FCPA Compliance and Ethics Blog

July 29, 2015

What Would Dr. Seuss Say about an Allowance?

What Pet Should I Get?Earlier this month we had the release of a second book by Harper Lee, “Go Set a Watchman”, which was miraculously discovered having been written some 50+ years ago. This week, there was another release from a (now deceased) author from a newly discovered source. I of course refer to the release yesterday of the new Dr. Seuss book “What Pet Should I Get?, published Random House, which informs today’s compliance lesson.

The book was discovered by Seuss’ widow, as noted in the Sunday New York Times (NYT) Book Review article, entitled “Dr. Seuss Book: Yes They Found it in a Box, when she decided to “have the rest of his notes and sketches appraised, that they closely examined the contents of that box. They found a set of brightly colored alphabet flash cards, some rough sketches titled “The Horse Museum,” and a manila folder marked “Noble Failures,” with whimsical drawings that he had been unable to find a place for in his stories. But alongside the orphaned sketches was a more complete project labeled “The Pet Shop,” 16 black-and-white illustrations, with text that he had typed on paper and taped to the drawings. The pages were stained and yellowed, but the story was all there, in Dr. Seuss’ unmistakable rollicking rhymes.” This finding became the book, What Pet Should I Get?

Reading this discovery made me ponder about how a child would pay for the pet they wanted and of course my thoughts turned to that age-old parenting quandary – the allowance. It is always a question of great interest for both parents and children. As with many things involving parent/child relationships, my views have evolved. As a teenager, I certainly had the view that an allowance was a God-given right and the more the better. I would only note that my parents did not share those views. As the father of a teenaged daughter, my views reached the much fuller expression of spoiling my daughter as often as possible. Which one is correct? I still do not have a final answer.

I thought about the ongoing debate and dialogue over the allowance when I read the Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC) against Mead Johnson Nutrition Company (Mead Johnson). The matter was resolved via SEC Administrative proceeding that concluded with a Cease and Desist Order being agreed to by the parties. Mead Johnson agreed to pay a fine of $12.3MM which consisted of profit disgorgement of $7.7MM, prejudgment interest of $1.26MM and a civil penalty of $3MM. Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit, said in a SEC Press Release, “Mead Johnson Nutrition’s lax internal control environment enabled its subsidiary to use off-the-books slush funds to pay doctors and other health care professionals in China to recommend its baby formula and give the company marketing access to mothers.”

The enforcement action turned on violations of the accounting provisions of the FCPA. This is where the ‘allowance’ issue comes into the discussion. According to the Cease and Desist Order, “certain employees of Mead Johnson China improperly compensated HCPs, who were foreign officials under the FCPA, to recommend Mead Johnson’s infant formula to, and to improperly provide contact information for, expectant and new mothers.” One of Mead Johnson’s sales channels in China was through distributors. To facilitate this illegal conduct, funding to the distributors, called the “Distributor Allowance”, was diverted to make illegal payments. The Cease and Desist Order stated, “Although the Distributor Allowance contractually belonged to the distributors, certain members of Mead Johnson China’s workforce exercised some control over how the money was spent, and certain Mead Johnson China employees provided specific guidance to distributors concerning the use of the funds. Mead Johnson China staff also maintained certain records related to Distributor Allowance expenditure by distributors. In addition, Mead Johnson China used some of the funds to reimburse Mead Johnson China’s sales personnel for a portion of their marketing and other expenditures on behalf of Mead Johnson China.”

This tactic was clearly a violation of the company’s books and records obligations under the FCPA. By doing so, Mead Johnson was able to hide its payments to doctors and health care providers (HCPs) from not only regulators but the company’s shareholders as well. As the Cease and Desist Order noted, the company’s “records were incomplete and did not reflect that a portion of Distributor Allowance was being used contrary to Mead Johnson’s policies.” Finally, the Cease and Desist Order concluded, “Up through 2013, certain Mead Johnson China employees made payments to HCPs using funds maintained by third parties. These funds and payments from the funds were not accurately reflected on Mead Johnson China’s books and records. The books and records of Mead Johnson China were consolidated into Mead Johnson’s books and records. As a result of the misconduct of Mead Johnson China, Mead Johnson failed to make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflected its transactions as required by Section 13(b)(2)(A) of the Exchange Act.”

