Dealing with the Foreign Corrupt Practices Act
September 2010 | TALKINGPOINT | FRAUD & CORRUPTION
FW moderates a discussion between George D. Martin at Faegre & Benson LLP, Jeffrey Harfenist at Navigant Consulting (PI) LLC, and James Walker at Richards Kibbe & Orbe LLP, on the implications for companies and individuals arising from FCPA violations.
FW: To what extent have US authorities intensified their monitoring of FCPA in recent years?
Martin: Less than one-third of all FCPA enforcement actions now being brought result from whistleblowers. The US Department of Justice and Securities and Exchange Commission have special investigative task forces and are using traditional law enforcement techniques, as well as cooperation with foreign law enforcement authorities, to build their cases. And, they are targeting on a priority basis individual culprits, with prison terms in mind. These developments, coupled with more staff and increased budgets at their disposal, result in a materially intensified FCPA enforcement regime, worldwide.
Harfenist: To appreciate the Government’s intensified efforts to curb bribery and corruption, one only need look at some notable changes in recent years with regard to the increased level of investigative resources being focused on the problem, as well as the methods employed by enforcement professionals to uncover potential violations. First, the enforcement budget at the Department of Justice will see substantial increases in 2010 and 2011 resulting from the hiring of additional prosecutors and support staff. In addition, the SEC and FBI have formed dedicated anti-corruption units. With regard to investigatory tactics, consider the lengthy sting operation which resulted in 21 arrests in January of 2010 at the Las Vegas Shot Show. The investigation that produced these arrests included thousands of hours of taped calls, 800-plus hours of video surveillance, and FBI agents posing as foreign government officials. Each of these speaks to the US Government’s intensified efforts.
Walker: The sheer number of FCPA investigations initiated by the US Department of Justice and Securities and Exchange Commission in 2009 – 130 – demonstrates that US authorities are intensifying their monitoring of the FCPA. In just the first quarter of 2010, US authorities brought or resolved FCPA charges against 36 companies and individuals, 30 more than in the first quarter of 2009. After five years without a single FCPA enforcement case reaching trial, the government took four FCPA cases against individuals to a jury in 2009. Moreover, in January of this year, the SEC created and staffed a new enforcement unit – the Foreign Corrupt Practices Act Enforcement Unit – dedicated to investigating FCPA violations.
FW: What is motivating the shift in focus to prosecuting individuals under the FCPA, and what are the implications?
Harfenist: Based upon recent comments made by senior government officials, including Attorney General Eric Holder, the shift towards individual prosecutions is being driven by their belief that many companies have historically viewed the payment of substantial monetary penalties stemming from anti-corruption violations – as well as the significant related indirect expenditures resulting from internal investigations – as a necessary cost of doing business in those locations where the payment of bribes is commonplace. To combat this perception, the Department of Justice has significantly raised the stakes by putting at risk the personal liberty of corporate executives. The implications are evident in the significant number of individuals who have been charged by the DOJ in the first half of 2010, as well as the lengthy prison sentences received by individuals who have plead guilty to anti-corruption violations.
Walker: Last November, at the American Conference Institute’s 22nd National Forum on the Foreign Corrupt Practices Act, Assistant Attorney General Lanny Breuer announced that “the prosecution of individuals is a cornerstone of our enforcement strategy”. The numbers bear this out – the DOJ prosecuted 44 individuals in 2009, compared to nine individuals prosecuted in 2008. Focusing on individuals is a way for the US government to deter corporate decisionmakers from viewing bribes as merely a cost of doing business. Instead, companies will recognise that conduct violative of the FCPA carries serious consequences. Additionally, penalising individuals will provide an incentive for individuals to cooperate and provide information to assist in the prosecution of targets and/or discovery and remediation of industry-wide practices.
Martin: The regulators concluded that merely fining corporations for misconduct is an insufficient deterrent – for some companies, it merely amounts to a slap on the wrist that can be quantified and assessed as a cost of doing business. On the other hand, prosecuting individuals involved in effecting or authorising FCPA violations, ignoring ‘red flags’ or simply failing to supervise adequately is seen as a way to both better deter corruption and to build stronger cases against corporate violators. This approach has, in fact, instilled a greater degree of fear in the corporate community and is having the desired effect. CEOs, CFOs, general counsels and boards of directors are paying attention to their FCPA compliance programs and FCPA transactional diligence in ways they never have before.
FW: What are some of the trends in penalties associated with FCPA prosecutions, such as disgorgement, imposition of independent monitor and deferred prosecution agreements?
Walker: Recent settlements of FCPA prosecutions with monetary sanctions in excess of $100m demonstrate that penalties associated with FCPA cases have been increasing dramatically, and I have every reason to believe that this trend will continue. In addition to obtaining substantial fines and penalties and disgorgement of illicitly obtained profits, settlements of FCPA investigations typically require a commitment to implement or strengthen FCPA compliance programs and an agreement to cooperate in the prosecution of targeted employees, agents, or affiliates. Although the cost of these monitorships was criticised by Judge Ellen Segal Huvelle in a hearing on the Innospec deferred prosecution agreement and guilty plea (Judge Huvelle called paying $50m for a monitor ‘an outrage’), imposing a corporate monitor on a company for a period of several years has become a standard component in the resolution of FCPA matters.
FW: What is the likely effect of whistleblower provisions contained in the US financial reform legislation on corporate culture and compliance efforts?
