FCPA Compliance and Ethics Blog

September 26, 2012

Tyco International – The Importance of the Books and Records under the FCPA

On Monday, the Securities and Exchange Commission (SEC) and Department of Justice (DOJ) announced settlement with Tyco International (Tyco) for books and records violation of the Foreign Corrupt Practices Act (FCPA). Tyco agreed to a fine of $26MM for “at least twelve different, post-injunction illicit payment schemes occurring at Tyco subsidiaries across the globe. The schemes frequently entailed illicit payments to foreign officials that were inaccurately recorded so as to conceal the nature of the payments” and failure “to devise and maintain internal controls sufficient to provide reasonable assurances that all transactions were properly recorded in the company’s books, records, and accounts”. $10,564,992 of the fine was paid in disgorgement and an additional $2,566,517 in prejudgment interest was paid to the SEC and the remainder of $13.68MM was paid as fine to the DOJ. All of this was discovered because Tyco was already a FCPA violator, having admitted to violations back in 2006 and these additional violations were discovered as a part of a companywide review required under its 2006 Deferred Prosecution Agreement (DPA). Tyco received a Non-Prosecution Agreement (NPA) from the DOJ for this post-DPA conduct and I will discuss the NPA in a subsequent post.

While a large portion of the FCPA commentaratti focused on the damning email which read “”Hell, everyone knows you have to bribe somebody to do business in Turkey. Nevertheless, I’ll play it dumb”; another portion of the commentaratti seemed somewhat amazed that hiding bribery and corruption in a company’s books and records is a stand-alone violation of the FCPA.   As part of the 2006 settlement Tyco agreed to engage in a companywide review of its operations to determine if there was “anything else”. Not only did it turn out there was something else “rotten in Denmark” but this bribery and corruption continued after the first enforcement action. This companywide review determined that Tyco had engaged in “illicit payment schemes”; that these bribery schemes “were inaccurately recorded so as to conceal the nature of the payments” and Tyco “failed to devise and maintain internal controls sufficient to provide reasonable assurances that all transactions were properly recorded in the company’s books, records, and accounts.”

So with a nod to the final week of the baseball season we present the Tyco Bribery Box Score

Subsidiary Location

Bribe Amount Paid

Inaccurate Books and Records Description

Turkey Not reported Equipment sold at a mark-up over invoice price
China $3700 Commission to sales team
Germany Not reported Commission to sales team
France Not reported Commissions to agents for ‘business introductions’
China-different sub $483K Commissions to agent
Thailand $50K Renovation work
Malaysia Not reported Commissions to agents
Egypt $282K Disguised as inflated invoices from agent
Saudi Arabia Not reported Promotional expenses and sales development
Poland Not reported Bogus service contracts

What I find so interesting about all of this is that it occurred, in large part, after the 2006 DPA. As Bill Clinton might say, “It takes some brass” to initiate or continue a bribery scheme while you are under a DPA for FCPA violations. With the above in mind I was intrigued by an article in the Navigant Quarterly, 2012 Volume 1, Issue 13, entitled “If You Think You Are Done Looking…Keep Looking”, by Eileen Felson and Nicole Wrigley. In their article, the authors note that “every fraud has to be hidden somewhere on a company’s books. Most financial statement frauds grow in size, scope and duration.” The authors also talk about “collusive fraud” which is the situation where “fraudsters work together to manipulate the balance sheet and actually launder the fraud through various accounts.” It sounds like a description of the machinations folks must go through to hide corrupt payments while under a FCPA DPA. Although the authors specifically address frauds, their concepts are certainly broad enough to include bribery and corruption.

The authors detail several types of corrupt practices and end their article with some tips on investigation. They note that the “logical start-off point in conducting a forensic investigation of how a fraud was committed includes a detailed review of revenue and expense account activity.” But more importantly, a forensic examiner must keep looking. The reason for this is simply because if evidence of bribery or corruption is found in one area the entire scheme is revealed. Therefore a forensic examiner needs to review unrelated accounts to see if there are other indicia of corruption.

What does all of this mean for a compliance program? There is some very clear guidance for the role of Internal Audit in detecting bribery and corruption in a best practices FCPA compliance program. First and foremost, if there are any types of commission payments being made, Internal Audit needs to review the documentation supporting why such payments are being made. A review of contracts or other legal requirements which may obligate a company to make such payments should be a basic undertaking in any internal audit. After an internal auditor has determined if commission payments are legally authorized, the internal auditor should review evidence that such commission payments have been earned. In other words, is there any evidence in the company’s books and records that the person or entity performed the services which might have entitled them to such commission payments? And do not forget that another role for Internal Audit is to correctly classify payments so that the books and records of the company accurately reflect them as expenses.

The Tyco SEC Compliant is chocked full of information regarding what an internal auditor needs to look for in reviewing expenses charged by employees; commissions paid to employees; invoices by agents and other third party representatives and over-inflated sales contracts; all used to disguise corrupt payments. The sad fact, as noted by authors Felson and Wrigley, is that many corruption schemes are not “committed for personal gain (such as stealing cash) but for other incentives, such as continued employment/advancement, fear of delivering bad news to investors or an intimidating supervisor, or a desire to increase the value of performance-based bonuses.” While it is not clear why it took Tyco so long to uncover these ongoing acts of bribery and corruption or why Tyco employees continued to engage in conduct violative of the FCPA while under a DPA; I think that the Tyco example speaks to the need for an overall, comprehensive robust compliance program that focuses on all factors which led to the continued bribery and corruption in the company which was reported in the SEC Complaint.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

September 13, 2012

Sometimes No Evidence is Meaningless: Voluntary Disclosure under the FCPA

The Foreign Corrupt Practices Act (FCPA) world went crazy last week with headlines along the lines of “No credit for self-reporting”; “No credit for cooperation”; and “Voluntary disclosure doesn’t change penalties”. All of these pronouncements were based upon a draft study done by Professors from the New York University School of Law (NYU School of Law) in an attempt to provide an answer. As reported by Sam Rubenfeld in Corruption Currents, in an article entitled “Study Says Voluntary Disclosure Doesn’t Change FCPA Penalties”, the study, which examines US anti-bribery enforcement actions from 2004 through 2011, found no evidence that voluntary disclosure of wrongdoing results in lesser penalties. He also quoted one of the study’s co-authors Kevin E. Davis, a Vice Dean at NYU School of Law, who said in an email, “We cannot rule out the possibility that voluntary disclosure does result in some form of leniency”.

However, if one reads the study by Davis and Stephen Choi, entitled “Foreign Affairs and Enforcement of the Foreign Corrupt Practices Act”, it becomes clear that the purpose of the study was to test “the extent to which four broad theories explain the recent pattern of enforcement of the FCPA.” Using a dataset of FCPA cases resolved from 2004 to 2011, the inquiry revolved around the extent to which these four theories explain variations in the treatment of actors who violate the FCPA.