However Mead Johnson did not stop with books and records violations. The Distributor Allowance manipulation allowed the China business unit to “improperly compensate HCPs was contrary to management’s authorization and Mead Johnson’s internal policies. Mead Johnson failed to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that Mead Johnson China’s funding of marketing and sales expenditures through third-party distributors was done in accordance with management’s authorization.” Once again the Cease and Desist Order concluded, “Up through 2013, Mead Johnson failed to devise and maintain an adequate system of internal accounting controls to ensure that Mead Johnson China’s method of funding marketing and sales expenditures through third-party distributors was not used for unauthorized purposes, such as improperly compensating Chinese HCPs to recommend Mead Johnson’s products. As a result of such failure, the improper payments to HCPs occurred contrary to management’s authorizations, in violation of Section 13(b)(2)(B) of the Exchange Act.”

In an interesting twist Mead Johnson, based on an allegation of potential FCPA violations in China, performed an internal investigation on its China unit in 2011 and came up with no evidence. Somewhat dryly the SEC noted that the company did not make any self-disclosure around these allegations and “did not thereafter promptly disclose the existence of this allegation in response to the Commission’s inquiry into this matter.”

Yet after a second internal investigation in 2013 they turned up evidence of FCPA violations, the company “undertook significant remedial measures including: termination of senior staff at Mead Johnson China; updating and enhancing financial accounting controls; significantly revising its compliance program; enhancing Mead Johnson’s compliance division, adding positions including a second senior-level position; establishing new business conduct controls and third party due-diligence procedures and contracts; establishing a unit in China that monitors compliance and controls in China on an on-going basis; and providing employees with a method to have immediate access the company’s policies and requirements.”

While there was no statement regarding self-disclosure, the company did cooperate extensively with the SEC after the company was called to task. The Cease and Desist Order noted, “Mead Johnson subsequently provided extensive and thorough cooperation. Mead Johnson voluntarily provided reports of its investigative findings; shared its analysis of documents and summaries of witness interviews; and responded to the Commission’s requests for documents and information and provided translations of key documents. These actions assisted the Commission staff in efficiently collecting valuable evidence, including information that may not have been otherwise available to the staff.”

There are several lessons to be learned from the Mead Johnson enforcement action. If it was not clear from the GlaxoSmithKline PLC (GSK) imbroglio in China in 2013-14, your internal investigation must be thorough. Performing an investigation, finding no FCPA violations only to have a regulator sitting on your shoulder and later finding such evidence is never good. The SEC also reaffirmed its clear intention to continue to enforce the accounting provisions of the FCPA, with or without a parallel Department of Justice (DOJ) enforcement action. Companies must also take heed on their internal controls. Clearly certain China business unit employees had developed a work-around of the compliance internal controls by requiring the distributors to use their allowances to pay bribes. Internal controls must not only exist but they must be effective. That means you have to test their effectiveness, not simply tick the box that you have put them in place.

Finally, and I think Dr. Seuss’ compliance lesson is that when you give out an allowance, while you may restrict some of its uses, you certainly should not direct where the money is spent. Every kid knows that if you are told where to spend your allowance, it is really not your allowance. Perhaps Mead Johnson would do well to remember that long lost lesson from childhood.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 16, 2015

Miss Marple Short Stories and SEC Enforcement of the FCPA, Part I

Miss Marple Short StoriesI am a huge Agatha Christie fan. I have read most of the Poriot novels and many of the Jane Marple novels as well. However, I was not aware of Christie’s work in the short story format until I recently read a volume entitled Miss Marple Short Stories. This volume included 13 short stories first published in 1932. In many ways reading them was like revisiting an old friend, who had new stories to tell me that I had not previously heard. So in honor of my love of Agatha Christie and her short stories, I will theme my blog posts this week around one of her original short stories, published as The Thirteen Problems.

The first story was called The Tuesday Night Club and introduced Miss Marple and her cast of characters around these stories. Each was asked to relate some mystery and the others would try and solve the mystery. As with most of Christie’s writing, there were the stories and the characters who were, in many ways, stories themselves so there was a double layer of intersection. In this story a wife died of poisoning and her husband was the prime suspect. However Miss Marple deduced that the couple’s longtime housekeeper who has gotten “into trouble” through a liaison with the husband had poisoned the wife in hope’s of marrying the now widow. The group around Miss Marple was astounded when her deduction was confirmed by the storyteller when he related the housekeeper’s own deathbed confession.

