal report is made. And train, train, train and really, really, really mean it when your company says that it will not retaliate against an employee for making an allegation of a FCPA violation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

May 5, 2011

Buffet, Sokol and Reporting to the SEC

In the post on Tuesday we wrote and discussed several points about Warren Buffet, Berkshire Hathaway and David Sokol. One of the issues was disclosure to the Securities and Exchange Commission (SEC) of any possible securities violations. Another issue was the support provided by Warren Buffet at the time of the resignation of David Sokol in March. Writing in the DealB%K column of the New York Times on May 2, Andrew Ross Sorkin, said that one of Warren Buffet’s mantras is “Lose money for the firm and I will be understanding; lose a shred of reputation for the firm and I will be ruthless.”

The public support given by Buffet to Sokol after his resignation certainly appeared at odds with this mantra. As quoted in the Wall Street Journal, when company executive David Sokol resigned on March 30, Buffet said that he thought Sokol’s actions were not “in any way unlawful” when Sokol purchased stock in a company, Lubrizol, that he later recommended his employer, Berkshire-Hathaway, purchase. However, is his article, Sorkin said that he had come to another understanding. Sorkin quoted an unnamed friend of Buffet who said, “Warren knew that the second that press release hit the wires, Sokol’s professional career was over…If you worked at Berkshire-Hathaway, you got the message loud and clear.”

It may still seem that Buffet’s public pronouncement of support is inconsistent with the stated ‘understanding’ of Berkshire-Hathaway employees. Indeed Buffet’s partner Charlie Munger said, “I think we can concede that that press release was not the cleverest press release in the history of the world.” He went on to say “The facts were complicated, and we didn’t foresee appropriately the natural reaction.” One might suppose the natural reaction to which Munger is referring is that if you publicly support an ex-employee, it is not a sign of criticism.

Tempering all of this, as reported by Sorkin, is that even when making this public pronouncement of support, Buffet was notifying the SEC about Sokol’s conduct. Sorkin reported that “the day he issued the release, Berkshire called the Securities and Exchange Commission and briefed them on Mr. Sokol’s trades, which Mr. Buffett described to me as “pretty damning evidence.” “Calling the head of the enforcement division of the S.E.C. and laying out a pattern of trading that you know is going to result in something — Dave [Sokol] probably thought it was pretty harsh,” Mr. Buffett told me. The SEC. is now investigating the matter, people briefed on the inquiry said. In a statement after the Berkshire meeting, a lawyer for Mr. Sokol issued a statement, saying “the stock trades did not violate the law or Berkshire policy.”

Sorkin also reported that “As for Berkshire’s compliance programs, which are not nearly as tough as those at most investment firms, Mr. Buffett clearly believes that he must run his company based on a modicum of trust. “We can have all the records in the world and if somebody wants to trade outside them or something, you know, they’re not going to tell us they’re trading in their cousin’s name,” Mr. Buffett said. Mr. Munger added. “I think your best compliance cultures are the ones which have this attitude of trust and some of the ones with the biggest compliance departments, like Wall Street, have the most scandals.”

We certainly applaud the fact that Buffet timely notified the SEC. However, to publicly praise someone for conduct which may have violated securities law and led to that employee’s resignation and expect such praise to send a signal of reproach still leaves us, as it did initially with Andrew Ross Sorkin, “scratching my head about his reaction.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 12, 2011

Johnson & Johnson DPA-Part II: Compliance Program Best Practices

Yesterday we reviewed the background facts of the Johnson & Johnson (J&J) Deferred Prosecution Agreement (DPA) and the issue of self-reporting. In this posting we will review some of specific compliance program best practices which Johnson & Johnson agreed to implement.

I. Attachment C

As with other DPA’s entered into by the Department of Justice (DOJ) since, at least, last summer, Attachment C to the DPA sets out the minimum best practice Foreign Corrupt Practices Act (FCPA) compliance program. Attachment C lists nine factors, set out below, which Johnson & Johnson agreed to implement or modify their existing compliance program:

1. A clearly articulated corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable counterparts (collectively, the “anticorruption laws”).