I.                    Proportionality Theory

The first theory is described by the authors as the “most consistent with the text of the relevant legislation, guidelines and international conventions.” Not surprising given its names, this theory “suggests that differences in treatment of defendants will depend entirely on differences in their moral culpability. This may reflect the idea that the purpose of the FCPA is to make a statement that bribery is equally immoral regardless of where it takes place. Alternatively, proportionality may reflect an attempt to apply deterrence optimally (at least in a rough sense), imposing greater sanctions on more egregious and extensive harms all other things being equal (such as detection probability).” Interestingly, and I find somewhat unpersuasively, the authors believe that the Proportionality Theory contrasts with the three other theories because the Proportionality Theory “is inherently parochial because it suggests that patterns of enforcement will not be affected by foreign policy considerations or the presence (or absence) of foreign regulators.”

II.                 Altruism Theory

The second theory suggests that FCPA enforcement is influenced by foreign policy considerations. The authors believe that the Altruism Theorysuggests that the FCPA will be enforced with a view to the interests of foreign actors, with U.S. enforcement making up for the shortcomings of foreign states that are not capable of regulating transnational activity on their own. On this account, differences in treatment of defendants might be explained by the needs or institutional capacity of the country whose official has been bribed.”

III.               Self-Interest Theory

This third theory suggests that US enforcement will tend to promote the interests of the US. This implies that factors such as the nationality of the defendant and the extent to which the misconduct prejudiced US firms ought to be taken into account.

IV.               Coordination Theory

The fourth theory suggests that US officials’ enforcement decisions will be influenced by the actions of foreign regulators, such as those at the UK Serious Fraud Office (SFO) or the German prosecutors in the Siemens case. The authors posit that these overseas regulators might “complement U.S. enforcement actions by helping to gather evidence. Alternatively, foreign regulators might impose sanctions that serve as substitutes for U.S. enforcement.”

So what did the authors conclude? First, they found “support for the hypothesis that Proportionality drives the SEC [Securities and Exchange Commission] and DOJ [Department of Justice] in specific cases. Once a case is filed, the sanction imposed in a FCPA action increases with the size of the bribe, the profit related to the bribe, and the amount of business affected by the bribe. The sanction also increases with measures of the extensiveness of the FCPA violation, including, in particular, whether a subsidiary is sufficiently involved to face separate FCPA charges.” Second, the authors found “mixed support for our Altruism theory. Sanctions in individual FCPA actions do not vary with the underlying economic development, as measured by GNI [Gross National Income] per capita, or strength of legal institutions, as measured by World Bank rule of law scores. In contrast, Altruism does appear important in how the DOJ and SEC distribute sanctions among violation countries.” Third, the authors found “mixed evidence that Self-Interest motivates the SEC and DOJ. The SEC and DOJ impose greater sanctions, all other things being equal, on foreign companies.” Finally, for the fourth theory the authors found there is “mixed evidence on the Coordination theory. At the level of individual FCPA actions, we find that the activity of a foreign regulator (both an investigation as well as a sanction) correlates with significantly higher and not lower sanctions.”

The authors ultimately found “evidence that the magnitude of sanctions imposed on defendant companies in FCPA actions depends not only on what they did but where they are from and where they committed their violations.” Personally I do not see such a finding as unreasonable, unwarranted or even surprising. FCPA prosecutions are based upon the US Sentencing Guidelines and the DOJ has, for some time, set out the formulas under which it determines a range of proposed fines and penalties. This range is certainly influenced by self-disclosure as it is one of the listed factors for determining the range. However, it is only one of many factors and it is possible to see the reduction in any number of recent Deferred Prosecution Agreements (DPAs). So quoting from the BizJet DPA is the following:

(g)(1)   The organization, prior to imminent threat of disclosure or government investigation and within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct

This is not a DOJ guideline but was derived by the US Sentencing Guidelines, which are promulgated by the US Sentencing Commission and passed upon by Congress. Do I wish there was a specific line item for early, self-disclosure; you bet I do but there is not. Self-disclosure is lumped in with cooperation, recognition of responsibility for criminal conduct. How much is self-disclosure worth? It could be 25% or not, there is simply no way to know with the current system, under which the DOJ is mandated to operate. Conversely, will your company be penalized if they do not self-disclosure? Once again there is no way to know. So sometimes no evidence has meaning and sometimes it does not.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

August 14, 2012

Pfizer DPA Part III – What Does It All Mean?

Last week I began an exploration of the Pfizer Deferred Prosecution Agreement (DPA) which was announced last week by the Department of Justice (DOJ) in connection with its settlement of Foreign Corrupt Practices Act (FCPA) violations. In Part I, I reviewed the Corporate Compliance Obligations, Attachment C.1. In Part II, I reviewed the Enhanced Compliance Obligations, Attachment C.2 and Corporate Reporting Obligation, Attachment C.3, which Pfizer agreed to implement and operate under. In Part III, I will discuss some of the implications raised by the Pfizer DPA for the compliance practitioner.

Below is a comparison chart of the minimum best practices compliance program as set out in the Panalpina DPA and all DPAs coming forward with the minimum best practices compliance program as set out in the Pfizer DPA. While the number of compliance obligations is somewhat different, when read in conjunction with the Enhanced Compliance Obligations of Attachment C.2, there is not significant difference. Therefore, and initially, the compliance practitioner must read both the Corporate Compliance Obligations and Enhanced Compliance Obligations in conjunction with each other.

CORPORATE COMPLIANCE COMPARISON CHART

Panalpina Minimum Best Practices

Pfizer 9 Point Corporate Compliance Program

1. Code of Conduct. To ensure against FCPA violations. 1. Clearly articulated corporate policy against FCPA violations.
2. Tone at the Top. A company will ensure that its senior management provides visible support and commitment to its corporate anti-corruption policy. 2.  Promulgation of compliance standards and procedures designed to reduce the prospect of violations of the anti-corruption laws and Pfizer’s compliance code.
3. Written policies and procedures.  Should be created in the following areas (a) gifts; (b) hospitality, entertainment, and expenses; (c) customer travel; (d) political contributions; (e) charitable donations and sponsorships; (f) facilitation payments; and (g) solicitation and extortion. 3. Assignment of one or more senior corporate execs for implementation and oversight of compliance program. They shall report to the Board.
4. Risk Assessment. Perform risk assessment and use it to inform your compliance program. 9(b)-internal and confidential reporting system. 4. Effective communication of the compliance policies including training and certification of training.
5. Annual Reviews. No less than annually, a company should review and update as appropriate to ensure continued compliance program effectiveness. 5. An effective system for reporting illegal conduct or violations of the company anti-corruption program.
6. Senior Management Oversight and Reporting. Assignment of one or more senior corporate executives for implementation & oversight of compliance program and they shall report to Board of Directors 6. Appropriate disciplinary procedures.
7. Internal controls.  These should include financial and accounting procedures which should ensure that the company has accurate and fair books and records, which cannot be used for or conceal bribery. 7. Appropriate due diligence for retention and oversight of agents and business partners.
8. Training. A company shall effectively communicate compliance program through training and annual certifications 8. Standard compliance terms and conditions in contracts including (1) reps and undertakings re: anti-corruption compliance; (2) right to audit; and (3) right to terminate for breach thereof.
9. Advice and Guidance.  The Company should establish or maintain an effective system for: (a) Providing guidance; (b) Internal and confidential reporting; and (c) Responding to such requests and undertaking appropriate action in response to such reports. 9. Periodic testing of Pfizer compliance code and anti-corruption procedures.
10. Discipline. A company shall institute appropriate disciplinary procedures to address violations compliance policy or ant-corruption laws.
11. Third Party Reps. (a) Properly documented risk-based due diligence and regular oversight of agents and business partners;  (b) Informing agents and business partners of the compliance standards; and (c) Seeking a reciprocal commitment from agents and business partners.
12. Compliance terms and conditions. Should be included in every agent agreement.
13. Ongoing Assessment. Period review and testing of compliance program to evaluate it and improve the program’s effectiveness.