Just as many readers may not have focused on Agatha Christie’s work in the short story format, many Foreign Corrupt Practices Act (FCPA) practitioners tend to focus on Department of Justice (DOJ) FCPA enforcement actions. However, just as Christie aficionados who did not focus on her short stories, many FPCA compliance practitioners do not tend to focus on FCPA enforcement by the Securities and Exchange Commission (SEC). To help address this, over the next week I will discuss issues relating to SEC enforcements.

Today, I begin with reviewing some jurisdictional issues unique to the SEC; commonly referred to as the FCPA accounting provisions, they consist of the books and records provisions which, as set out in the FCPA Guidance, requires that “issuers must make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of an issuer’s assets and internal controls requirements.” Under the internal controls provisions, “issuers must devise and maintain a system of internal accounting controls sufficient to assure management’s control, authority, and responsibility over the firm’s assets.”

Perhaps the most interesting thing about the ‘accounting provisions’ under the FCPA as stated in the FCPA Guidance, is as follows: , “Although the accounting provisions were originally enacted as part of the FCPA, they do not apply only to bribery-related violations. Rather, the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail”. [emphasis supplied] This means there can be strict liability for stand alone violations of these provisions, with no ties back to the corrupt intent or elements of a FCPA violation are present.

Who is covered under SEC enforcement of the FCPA? 

The SEC prosecutes ‘issuers’ who are defined as a company “that has a class of securities registered pursuant to Section 12 of the Exchange Act or that is required to file annual or other period reports pursuant to Section 15(d) of the Exchange Act.” The SEC also enforces the FCPA against companies “whose securities trade on a national securities exchange in the United States, including foreign issuers with exchange traded American Depository Receipts” and trade in over-the counter markets. While the SEC does not bring enforcement actions against private companies, private companies are also subject to the FCPA, just as public companies for bribing a foreign government official, in violation of the FCPA.

Accounting Provisions

Consistent with the concern that bribe payments are often disguised as other types of payments in a company’s books and records, “requires issuers to “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.”” The “in reasonable detail” qualification was adopted by Congress “in light of the concern that such a standard, if unqualified, might connote a degree of exactitude and precision which is unrealistic.” The addition of this phrase was intended to make clear “that the issuer’s records should reflect transactions in conformity with accepted methods of recording economic events and effectively prevent off-the-books slush funds and payments of bribes.”

The Guidance goes on to give several examples of SEC enforcement actions of the books and record provisions where bribes were mischaracterized in a company’s books and records. Such examples include bribes paid out in the guise of commissions, royalties or consulting fees. Another prominent example includes reimbursement for sales and marketing or miscellaneous expenses where no such activity occurred. A favorite has been mischaracterized travel and entertainment expenses. Finally, a large group of often over-looked expenses include free goods for demonstration products, intercompany accounts, vendor payments and customer write-offs.

A key distinction of FCPA enforcement by the SEC from other types of accounting fraud is that there is no materiality requirement under the FCPA. Typically, internal audit, external audit or even forensic accounting, only review material transactions. Obviously for a large multi-national company subject to the FCPA, materiality could be millions of dollars or multiplies thereof. However we have seen FCPA enforcement actions with corrupt payments made in the low thousands of dollars.

Internal Controls Provisions

The FCPA says that internal controls requires issuers to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—

(i) transactions are executed in accordance with management’s general or specific authorization;

(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and

(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

As further explained in the FCPA Guidance, “the Act defines “reasonable assurances” as “such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.” Neither the FCPA nor the FCPA Guidance specifies a particular set of controls that companies are required to implement. However the FCPA Guidance does note, “the internal controls provision gives companies the flexibility to develop and maintain a system of controls that is appropriate to their particular needs and circumstances.”

Moreover, the FCPA Guidance recognizes that “An effective compliance program is a critical component of an issuer’s internal controls.” To do so, a company needs to access its risk and then design and implement a system of internal controls to “account the operational realities and risks attendant to the company’s business.” The FCPA Guidance suggests some of these areas should include “the nature of its products or services; how the products or services get to market; the nature of its work force; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption”. But the over-riding key is to assess your company’s FCPA compliance risks and set up a set of internal controls to help manage those risks effectively.