2. Promulgation of compliance standards and procedures designed to reduce the prospect of violations of the anticorruption laws and J&J’s compliance code. These standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties acting on behalf of J&J in a foreign jurisdiction, including but not limited to, agents, consultants, representatives, distributors, teaming partners, and joint venture partners (collectively, “agents and business partners”);

3. The assignment of responsibility to one or more senior corporate executives of J&J for the implementation and oversight of compliance with policies, standards, and procedures regarding the anticorruption laws. Such corporate official(s) shall have the authority to report matters directly to J&J’s Board of Directors or any appropriate committee of the Board of Directors;

4. Mechanisms designed to ensure that the policies, standards, and procedures of J&J regarding the anticorruption laws are effectively communicated to all directors, officers, employees, and, where appropriate, agents and business partners. These mechanisms shall include: (a) periodic training for all directors, officers, and employees, and, where necessary and appropriate, agents and business partners; and (b) annual certifications by all such directors, officers, and employees, and, where necessary and appropriate, agents, and business partners, certifying compliance with the training requirements;

5. An effective system for reporting suspected criminal conduct and/or violations of the compliance policies, standards, and procedures regarding the anticorruption laws for directors, officers, employees, and, where necessary and appropriate, agents and business partners;

6. Appropriate disciplinary procedures to address, among other things, violations of the anticorruption laws and J&J’s compliance code by J&J’s directors, officers, and employees;

7. Appropriate due diligence requirements pertaining to the retention and oversight of agents and business partners;

8. Standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anti-corruption representations and undertakings relating to compliance with the anti-corruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anticorruption laws, and regulations or representations and undertakings related to such matters; and

9. Periodic testing of the compliance code, standards, and procedures designed to evaluate their effectiveness in detecting and reducing violations of anticorruption laws and J&J’s compliance code.

II.     Attachment D-Enhanced Compliance Obligations

The nine points will not be unfamiliar to the FCPA compliance practitioner. These points are recognized to be in most ‘good to best’ compliance programs. However, the Johnson &  Johnson DPA goes much further by adding an Attachment D, entitled “Enhanced Compliance Obligations” which is designed to be in addition to, and to build upon, the commitments made by Johnson & Johnson in Attachment C. These enhanced obligations include the following:

  1. Compliance Department – A senior executive will serve as the Chief Compliance Officer (CCO) and shall report to the Audit Committee of the Board. There shall be heads of compliance within each business sector and corporate function. There shall be a Global Compliance Leadership Team which reports to the CCO.
  2. Gifts, Hospitality and Travel – Gifts are limited to those in “modest” value and appropriate under the circumstances. Hospitality and travel is limited to reasonably priced meals, accommodations and incidental expenses and should be a part of education programs, training, business meetings or conferences. Hospitality and travel are limited to the officials not others.
  3. Complaints and Reports – In addition to maintaining a mechanism for making reports, the company shall create a “Sensitive Issue Triage Committee” to review and respond to any such FCPA issues as may arise.
  4. Risk Assessments and Audits – The company will conduct risk assessment in markets where it has customers who are foreign governments. The company will annually conduct FCPA audits for a minimum of five operating companies who are in high risk markets and after the initial audit every three years for any such operating entity. These audits shall include, at a minimum: (1) onsite visits by auditors and where appropriate legal and compliance personnel; (2) review of payments to health care providers; (3) creation of action plans from these audits; and (4) review of the books and records of distributors and agents.
  5. Acquisitions – To the extent possible, conduct a pre-acquisition FCPA audit of any acquisition target and after acquisition a full FCPA audit within 18 months and training of all relevant personnel and business representatives within one year of acquisition.
  6. Relationships with Third Parties – The company shall conduct a thorough due diligence of all third party representatives including: (1) a review of the qualifications and business reputation of the third party; (2) written rationale for the use of the third party; and (3) a review of the FCPA risk areas. Due diligence is to be conducted by a local business and compliance representative and elevated for review if Red Flags appear or as appropriate. Contracts with such third parties are to include appropriate FCPA compliance terms and conditions including; (i) representatives and undertakings of the third party to compliance; (ii) right to audit; and (iii) right to terminate.
  7. Training – Annual training to all directors, officers and employees who could “present corruption risk” to the company. The company shall provide enhanced and more in-depth training to those involved in company sponsored FCPA audits or those on the company acquisition team. Last, the company shall provide training to “relevant third parties acting on the companies behalf” at least every three years.
  8. Annual Certifications – The company shall implement a system of certifications from “each of J&J’s corporate-level functions, divisions, and business units in each foreign country confirming that their local standard operating procedures adequately implement J&J’s anticorruption policies and procedures, including training requirements, and that they are not aware of any FCPA or other corruption issues that have not already been reported to corporate compliance.”