 

In addition to a Chief Compliance Officer (CCO) and Risk Officer (RO) who will have report directly to the Chief Executive Officer (CEO), there was further specified requirements for compliance leads to be appointed with responsibility for each of its business units who would in turn report to the CCO and RO or General Counsel (GC). Finally, similar to the situation we observed in the Halliburton settlement of its shareholder derivative action, Pfizer will have an Executive Compliance Committee, which will sit below the Board of Directors to oversee Pfizer’s compliance program.

The Enhanced Compliance Obligations require that Pfizer maintain policies and procedures regarding gifts, hospitality, and travel in each jurisdiction that are appropriately designed to prevent violations of the anti-corruption laws and regulations, presumably tailored to each jurisdiction. This statement would seem to focus on reasonableness not only in terms of monetary value but also in factoring in the jurisdiction where the gift or hospitality is to be provided. Finally, and as always, travel and training must have a business purpose.

There was a very detailed plan laid out for a risk-based program of annual proactive anti-corruption reviews of high-risk markets. It consists of five markets which are at high risk for corruption because of the business and location. The specifics for each visit will be a useful guide for the compliance practitioner to compare with similar work done by his compliance group. It includes (a) On-site visits by an FCPA review team comprised of qualified personnel from the Compliance, Audit and Legal functions who have received FCPA and anti-corruption training; (b) Review of a representative sample, appropriately adjusted for the risks of the market, of contracts with, and payments, to individual foreign government officials or health care providers, as well as other high-risk transactions in the market; (c) Creation of action plans resulting from issues identified during the proactive reviews; these action plans will be shared with appropriate senior management and should contain mandatory remedial steps designed to enhance anti-corruption compliance, repair process weaknesses, and deter violations; and (d) a review of the books and records of a sample of distributors which, in the view of the FCPA proactive review team, may present corruption risk.

Interesting, the DPA specifies that Pfizer will maintain “significant” resources for the compliance function. These significant resources will be dedicated to several different types of compliance tools, including (a) an international investigations group charged with responding to and investigating anti-corruption compliance issues and ensuring that appropriate remedial measures are undertaken after the completion of an investigation; (b) an anti-corruption program office providing centralized assistance and guidance regarding the implementation, updating and revising of the FCPA Procedure, the establishment of systems to enhance compliance with the FCPA Procedure, and the administration of corporate-level training and annual anti-corruption certifications; and (c) a mergers and acquisitions (M&A) compliance team designed to support early identification of compliance risks associated with complex business transactions and to ensure the integration of Pfizer’s compliance procedures into newly acquired entities. There was a slightly different time schedule listed for Pfizer to complete post-acquisition auditing, training and implementation of the Pfizer compliance program into the acquired company. I have added to my recent FCPA M&A Box Score Summary.

Time Frames

Halliburton 08-02

J&J

DS&S

Pfizer

FCPA Audit
  1. High Risk Agents – 90 days
  2. Medium Risk Agents – 120 Days
  3. Low Risk Agents – 180 days
18 months to conduct full FCPA audit As soon “as practicable One year
Implement FCPA Compliance Program Immediately upon closing 12 months As soon “as practicable One year
Training on FCPA Compliance Program 60 days to complete training for high risk employees, 90 days for all others 12 months to complete training As soon “as practicable One Year

While there was no new language regarding risk evaluation, due diligence on, or other management of third party business parties, the DPA did specify that when it is appropriate on the basis of a FCPA risk assessment, the company will provide FCPA and anti-corruption training to relevant agents and business partners, at least once every three years.

The company is also to use annual certifications from senior managers in each of Pfizer’s Business Units, Divisions, and operational functions confirming that their standard operating procedures adequately implement Pfizer’s anti-corruption policies, procedures and controls, including training requirements; that they have reviewed and followed up on any issues identified in FCPA trend analyses; and that they are not aware of any FCFA or other corruption issues that have not already been reported to the Compliance Division or the Legal Division.

There is a wealth of information in the Pfizer DPA and other documents relating to its resolution of these FCPA issues. I would commend all the documents to you to read and see what areas your company may need to look at more closely and how these Compliance and Enhanced Compliance Obligation Attachments may provide insight into areas where you might be lacking or need to enhance your compliance program and coverage.  These enhanced obligations could well become the new minimum best practices in the FCPA compliance arena.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

June 22, 2012

Take the A Train to Find Your Compliance Team

Some organizations, such as the SCCE provide specialized training for compliance professionals. Others, such as Trace International, are beginning to offer such specialization and certification. My This Week in FCPA Colleague Howard Sklar wrote a great piece last year on who to call when you need some serious help for a Foreign Corrupt Practices Act (FCPA) issue, entitled “Getting Advice”, other than calling Ghostbusters it is the best single source for who you should call when the FCPA going gets tough.

However, as the compliance field evolves and matures, the need for more experienced compliance professionals continues to grow, there is the need to hire top notch compliance talent to do the day-to-day work of implementing, enhancing or running a compliance program. Where can you go if you want to hire some experienced compliance professionals to insert in your organization who can hit the ground running? I thought about that question when reading a book review of David Schiff’s “The Ellington Century” in a recent issue of the Times Literary Supplement. In this review, entitled “Sentimentals”, Stephen Brown noted that Ellington’s instrument was his band. While the Duke was very good at spotting talent, he was willing “to let it have its own voice, and more, to highlight and showcase it, and most importantly to involve it in the creative process.” When a musician came out of the Ellington Band, they had worked steadily with other great musicians and had learned from one of the greatest composers and arrangers of the past century.