Other SEC Enforcement Areas Relating to FCPA Compliance 

In addition to the accounting provisions there are other laws and regulations that the SEC enforces and ties into FCPA enforcement. As noted in the FCPA Guidance, “Issuers have reporting obligations under Section 13(a) of the Exchange Act, which requires issuers to file an annual report that contains comprehensive information about the issuer. Failure to properly disclose material information about the issuer’s business, including material revenue, expenses, profits, assets, or liabilities related to bribery of foreign government officials, may give rise to anti-fraud and reporting violations under Sections 10(b) and 13(a) of the Exchange Act.”

There are also several sections under the Sarbanes-Oxley Act (SOX) that have FCPA implications. These include SOX §302 that requires the principle officers of a company “take responsibility for and certify the integrity of these company’s financial reports on a quarterly basis.” Under SOX §404 companies must present annually their conclusion “regarding the effectiveness of the company’s internal controls over accounting.” Finally, SOX §802 prohibits “altering, destroying, mutilating, concealing or falsifying records, documents or tangible objects” with the intent to obstruct or influence a federal investigation, such as the FCPA.

The remainder of this week I will tie another Miss Marple short story to another SEC FCPA enforcement issue. I hope that you will tune in for the next installment.

TexasBarToday_TopTen_Badge_Large

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 22, 2011

Internal Controls under the UK Bribery Act and FCPA

Although much is still unclear about the implementation date, or the manner in which the UK Bribery Act will be enforced, it is clear that one of the important compliance functions which a company should implement is appropriate internal controls. The previously released Consultative Guidance had the following language regarding internal controls, “Businesses should also consider how their existing internal company procedures can be used for bribery and corruption prevention. For example, financial and auditing controls, disciplinary procedures, performance appraisals, and selection criteria can act as an effective bribery deterrent.”

Internal controls are a key component of any best practices compliance program, whether based upon the Foreign Corrupt Practices Act (FCPA); OECD Good Practices or another local law. Appropriate controls are always needed for the reason that if a compliance program relies simply on the issuance of compliance policies, and on the honesty of a company’s employees, a company may get lucky and avoid a violation but a it will not have an effective compliance program.

Internal controls means more than simply financial and auditing controls. As noted by the UK Bribery Act Consultative Guidance, internal controls should also be applied to other areas of a company’s overall program. Internal controls can provide a check on employee training, certification and testing; issues related to employee performance, such as performance appraisals and disciplinary procedures; and third party due diligence and administrative procedures.

As recently as last week, yet another enforcement action was announced by the Securities and Exchange Commission (SEC) for violation of the books and records component of the FCPA. The SEC agreed to a settlement related to a finding that IBM’s internal controls were inadequate. Improper payments were made to South Korean officials and improper travel and entertainment was paid for Chinese officials. All the payments were by subsidiaries for which IBM was held responsible.

Within the FCPA, the requirements of the books and records provision requires that a company keep detailed books and records which fairly reflect the company’s transactions and disposition of assets. While many companies are familiar with external auditors, who consider materiality to financial statements when determining an audit scope and where the audit focus is the fairness of the presentation of financial statements in all material aspects. They are also experienced with audits for Sarbanes-Oxley (SOX) purposes, which allow exclusion of coverage for immaterial processes and locations and the focus is more directed to the avoidance of material misstatements in the financial statements. However, this materiality issue does not arise under the books and records provisions of the FCPA. Put another way – there is NO materiality consideration – either in the transaction amount or the size of the operations.

Effective controls generally mean that a company’s controls are designed to meet specific objectives. A company’s internal control system should include measures to ensure that controls are consistently and accurately performed. A company should maintain internal accounting controls which provide reasonable assurance that:

  • Transactions are properly authorized;
  • Transactions are accurately recorded;
  • Accountability for assets is maintained; and
  • Unauthorized access to assets is prevented.

It is important that a company assesses its internal accounting controls at regular intervals. This means that a company should compare the recordkeeping for assets to an inventory of the actual physical assets. If there are discrepancies, remedial action should be taken. Some examples of this can be physical inventory counts, fixed asset counts and cash reconciliation.

Last week’s SEC enforcement action against IBM drove home yet again the importance of adequate books and records in any FCPA compliance program. Internal controls are a key element in providing sufficient records. An overlooked part of the UK Bribery Act is that all companies subject to its rules and regulations must have an adequate internal controls program, encompassing areas much broader than adequate books and records. These areas should be assessed and remedial action taken to correct any deficiencies as  part of a company’s ongoing assessment and compliance program update.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Blog at WordPress.com.