This Attachment D “Enhanced Compliance Obligations” is an excellent road map for the FCPA practitioner in which to establish, enhance, or simply review a FCPA compliance program. The Johnson & Johnson DPA demonstrates that a company’s commitment to ongoing FCPA remediation and program enhancement will help it reduce its overall FCPA liability in a case with facts as bad as those presented in this matter. We commend the DOJ for presenting such detailed information for those in the compliance field and hope that they will learn from the lessons of Johnson & Johnson.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

April 11, 2011

Johnson & Johnson DPA-Part I: Self-Disclosure Reduces Fine

On April 8, 2011, the Wall Street Journal (WSJ) reported that Johnson & Johnson settled certain charges related to violations of the Foreign Corrupt Practices Act (FCPA) with the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). The settlement was in the mechanism of a Deferred Prosecution Agreement (DPA). Over the next two postings we will be reviewing this DPA and its implications for the FCPA compliance practitioner. In this posting we will review the allegations of criminal misconduct and the issue of self-reporting. In the second posting we will review some of specific compliance program best practices which Johnson & Johnson agreed to implement.

The FCPA Blog reported that the company agreed to “pay a $21.4 million penalty to resolve criminal FCPA charges with the DOJ and $48.6 million in disgorgement and prejudgment interest to settle the SEC’s civil charges.” Additionally, as reported in the FCPA Blog, [the Johnson & Johnson subsidiary] “DePuy International Limited settled corruption charges brought by the Serious Fraud Office [in the United Kingdom]. The company was ordered by the High Court to pay £4.8 million in a civil recovery action.” So for those of you keeping score at home, Johnson & Johnson agreed to pay fines and penalties in the total amount of $77 million. For those of you scoring through the FCPA Blog, this settlement vaults the company to the FCPA Blog’s vaunted Top Ten FCPA settlements of all-time list, displacing ABB Ltd., at Number 10.

The DPA between Johnson & Johnson and the DOJ is very instructive for all FCPA practitioners and provides a wealth of information on not only the specific facts of the case, but information on what the DOJ is currently viewing as the best practices of a FCPA compliance program and conduct which Johnson & Johnson engaged in during the investigative process which led to a dramatic reduction in the overall fine and penalty assessed against the company.

I. The Allegations

As reported in the New York Times, Johnson & Johnson had engaged in a wide ranging effort to bribe doctors in Greece through “an elaborate scheme to pay about 20 percent of the price of the company’s devices to Greek surgeons.” The Times article went on to report that “The company also paid bribes to Polish doctors and administrators who served on hospital committees that made purchasing decisions for medical equipment. Some of the bribes included paying for travel arrangements for doctors to attend medical conferences, a common practice throughout the industry. The company also bribed doctors in Romania who prescribed the company’s drugs. The Times article reported that Robert Khuzami, director of the SEC’s division of enforcement, said that the company had attempted to hide these illegal transactions “using sham contracts, off-shore companies and slush funds to cover its tracks.”