How does that relate to finding some top notch compliance talent? It means there is no better place to look than people who have worked where compliance is under the microscope, usually because of a Department of Justice (DOJ) investigation or company which is under a Deferred Prosecution Agreement (DPA). In Houston one company that went through that process was BakerHughes. It’s Chief Compliance Officer (CCO), Jay Martin, is recognized as one of the leaders in our field not only here in Houston but across the country. The team Jay put together has now fanned out to become CCO’s at several other major companies here in Houston. Dan Chapman is the CCO at Parker Drilling, Brian Moffatt is the CCO at ENSCO, Rod Hardie is the CCO at Exterran and most recently Doug Walter was named as CCO at the newly formed company (albeit with a long and storied name) Phillips 66. There are probably others as well but I have worked or been on panels with each of the above folks and I can attest, they have all learned their compliance stuff and understand how to practice compliance.

Another place you can look is to law firms which have performed monitoring services. But here I would suggest that you look to the associate ranks for the lawyer who generally did the day-to-day spade work for the lead lawyer who had been appointed monitor. In my last corporate position, my company was under a Monitorship and we worked closely with the full team of lawyers in the law firm to implement, train and operate the company’s compliance program. Several of the former associates from the firm now hold prominent in-house positions and the experience they gained in their oversight roles was no doubt very instrumental in their current level of (compliance) experience.

The talent is out there. If you wanted a very good musician for a project, last century you could turn to an alumna of Ellington’s band. In the compliance arena, you can do no better than hiring someone who has been under the gun, so to speak, and worked for or with a company under significant DOJ scrutiny. So, sit back, listen to some great music by the Duke and ask around about who has gone through such an experience. If you want to populate your compliance team, it is a great way to do so.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

June 20, 2012

The DOJ Listens: the Evolution of FCPA Compliance in M&A

Earlier this week the US Department of Justice (DOJ) released a Deferred Prosecution Agreement (DPA) with the company Data Systems & Solutions (DS&S). I explored the factual allegations against DS&S and the highlights of the DPA in yesterday’s post. Today I want to discuss the DS&S DPA in the context of the DOJ’s evolution in thinking regarding what a company can do to protect itself under the Foreign Corrupt Practices Act (FCPA) when it purchases another entity or otherwise engages in mergers and acquisitions (M&A) work. In other words, forces the evolution of best practices.

Previously many compliance practitioners had based decisions in the M&A context on DOJ Opinion Release 08-02 (08-02), which related to Halliburton’s proposed acquisition of the UK entity, Expro. In the spring of 2011, the Johnson & Johnson (J&J) DPA changed the perception of compliance practitioners regarding what is required of a company in the M&A setting related to FCPA due diligence, both pre and post-acquisition. On June 18, the DOJ released the DS&S DPA which brought additional information to the compliance practitioner on what a company can do to protect itself in the context of M&A activity.

Opinion Release 08-02 began as a request from Halliburton to the DOJ from issues that arose in the pre-acquisition due diligence of the target company Expro. Halliburton had submitted a request to the DOJ specifically posing these three questions: (1) whether the proposed acquisition transaction itself would violate the FCPA; (2) whether, through the proposed acquisition of Target, Halliburton would “inherit” any FCPA liabilities of Target for pre-acquisition unlawful conduct; and (3) whether Halliburton would be held criminally liable for any post-acquisition unlawful conduct by Target prior to Halliburton’s completion of its FCPA and anti-corruption due diligence, where such conduct is identified and disclosed to the Department within 180 days of closing.

I.                   08-02 Conditions

 

Halliburton committed to the following conditions, if it was the successful bidder in the acquisition:

Within ten business days of the closing, Halliburton would present to the DOJ a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which would address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. The Halliburton work plan committed to organizing the due diligence effort into high risk, medium risk, and lowest risk elements.

a)      Within 90 days of Closing. Halliburton would report to the DOJ the results of its high risk due diligence.

b)      Within 120 days of Closing. Halliburton would report to the DOJ the results to date of its medium risk due diligence.

c)      Within 180 days of Closing. Halliburton would report to the DOJ the results to date of its lowest risk due diligence.

d)     Within One Year of Closing. Halliburton committed full remediation of any issues which it discovered within one year of the closing of the transaction.

Many lawyers were heard to exclaim, “What an order, we cannot go through with it.” However,  we advised our clients not to be discouraged because 08-02 laid out a clear road map for dealing with some of the difficulties inherent in conducting sufficient pre-acquisition due diligence in the FCPA context. Indeed the DOJ concluded 08-02 by noting, “Assuming that Halliburton, in the judgment of the Department, satisfactorily implements the post-closing plan and remediation detailed above… the Department does not presently intend to take any enforcement action against Halliburton.”

II.                Johnson & Johnson “Enhanced Compliance Obligations”

Attachment D of the J&J DPA, entitled “Enhanced Compliance Obligations”, is a list of compliance obligations in which J&J agreed to undertake certain enhanced compliance obligations for at least the duration of its DPA beyond the minimum best practices also set out in the J&J DPA. With regard to the M&A context, J&J agreed to the following:

 

7. J&J will ensure that new business entities are only acquired after thorough FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. Where such anti-corruption due diligence is not practicable prior to acquisition of a new business for reasons beyond J&J’s control, or due to any applicable law, rule, or regulation, J&J will conduct FCPA and anti-corruption due diligence subsequent to the acquisition and report to the Department any corrupt payments, falsified books and records, or inadequate internal controls as required by … the Deferred Prosecution Agreement.

8. J&J will ensure that J&J’s policies and procedures regarding the anti-corruption laws and regulations apply as quickly as is practicable, but in any event no less than one year post-closing, to newly-acquired businesses, and will promptly, for those operating companies that are determined not to pose corruption risk, J&J will conduct periodic FCPA Audits, or will incorporate FCPA components into financial audits.

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to J&J, on the anticorruption laws and regulations and J&J’s related policies and procedures; and

b. Conduct an FCPA-specific audit of all newly-acquired businesses within 18 months of acquisition.

These enhanced obligations agreed to by J&J in the M&A context were less time sensitive than those agreed to by Halliburton in 08-02. In the J&J DPA, the company agreed to following time frames:

A.     18 Month – conduct a full FCPA audit of the acquired company.

B.     12 Month – introduce full anti-corruption compliance policies and procedures into the acquired company and train those persons and business representatives which “present corruption risk to J&J.”

So there is no longer a risk based approach as set out in 08-02 and the tight time frames are also relaxed. Once again we applaud the DOJ for setting out specific information for the compliance practitioner through the release of the J&J DPA. As many have decried 08-02 is a standard too difficult to satisfy in the real world of time constraints and budget cuts, the “Acquisition” component of the J&J DPA should provide those who have made this claim with some relief.

III.             DS&S

In the DS&S DPA there are two new items listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:

13. DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.

 14. DS&S will ensure that DS&S’s policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S’s policies and procedures regarding anticorruption laws.

b. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

 This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance and the J&J Enhanced Compliance Obligations incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S’s FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during M&A activities.

FCPA M&A Box Score Summary

Time Frames

Halliburton 08-02

J&J

DS&S

FCPA Audit
  1. High Risk Agents – 90 days
  2. Medium Risk Agents – 120 Days
  3. Low Risk Agents – 180 days
18 months to conduct full FCPA audit As soon “as practicable
Implement FCPA Compliance Program Immediately upon closing 12 months As soon “as practicable
Training on FCPA Compliance Program 60 days to complete training for high risk employees, 90 days for all others 12 months to complete training As soon “as practicable

I believe that the DOJ does listen to the concerns of US companies about issues relating to FCPA enforcement, which is consistent with its duty to uphold that law. Last month we saw the issue of the Morgan Stanley declination in the context of the Garth Peterson FCPA prosecution. With the DS&S DPA, there is clearly more flexible language presented in the context of M&A work and potential liability for ‘buying a FCPA claim.’

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

DS&S DPA: Lessons Learned for the Compliance Practitioner

On Monday, June 18, the Department of Justice (DOJ) announced the resolution of a matter involving violations of the Foreign Corrupt Practices Act (FCPA) by Data Systems & Solutions LLC (DS&S), a US entity based in Virginia. The settlement resulted in the company agreeing to a two year and 7 day Deferred Prosecution Agreement (DPA). The case was interesting for a number of reasons and it has some significant lessons which the compliance practitioner can put into place in a corporate compliance program. The charges related to DS&S’s business included the design, installation and maintenance of instrumentation and controls systems at nuclear power plants, fossil fuel power plants and other critical infrastructure facilities. In reading the Criminal Information, I can only say that this was no one-off or rogue employee situation but this was a clear, sustained and well known bribery scheme that went on within the company.

I.                   The Criminal Information

The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.

The Players Box Score

DS&S Officials INPP Officials Subcontractors
Exec A – VP of Marketing and Business Development (BD) Official 1 – Deputy Head of Instrumentation and Controls Department Subcontractor A – Simulation Technology Products and Services
Official 2 – Head of Instrumentation and Controls Department Subcontractor B – Beneficially owned by Official 1 and which employed INPP Officials
Official 3 – Director General at INPP Subcontractor C – Shell company used a funneling entity to pay bribes
Official 4 – Head of International Projects at INPP
Official 5 – Lead SW Engineer at INPP

The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid in the Information reflected the following techniques used by:

  •       Payment of bribes by Subcontractors to Officials on behalf of DS&S;
  •       Direct payment of bribes by DS&S into US bank accounts controlled by INPP Officials;
  •       Creation of fictional invoices from the Subcontractors to fund the bribes;
  •      Payment of above-market rates for services allegedly delivered by the Subcontractors so the excess monies could be used to fund bribes;
  •      Payment of salaries to INPP Officials while they were ‘employed’ by Subcontractor B;
  •       Providing travel and entertainment to Officials to Florida, where DS&S has no facilities and which travel and entertainment had no reasonable business purpose; and last but not least…
  •      Purchase of a Cartier watch as a gift.

II.                The Deferred Prosecution Agreement

I set out these details with some specificity for two reasons. The first is that the Information is a must read for anyone in Internal Audit who reviews books and records. It gives you the precise types of Red Flags to look for. But secondly is the fact that DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines. The calculation as listed in the DPA is as follows:

Calculation of Fine Range:

Base Fine $10,500,000

Multipliers 1.20(min)/2.40(max)

Fine Range $12,600,000/$25,200,000

The ultimate fine paid by DS&S was only $8.82MM, which the DPA states is “an approximately thirty-percent reduction off the bottom of the fine range…” So for the compliance practitioner the question is what did DS&S do to get such a dramatic reduction? We know that one thing they did NOT do was self-report as the DPA notes that this case began as a DOJ investigation and DS&S received Subpoenas “in connection with the government’s investigation.” However, after this initial delivery of Subpoenas DS&S engaged a clear pattern of conduct which led directly to this 30% discount of the low end of the fine range. The DPA reports that DS&S took the following steps:

 

  • Internal Investigation. DS&S initiated an internal investigation and provided real-time reports and updates of its investigation into the conduct described in the Information and Statement of Facts.
  • Extraordinary Cooperation. DS&S’s cooperation has been extraordinary, including conducting an extensive, thorough, and swift internal investigation; providing to the Department searchable databases of documents downloaded from servers, computers, laptops, and other electronic devices; collecting, analyzing, and organizing voluminous evidence and information to provide to the DOJ in a comprehensive report; and responding promptly and fully to the DOJ’s requests.
  • Extensive Remediation. The number of steps DS&S took in regard to remediation included the following:
    • Termination of company officials and employees who were engaged in the bribery scheme;
    • Dissolving the joint venture and then reorganizing and integrating the dissolved entity as a subsidiary of DS&S;
    • Instituting a rigorous compliance program in this newly constituted subsidiary;
    • Enhancing the company’s due diligence protocols for third-party agents and subcontractors;
    • Chief Executive Officer (CEO) review and approval of the selection and retention of any third-party agent or subcontractor;
    • Strengthening of company ethics and compliance policies;
    • Appointment of a company Ethics Representative who reports directly to the CEO;
    • The Ethics Representative provides regular reports to the Members Committee (the equivalent of a Board of Directors in a LLC); and
    • A heightened review of most foreign transactions.
    • Enhanced Compliance Program. More on this in the next section.
    • Continued Cooperation with DOJ. The company agreed to continue to cooperate with the Department in any ongoing investigation of the conduct of DS&S and its officers, directors, employees, agents, and subcontractors relating to violations of the FCPA and to fully cooperate with any other domestic or foreign law enforcement authority and investigations by Multilateral Development Banks.

III.             Enhanced Compliance Obligations

One of the interesting aspects of the DS&S DPA is that there are 15 points listed in the Corporate Compliance Program, attached as Schedule C to the DPA, rather than the standard 13 items we have seen in every DPA since at least November 2010. The new additions are found on items 13 & 14 on page C-6 of Schedule C and deal with mergers and acquisitions. They read in full:

13. DS&S will develop and implement policies and procedures for mergers and acquisitions requiring that DS&S conduct appropriate risk-based due diligence on potential new business entities, including appropriate FCPA and anti-corruption due diligence by legal, accounting, and compliance personnel. If DS&S discovers any corrupt payments or inadequate internal controls as part of its due diligence of newly acquired entities or entities merged with DS&S, it shall report such conduct to the Department as required in Appendix B of this Agreement.

14. DS&S will ensure that DS&S’s policies and procedures regarding the anticorruption laws apply as quickly as is practicable to newly acquired businesses or entities merged with DS&S and will promptly:

a. Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to DS&S, on the anti-corruption laws and DS&S’s policies and procedures regarding anticorruption laws.

b. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable.