In addition to these admissions of FCPA violations, Johnson & Johnson also admitted in its DPA that it had paid kickbacks to the Iraqi regime of Saddam Hussein under a United Nations oil-for-food program. These kickbacks were in the form of price overcharging and then remitting this overcharge back to the (then) Iraqi government.

II. To Self Disclose or Not Self-Disclose-It Should No Longer Be a Question

The question often arises as to whether a company should self-disclose to the DOJ or not. Over the past couple of years this has been a significant debate in the FCPA world. This debate arose long before the Dodd-Frank Whistle-Blower legislation so we will leave the discussion on the implications of that issue for another day. Over the past couple of years, we have seen companies take different approaches to self-disclosure. For instance Avon self-disclosed shortly after it received an internal whistle-blower report of alleged FPCA violations in its China operations. Hewlett-Packard (HP) apparently did not self-disclose to the DOJ or SEC any alleged possible FCPA violations emanating from its German subsidiary and those agencies did not publicly announce they were investigation HP for FCPA violations until after the WSJ broke the story.

FCPA practitioners have repeatedly asked the DOJ for specific guidance as to what will be the tangible results of self-disclosure. In the Johnson & Johnson DPA this question is clearly answered. Listed under the section “Relevant Considerations” one of the reasons the DOJ entered into the DPA is the following:

  1. J&J voluntarily and timely disclosed the majority of the misconduct described in the [Criminal] Information and Statement of Facts;

So the self-disclosure was one of the reasons that the DOJ entered into the DPA, however, and perhaps more importantly, the self-disclosure brought to Johnson & Johnson a monetary benefit with a tangible reduction in its overall fine and penalty. The DPA reported a reduction by 5 points of the company’s overall Culpability Score with the following:

(g)(1) The organization, prior to an imminent threat of disclosure or government investigation, within a reasonably prompt time after becoming aware of the offense, reported the offense, fully cooperated, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct;  -5

It is not possible to determine from the DPA how much of the reduction was attributable to the self-disclosure and how much was attributed to the conduct thereafter. However, this precise language makes clear that the DOJ places a real value on such self-disclosures and companies should take this as a clear sign that, at the end of the day, it will be better for them to self-disclose.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

February 8, 2011

Disclosure and Negotiating with the Government – A FCPA Conundrum?-Part II

In yesterday’s blog we explored the question of whether a company should self-report a potential FCPA violation to the pertinent US governmental authorities. Today, conclude our two-part series by exploring three issues: (1) What should you disclose; (2) How/When Should you Disclose; and (3) Negotiating the Final Settlement with the Government.

What should you disclose?

Once a company makes a decision to self-report, the next question is what to disclose. The clear weight of advice on this point is that a company should disclose all information about the problem because credibility of your company is on the line. If you underplay the facts it may do more damage in the long run. A company needs to be prepared to explain why the problem arose, what systems worked well or failed and what corrective actions were taken. In other words, what did your company do to prevent the violative conduct, and if such conduct occurred, how was it detected and what did your company do to deter a similar occurrence in the future?

In preparing your company’s self-disclosure, there will be several detailed issues which the DOJ and/or SEC will want some answers to. These include:

  • How was the conduct discovered?
  • How long have you known?
  • Who was or is involved? Are they still employed?
  • What was the bribe amount and intended benefit?
  • When did the conduct occur?
  • How were the payments made?
  • How has the relevant evidence been secured?
  • Have you looked for all related conduct?
  • Has the Board/Audit committee been notified?
    • Was corrective action taken or is it planned?
    • Are local prosecutors involved?

The DOJ and SEC will expect not only full cooperation during the investigation phase but also full communications. This will include briefings on interviews, updates on email findings/document review and presentation of forensic accounting findings. Also during this entire investigation phase, your company should be remediating the specific issue and implementing and updating their compliance program and internal controls. A company will also have to make a decision on how (and when) to deal with the employees involved in the conduct at issue. You should place any employees involved on paid-administrative leave and at some point, you will need to make the decision on whether to terminate the employees from employment with your company. This final step needs to be considered carefully as it may end all cooperation by those employees.

How/When to Disclose?

After your company has made the decision to self-report, you will need to consider how and when to report. Initially a company should simultaneously self-disclose to both the DOJ and SEC or other applicable agency. There is no advantage to disclosing to only one as both the DOJ and SEC share such information quite quickly. Perhaps a more difficult question is how much investigation to do before disclosure. Once again, Lanny Breuer has suggested that “[a] corporation should seriously consider seeking the government’s input on the front end of its internal investigation.”  This allows the DOJ to focus on issues it may see as more important than the company does. Such an example could be if the DOJ has an ongoing, unannounced investigation regarding a certain country and the self-disclosing company has agents in that country, the DOJ may want information on those agents. This could be even if the conduct at issue took place in different part of the world.

The final, and perhaps most difficult, question would appear to be the following: if and when to disclose to a foreign government. A foreign government may react quickly by arresting company officers in its country or take other actions which may seem inconsistent with US judicial proceedings. However, the DOJ has made it clear that it is increasingly cooperating with foreign governments in the fight against corruption so the DOJ itself may put the foreign government on notice.

Negotiating the Settlement

The initial starting point when negotiating a FCPA settlement is that you should retain a former federal prosecutor to lead your negotiating team. Do not have a civil litigation attorney lead this effort. This is because prosecutorial discretion governs the entire process and to understand the ins, outs and implications, your company needs someone who has been through the process from the government’s prospective. Some of this prosecutorial discretion includes whether to prosecute, who to prosecute and what conduct to prosecute.

After these decisions have been made an equally important set of decisions is up next for consideration. These involve the form of the Resolution; will it be a Deferred Prosecution Agreement (DPA); a Non-Prosecution Agreement (NPA), or best yet-a declination for the DOJ. In negotiating with the SEC there will be issues around whether the company will enter into Consent Decree or the SEC will seek and/or obtain a Permanent Injunction.

The next area for discussion will be that of penalties. The first decision will probably be whether or not individuals in the company are to receive any criminal sanctions and if this decision is in the affirmative, it will certainly have implications for the company. Next will be the penalties, both from the DOJ and SEC, these can be fines, monetary penalties and profit disgorgement; all of which can add up to hundreds of millions of dollars.

Finally will be the decisions regarding post-resolution obligations and the time line for resolution of said obligations. Will an external monitor be involved and if so what will be the terms and conditions of the monitorship? Will your company have to create, enhance or implement a best practices compliance policy or a portion thereof, to remediate the conduct at issue? Will there be an increase in your company’s compliance staff; will there be a Board mandate, with separate guaranteed funding for compliance issues and initiatives? Finally, how, and at what interval, will your company report its progress to the DOJ and SEC?

The FCPA investigation road can be a long and rocky one. Unfortunately there is no one path that a company can or should follow; each step must be considered, under the facts and circumstances of the company involved. There does appear to be one step that all agree upon and that is that your company must give the DOJ and SEC its full cooperation after an investigation commences, whether through self-disclosure, whistleblowing or other mechanisms.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

February 7, 2011

Disclosure and Negotiating with the Government – A FCPA Conundrum?-Part I

All compliance programs are designed to prevent, detect and deter ethical violations. In the United States, they are also designed to bring companies into compliance with the Foreign Corrupt Practices Act (FCPA). However, as important as these programs are, it is equally important for a company to deal with any alleged FCPA violations which may arise. The disclosure to and negotiating with the appropriate US governmental agencies charged with enforcement of the FCPA is as critical task which a General Counsel or Chief Compliance Officer may face. Over the next two posting, we will discuss this topic and give some guidelines which a company may consider if such an eventuality occurs. This post will discuss the issue of whether or not a company should self-report a potential or actual FCPA violation. In our next post, we will continue this discussion by focusing the process after self-disclosure.

The question which sits at the forefront is whether to self-report to the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) thereafter. Unfortunately there is no easy answer to this question and to make this decision will require a thorough and thoughtful analysis and perhaps some deep soul searching by any company which uncovers or is made aware of a potential FCPA violation. This article will explore this issue.