This language draws from and builds upon the prior Opinion Release 08-02 regarding Halliburton’s request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. While the DS&S DPA does note that it is specifically tailored as a solution to DS&S’s FCPA compliance issues, I believe that this is the type of guidance that a compliance practitioner can rely upon when advising his or her clients on what the DOJ expects during Mergers and Acquisitions (M&A). The five keys under these new items, 13 & 14 highlighted above, are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities “as quickly as practicable”; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might “present a corruption risk to DS&S” on the company’s policies and procedures and the law.

IV.              Summary

The DS&S DPA provides some key points for the compliance practitioner. First and foremost, I believe that it demonstrates the reasonableness of the DOJ. The bribery scheme here was about as bad as it can get, short of suitcases of money carried by the CEO to pay bribes. The company did not self-report, yet received a significant reduction on the minimum level of fine. The specificity in the DPA allows a compliance practitioner to understand what type of conduct is required to not only avoid a much more significant monetary penalty but also a corporate monitor. Lastly, is the specific guidance on FCPA compliance in relation to M&A activities, to the extent that if anyone in the compliance arena did not understand what was required in the M&A context; this question would seem to be answered in the DS&S DPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

April 3, 2012

FCPA Enforcement: Why Corporations Support DPAs and NPAs

At the recent Dow Jones Global Compliance Symposium, there was a debate royal between Mark Mendelsohn and the FCPA Professor, Mike Koehler, regarding enforcement of the Foreign Corrupt Practices Act (FCPA). One of the points the Professor raised was regarding the proliferation of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) during the tenure of Mendelsohn at the Department of Justice (DOJ). The Professor argued that DPAs and NPAs, which did not come into wide spread use until the last decade, were tools which should not be employed for FCPA enforcement. One of the reasons he articulated this was that by use of these agreements the DOJ is not required to put proof in front of a judge or jury, hence the DOJ can expand its interpretation of the FCPA without appropriate judicial oversight. Mendelsohn countered that such agreements are within prosecutorial discretion and given a finite amount of personnel and monetary resources within the DOJ, an appropriate mechanism to assist the overall goal of compliance with the FCPA.

However, I would like to review the use of DPAs and NPAs from another angle and the perspective from another player in FCPA enforcement. That is the perspective of the corporation ensnared in an enforcement action. I will leave aside a discussion of the alleged expansive DOJ interpretation of the FCPA for another day and simply focus on why it is in the interest of a corporate defendant to enter into a DPA or NPA as opposed to being indicted and defending itself at trial.

Arthur Andersen

For those of you who do not recall, Arthur Andersen was the auditor for Enron and was caught up in the Enron scandal. In 2002, the firm voluntarily surrendered its licenses to practice as Certified Public Accountants (CPAs) in the United States after being found guilty of criminal charges relating to the firm’s handling of the auditing of Enron. The other national accounting and consulting firms bought most of the practices of Arthur Andersen. The verdict was subsequently overturned by the US Supreme Court. However, the damage to its reputation has prevented it from returning as a viable business. In other words, after fighting the criminal charges brought against it and losing at trial, Arthur Andersen imploded.

No US Company wants to face this prospect. By being indicted they will probably find their access to credit greatly reduced and their ability to move forward as an ongoing concern compromised. Juries still do not have a high opinion of corporations and what may appear to be ‘sharp but legal’ business practices may look like bribery and corruption to a jury. The DOJ’s recent set-backs on the individuals it has indicted and/or taken to trial should not affect a jury’s perception of corporate corruption. No publicly traded company can take the risk. For private companies, the resulting violations of loan covenants and other denials to capital would probably have the same effect.

Certainty

In my legal career if I have learned one thing about representing corporations it is that they do not like surprises and one of the things they most desire is certainty. The one thing I learned in almost 20 years of trying cases (civil side only) is that nothing is certain when you leave the final decision to an ultimate trier of fact who is not yourself, whether that trier of fact be a jury, judge or arbitrator. The most important thing for a company is certainty and that is even more paramount when a potential criminal conviction looms over its corporate head. A DPA or NPA provides this certainty. Corporations not only know what their financial penalty is but they also know their ongoing obligations, in the form of the compliance program they should implement or enhance and ongoing reporting requirements.

Expansive Effect

Just as it benefits the DOJ to drive corporate behavior to comply with the FCPA, through its enforcement of the FCPA; it benefits corporations to understand what is expected from them. Both goals are achieved by the use of DPAs and NPAs. This is because one of the other benefits to DPAs and NPAs is that it provides information and guidance to other companies and compliance practitioners as to the DOJ’s thinking regarding a best practices compliance program. Any improvements or new aspects to a minimum best practices compliance program, which are announced in a DPA or NPA, will inform other companies and will expansively compound the effect from a DPA or NPA. The size of the company involved in the enforcement action does not matter as all DPAs and NPAs are publicly announced.

So as the “Enhanced Compliance Obligations” in the Johnson & Johnson (J&J) DPA gave companies additional guidance on how to deal with acquisitions; the recent Biomet DPA provided specific information to Internal Audit on its role in a minimum best practices compliance program. A review of any recent DPA or NPA also shows the clear benefits of self-disclosure and cooperation, which can lead to a significant reduction in the overall monetary penalty.

From my perspective, as someone who has represented corporations, as both an outside counsel in private practice and in-house counsel, I believe that DPAs and NPAs not only further the goals of the FCPA but bring tangible benefits to corporations. I do not believe that they should be removed from the DOJ’s arsenal for enforcement.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

March 27, 2012

The Biomet SEC Complaint: Lessons for Internal Audit

On March 26, 2012, both the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) announced the resolution of enforcement actions against Biomet Inc. a US entity, which manufactures and sells global medical devices around the world. It is headquartered in Fort Wayne, Indiana. The Company admitted to a lengthy run of bribery and corruption of doctors to purchase its products. The FCPA Blog reported that the “company will pay a criminal fine of $17.3 million to resolve charges brought by the DOJ. It also agreed with the SEC to settle civil charges by paying $5.5 million in disgorgement of profits and pre-judgment interest.” In this post I will review the SEC Complaint and discuss the facts it posited regarding the Company’s internal auditors to draw out some lessons for an Internal Audit Department’s role in Foreign Corrupt Practices Act (FCPA) compliance programs.

Bribery and Corruption Facts

The Company engaged in an eight (8) year scheme to bribe and corrupt doctors in the countries of Argentina, Brazil and China to induce the physicians to purchase Biomet products. The SEC complaint reported that “2000 to August 2008, Biomet Argentina employees paid bribes to doctors employed by publicly owned and operated hospitals in Argentina in exchange for sales of  Biomet’s medical device products. The doctors were paid approximately 15-20 percent of each sale.” In Brazil, the SEC Compliant reported that from 2001 until 2008, Biomet’s “Brazilian Distributor, paid bribes to doctors employed by publicly owned and operated hospitals to purchase Biomet’s implants. Brazilian Distributor paid the doctors bribes in the form of “commissions” of 10-20 percent of the value of the medical devices purchased.” In China, Biomet subsidiaries and its Chinese distributor paid from 5% up to 25% commissions to doctors for the sale of its products which were used during surgeries and also paid for Chinese surgeons to travel for training “including a substantial portion of the trip being devoted to sightseeing and other entertainment at Biomet’s expense.”