The Issue

The initial question of whether or not to self-report came up in 2010 in two of the major FCPA investigations. The first was Avon, which self-reported some three months after initial notification via an internal company whistleblower, the second, in contrast, was HP, where both the DOJ and SEC announced investigations after a story appeared in the Wall Street Journal detailing the allegations and reported on an investigation by German authorities.

Moreover, many companies wonder if, at the end of the day, they will be better off in terms of potential fines and penalties by self- reporting. Lanny Breuer, Assistant Attorney General for the Criminal Division of the US Department of Justice, has made clear, in several speeches over then the past year, that the DOJ prefers a ‘call first’ approach and that such an approach will be taken into account under the US Sentencing Guidelines.

Conversely, then law student (and now graduate), Bruce Hinchey discussed this issue in an upcoming publication “Punishing the Penitent: Disproportionate Fines in Recent FCPA Enforcements and Suggested Improvements”, which analyzes differences between bribes paid and penalties levied against companies that do and do not self-disclose under the FCPA. Using a regression analysis, Hinchey concluded that those companies which did voluntarily self-disclose paid higher fines than companies which did not self-disclosure their FCPA violations to the DOJ. He concluded by noting that this evidence was contrary to the conventional wisdom that a company receives a benefit from self-disclosure and such evidence would ”raise questions about whether current FCPA enforcement is fundamentally fair”.

To Disclose or Not to Disclose

While initially noting that there is no legal requirement or obligation to self-report, a company has to answer several questions in making this initial decision. Lanny Breuer has articulated the DOJ’s ‘call first’ policy. The DOJ (and SEC) consistently tout the benefits to self-disclosure, even if Mr. Hinchey’s research does not bear this out. Further there may be tangible benefits such as credit available under the US Sentencing Guidelines. Other factors for consideration may be a company’s reporting obligations as a public company or obligations to other third parties such as disclosure during M&A due diligence, and lastly, and one which may become increasing problematic, is the risk of disclosure by a third party. Leaving the Wikileaks phenomena aside, the Dodd-Frank Act provides a financial incentive for persons who report securities violations to the SEC. Violations under the FCPA would fall within this provision so there may be a real risk that a company could be ‘outted’ by someone inside or outside the company.

As a part of a company’s decision making calculus on disclosure, there may be quite good reasons for not disclosing a potential FCPA violation to the DOJ or SEC. The initial threshold is that it may be unclear if the conduct violates the FCPA. Further, based upon the Hinchey article, or simply anecdotal information, some may feel that a company may be in the same position whether or not it discloses. Here they may cite to the Siemens example, where the company did not self-disclose but fully cooperated with the Government after its corruption and bribery issue became known. This also may be the situation with HP as noted above. Additional concerns include the possibility that self-disclosure may lengthen the investigation process; make it very costly and that the company may well lose control of the process.

From a legal perspective is the potential waiver of the attorney client privilege. Jim McGrath has written that if a company self-discloses and involves the government in the investigation process from the outset, its hand is tipped and there can be no assertion of attorney-client privilege and the work-product doctrine protection in subsequent reviews or in litigation. In addition, and once DOJ is involved, its knowledge of Company X’s alleged problem becomes part of the public domain and subject to disclosure to the investing public on a schedule of the government’s own making. This could also increase the possibility of civil litigation as was demonstrated in the SciClone matter from the summer of 2010. Along these same lines, some believe that even if the DOJ or SEC provides more lenient treatment, other investigating agencies, whether federal or state, may not.

Lastly and perhaps most sadly, is what I will call the Bunker mentality. It is more than just putting your head in the sand and engaging in conscious avoidance by hoping that the conduct at issue is never discovered. It is making a business decision that the cost of an investigation is so high and the risk of doing nothing is so much less costly, that some company’s believe they should ‘Bunker Down’ until they are caught to sort it all out then.

More tomorrow…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Blog at WordPress.com.