Biomet Bribery Box Score

Country Bribe Rate Total Amount Paid Loss or Write Off
Brazil 10 to 20% $1.1 $4.2MM
China 5 to 25% Not reported Not reported
Argentina 15 to 20% $466,000 Not reported
Costs Fine or Profit Disgorgement
DOJ Fine $17.3MM
SEC Profit Disgorgement $5.5 MM
Documented Cost $29.7 MM

Internal Audit

The SEC Compliant reported that the Company’s Internal Audit was not only aware of the bribery program but discussed it in Memorandum to the Company’s home office, including the head of the Company’s Internal Audit Department. For instance in Argentina, the Company’s head of Internal Audit noted, as early as 2003, “circulated an internal audit report on Argentina to Senior Vice President and others in Biomet in Indiana in which he stated, “[R]oyalties are paid to surgeons if requested. These are disclosed in the accounting records as commissions.” The internal audit report described the payments to surgeons, but only in the context of confirming that the amount paid to the surgeon was the amount recorded on the books.” However, the Company’s Internal Audit Department, took no steps to determine why royalties were paid to doctors or why the payments to the doctors were 15-20% of sales. Internal Audit did not obtain any evidence of services which the doctors might have performed entitling them to the payments. The SEC Complaint noted that Internal Audit “concluded that there were adequate controls in place to properly account for royalties paid to surgeons without any supporting documentation” and Internal Audit’s only “recommendation was to change the journal entry from “commission expenses” to “royalties.”

Biomet’s Director of Internal Audit is reported to have “instructed an auditor to code improper payments being made to doctors [in China] in connection with clinical trials as “entertainment.” The Director of Internal Audit also reported that Biomet’s “Brazilian Distributor makes payments to surgeons that may be considered as a kickback. These payments are made in cash that allows the surgeon to receive income tax free . . . . In the consolidated financials sent to Biomet, these payments were reclassified to expense in the income statement.”

The SEC Complaint also noted that “Biomet’s books and records did not reflect the true nature of those payments. The Company’s payments were improperly recorded as “commissions,” “royalties”, “consulting fees”, “other sales and marketing”, “scientific incentives”, “travel” and “entertainment.” The SEC Compliant concluded with the following “False documents were routinely created or accepted that concealed the improper payments.”

Lessons Learned for Internal Audit

The SEC Complaint had some very clear guidance for the role of Internal Audit in detecting bribery and corruption in a best practices FCPA compliance program. First and foremost, if there are any types of commission payments being made, Internal Audit needs to review the documentation supporting why such payments are being made. A review of contracts or other legal requirements which may obligate a company to make such payments should be a basic undertaking in any internal audit. After an internal auditor has determined if commission payments are legally authorized, the internal auditor should review evidence that such commission payments have been earned. In other words, is there any evidence in the company’s books and records that the person or entity performed services which might have entitled them to such commission payments?

Another role delineated in the SEC Complaint for Internal Audit is to correctly classify payments so that the books and records of the company accurately reflect them as expenses. As noted, the Director of Internal Audit instructed that bribes paid during clinical trials of the Company’s products should be reclassified as ‘expenses’. Further, while specifically stating that Biomet was assisting Brazilian physicians to evade the payment of taxes on income, he directed that such bribes be classified on the Company’s books and records once again as ‘expenses.’

Of course the costs in the Bribery Box Score listed above does not reflect the 3+ years of investigative costs, loss of sales in the three countries which it pulled out from or the anticipated cost of its upcoming three year monitorship. All I can say with certainty is that the cost for non-compliance is much higher than the cost of complying with the FCPA. The SEC Compliant gives clear guidance from what it expects from internal audit in a FCPA compliance program. I recommend that these steps be implemented much sooner rather than later.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

March 26, 2012

What is ‘Extraordinary Cooperation’ in an FCPA Enforcement Action?

In the recent BizJet Deferred Prosecution Agreement (DPA), which detailed a litany of corrupt payments made and approved at the highest level of the company to obtain and retain business in Mexico and Panama, the company received a monetary fine of more than 30% under the low end of the amount suggested by the US Sentencing Guidelines. How did the company obtain this fine reduction? Through what the Department of Justice (DOJ) termed “extraordinary cooperation”. I have often wondered what the term “extraordinary cooperation” meant so when I attended a panel at the recent 2012 Global Ethics Summit, entitled “Engaging with the Government: What’s Changed?” I put that question to panelist Ty Cobb, a partner in the Washington DC office of Hogan Lovells.

As a general rule, Cobb noted that ‘extraordinary cooperation’ will not be the definition given by the company but by the DOJ. This is an important discussion to have with your client very early on to set a proper expectation. A company must be credible at all times, it cannot selectively report facts but must report both good and bad facts to the DOJ. Lastly, each matter is a separate negotiation and must stand on its own feet. He said that a company does not have to completely roll over to every request made by the DOJ as there can and should be negotiations by investigative or other specialized counsel who interact with the DOJ throughout the process.

Cobb also provided some guidance on the specific steps which might lead to a penalty reduction.

Did you go high enough?

First what did the company do to the persons involved in the bribery and corruption? Was there discipline to the parties? How high up did the company go to discharge or discipline those involved in the bribery and corruption? Did discipline or discharge go up to the highest levels of the company if persons at those levels were involved in the bribery or corruption?

Did your retraining go down low enough?

Here Cobb focused on retraining of employees. He said that it was important that your post incident training go down to an appropriate level of employees in the company. While he did not say how low that level might be, clearly the better approach would be to over-include rather than under-include for training. This seems to imply that full and significant training must be provided to more than simply high risk employees.

Provide access to documents and individuals

A company’s investigative team will probably have to review thousands if not millions of pages of documents and electronic communications. Obviously a summary of the relevant documents and electronic communications will need to be provided to the DOJ but if the government wants access to the full set of documents, that will also be required. Access to employees for DOJ interviews will also be required. This can be tricky as it may intersect with ‘did you go high enough’ listed above regarding termination. Many companies desire to terminate employees determined to be involved in such conduct immediately but if you do so, they may not cooperate with an internal investigation. It may also make it difficult for your company to make such terminated employees available to the DOJ for interview.

Best practices program going forward

One of the things consistently mentioned in DPAs and Non-Prosecution Agreements (NPAs) is that a company which reaches such an agreement with the DOJ always agrees to institute a rigorous compliance program going forward. As the compliance programs listed in Attachment C (or Attachment B to a NPA) are monikered as minimum best practices this would seem to indicate that the companies involved went beyond the minimum. DPAs, such as the Johnson and Johnson (J&J) DPA, go so far as to create and embrace “Enhanced Compliance Obligations” which detail compliance policies and procedures which go beyond the minimum best practices.

Self Monitorships

The BizJet DPA also includes a concept which has appeared in several recent DPAs. BizJet agreed that it would report “at no less that twelve-month intervals during the three year term” [of the DPA] to the DOJ on “remediation and implementation of the compliance program and internal controls, policies and procedures” as set forth in the DPA. The initial report was required to be delivered one year from the date of the DPA and would also include BizJet’s proposals “reasonably designed to improve BizJet’s internal controls, policies and procedures for ensuring compliance with the FCPA and other applicable anti-corruption laws.”

Cobb’s observations, together with the information that can be gleaned from the BizJet DPA, provide some general parameters that a compliance practitioner may use to understand more completely what the term ‘extraordinary cooperation’ might be defined from the perspective of  the DOJ. The DOJ has consistently rewarded companies which provide such cooperation with penalties below those suggested by the US Sentencing Guidelines. However, such cooperation is not a walk in the park and as someone who has worked at a company during a very intensive post-DPA monitorship, I can attest that such cooperation is far beyond ‘normal’ cooperation and truly is ‘extraordinary’. Yet at the end of the day, the internal cost appears to be well worth it.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

February 14, 2011

Tyson Food’s DPA-Part I: A Lesson in Criminal Penalty Reduction under the FCPA

On February 10, 2011, Tyson Foods announced a settlement of outstanding violations of the Foreign Corrupt Practices Act (FCPA) with the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). As reported by the FCPA Blog, the Tyson Foods agreed to pay a $4 million criminal penalty and $1.2 million in disgorgement and pre-judgment interest to resolve charges related to illegal payments by company representatives to government-employed inspection veterinarians in Mexico and a cover-up of the payments. This settlement had several interesting elements which should be noted by the FCPA practitioner. We will explore these developments in our next two postings. Today’s post will focus on the detailed discussion of the reasons for the settlement and the specifics of the monetary penalty assessed against Tyson Foods.

Initially we would note that in this settlement, the DOJ continues its recent course of action in providing greater specificity in the basis upon which the final settlement was concluded. We applaud the DOJ for this course of action and hope they will continue to do so. By providing such transparency, the DOJ affords greater information on its procedures to the compliance community.

I. The Facts

The fact pattern would seem to be precisely the scenario that the FCPA was designed to prevent. Tyson Food’s Mexican subsidiary, Tyson de Mexico, between the years of 2004 and 2006, paid $90,000 to two publicly-employed veterinarians who inspected its Mexican plants, generating profits for Tyson of $880,000. The payments went directly to the veterinarians and to their wives who were listed on the payroll of Tyson de Mexico. The bribes were intended to keep the veterinarians from disrupting the operations of the meat-production facilities. When these payments were discovered by Tyson Food’s in the US in 2004 and thereafter terminated, Tyson representatives made the same amounts of payments through the creation of fictitious invoices for veterinarian services to the wives of the inspectors to match the amount previously paid to their spouses.

II.        Tyson’s Conduct after Self-Disclosure

As stated in the Deferred Prosecution Agreement (DPA), the DOJ entered into the DPA with Tyson based, in large part, because of the conduct of Tyson Foods after it self-disclosed the matter to the DOJ. The DOJ noted the following factors:

a. Tyson voluntarily disclosed the misconduct described in the Information and Statement of Facts;

b. Tyson conducted a thorough internal investigation of that misconduct;

c. Tyson reported all of its findings to the DOJ;

d. Tyson cooperated in the DOJ’s investigation of this matter;

e. Tyson undertook remedial measures as described in the DPA;

f. Tyson agreed to continue to cooperate with the DOJ in any investigation of the conduct of Tyson and its directors, officers, employees, agents, consultants, subsidiaries, contractors, and subcontractors relating to violations of the FCPA;

g. Tyson cooperated and agreed to continue to cooperate with the SEC in its investigation of the conduct of Tyson and its directors, officers, employees, agents, consultants, subsidiaries, contractors, and subcontractors relating to corrupt payments and related false accounting and internal controls issues.

All of these actions by Tyson make clear that after disclosure, the best course of action that a company can engage in during an enforcement action is full cooperation with the DOJ and SEC. Followed immediately behind this full cooperation, a company should pro-actively institute remedial measures regarding the conduct which led to the FCPA violation; and a full review, assessment and audit of its FCPA compliance program. Companies which wait to be told what the DOJ wants to see in terms of a best practices FCPA compliance program would not be as likely to receive such credit by the DOJ in settlement negotiations regarding the penalty assessment.

III. Assessment of Monetary Penalty

We were very impressed that the DOJ set out in detail the calculation on how the monetary penalty was assessed. We set it out in full below.

6. Payment of Monetary Penalty: The Department and Tyson agree that application of the United States Sentencing Guidelines (“USSG” or “Sentencing Guidelines”) to determine the applicable fine range yields the following analysis:

a. The 2006 USSG are applicable to this matter.

b. Base Offense. Based upon USSG 2Cl.1, the total offense level is 28, calculated as follows:

(a)(2) Base Offense Level— 12

(b)(1) More than one bribe— +2

(b)(2) Value of benefit received more than $400,000— + 14

TOTAL OFFENSE LEVEL— 28

c. Base Fine. Based upon USSG §8C2.4(a)(l) and (d), the base fine is $6,300,000 (the fine indicated in the Offense Level Fine Table ($6,300,000) is used where such number is greater than the pecuniary gain to the organization from the offense ($880,000).

d. Culpability Score. Based upon USSG §§8C2.5, the culpability score is 4, calculated as follows:

(a) Base Culpability Score—5

(b)(1) Organization had 1,000 or more employees and 311individuals within high-level personnel of the organization participated in, condoned, or was willfully ignorant of the offense— +4

(g)(1) The organization, prior to an imminent threat of disclosure or government investigation, within a reasonably prompt time after becoming aware of the offense, reported the offense, fully cooperated, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct.— (negative)-5

e. Calculation of Fine Range.

Base Fine— $6,300,000

Multipliers 0.8— (minimum)/1.6(maximum)

Fine Range— $5,040,000 to $10,080,000.

Tyson agreed to pay a monetary penalty in the amount of $4,000,000. The key for the overall reduction in the criminal penalty paid by Tyson is found in the following: The organization, prior to an imminent threat of disclosure or government investigation, within a reasonably prompt time after becoming aware of the offense, reported the offense, fully cooperated, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct. So the three key points to be derived from this language are:

  1. Self-disclosure;
  2. Full cooperation; and
  3. Recognition and affirmative acceptance of responsibility.

Once again, we applaud the DOJ for setting forth in such full detail these calculations and this information in  Tyson Foods DPA. In tomorrow’s post we will review the best practices in a FCPA compliance program, as suggested by the Tyson Food’s DPA and some additional issues. Until then, Happy Valentine’s Day to all….

For a copy of the Tyson Food’s DPA, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

 

« Previous PageNext Page »

Blog at WordPress.com.