Martin: The bottom line is that more companies will be forced to consider voluntary disclosure of suspected FCPA violations more seriously, and sooner, than they otherwise would. And, more senior executives who never would have considered whistleblowing may now be tempted to do so because of the enhanced potential payday. All of this may also encourage some corporations to establish their own internal whistleblowing rewards and incentives to retain some measure of control over the problem.
Walker: The Dodd-Frank financial reform legislation provides that whistleblowers who report securities violations (including violations of the FCPA) that result in monetary sanctions greater than $1m may receive between 10 and 30 percent of the total recovery. Companies may find themselves dedicating substantial resources to defending real and speculative claims of violation of the FCPA, especially if whistleblowers decide to speak to the government rather than reporting misconduct to compliance staff in their companies. The whistleblower provisions may also motivate companies to move more swiftly to make voluntary disclosure in an effort to beat potential whistleblowers to the DOJ or SEC offices. Accordingly, implementing effective internal controls and compliance programs to detect and prevent FCPA violations should be a high priority.
Harfenist: One of the underlying tenets of fraud investigations is that compensation drives behaviour. This axiom applies more broadly to cover a host of other behaviours as well. As provided for in the recently passed Dodd-Frank Wall Street Reform and Consumer Protection Act, those who provide information concerning possible violations of the securities laws, including the FCPA, are eligible to receive payments ranging from 10 to 30 percent for recoveries of at least a million dollars. I can envision this ‘bounty’ having several effects – both positive and negative. On the plus side, it has the potential of reducing collusive behaviour by insiders as employees might not be as willing to reach across functional areas of responsibility to recruit accomplices fearing that they will be turned over to authorities by their perceived partner-in-crime. On the downside, this policy will also produce many false positives that companies will be forced to investigate – resulting in substantial costs to the company and diversion of management’s attention.
FW: What are some of the key areas of fraud and corruption risk that companies should be focusing on when reviewing their global operations?
Harfenist: The process of assessing risk is complex and considers a number of qualitative and quantitative factors and analyses. To begin, one should gain a deep understanding of a range of issues, including (but not limited to) the company’s competitors and geographic locations, market forces driving the industry, history of industry wide anti-corruption violations, strategic initiatives the company is undertaking, the performance of various product lines, region-specific cultural issues, and the macro events impacting the company’s operations. Several specific risks which may be present include the following. First, how acquisitive the company has been, and what the expectation is for acquisitions going forward. Second, are there factors unique to the company’s industry that are exerting significant performance pressures on sales and product line managers? Third, have the appropriate controls and policies – especially those concerning the use of agents and other channel partners – kept pace with this growth to mitigate the risks of illegal business practices?
Walker: Any global industry where interaction with foreign officials is a routine and necessary part of doing business is likely to receive scrutiny from US regulators. Specific areas of fraud and corruption risk include operating in regions known for a high incidence of corrupt conduct; contracts with unusual financial arrangements and payment patterns; requests for substantial and/or advance commissions; directing payments to accounts in a different country known for its bank secrecy laws; lack of transparency in accounting for third-party transactions; consultants or joint venture partners with vague or insufficient qualifications for the designated work; and difficulty obtaining requested certifications of the work performed or services provided.
Martin: Emerging markets continue to pose the greatest risk for corruption. Enhancing training and monitoring compliance of business development teams, direct sales forces, third party intermediaries and regional management is critical. And, even if a foreign operation is too small to fall within the SOX audit scope for a public company, any operations in regions fraught with corruption risk require special oversight and internal auditing. Also, checks and balances are important. While due diligence, training and audit rights of third party intermediaries is essential, so is staying on top of the flow of funds: for example, watch petty cash; checks made payable to cash; the expense reimbursement review process; customise geographically gift, travel and entertainment policies; limit who can approve wire transfers, open new bank accounts and create new legal entities. Globalisation has led to an exponential growth of many companies’ geographic footprint, but the infrastructure to support and protect those far flung businesses often lags behind. Internal controls, compliance training and continual monitoring are imperative and need to receive priority resources and attention.
FW: What are some of the most effective practices that companies can put in place to mitigate their risks when it comes to anti-corruption?
Martin: Companies should take a number of steps, including the following. Ensure that the ‘tone at the top’ emphasises ethical conduct and creates a culture that demands compliance with the law. Undertake an FCPA risk assessment based upon the jurisdictions in which the company does business, the nature of its sales channels, end user profile, importance of government relations, and history of any complaints and any other red flags that have emerged to date. Require FCPA diligence in all acquisitions involving non-US companies or US companies with international operations, as well as prior to entering into any international joint ventures or similar collaborative arrangements. Develop a comprehensive and well documented FCPA compliance program and conduct FCPA training, worldwide, internally and externally (as appropriate) with annual compliance certifications. Designate a compliance officer independent of the accounting function. Develop standard representative agreements that include specific FCPA language and a right to audit or terminate clause. Periodically exercise the right to audit on selected resellers and distributors as a compliance monitoring tool. Perform due diligence on all new intermediaries prior to entering into any agreements. Establish – or review the adequacy of, as the case may be – the whistleblower process from a global perspective, including hotline language availability and emphasising it in training. Ensure that whistleblower protection policies are in place and properly communicated. Immediately, objectively and independently investigate any ‘red flags’. Adopt and demonstrate a zero tolerance policy for violations.
Harfenist: At the risk of stating the obvious, the first step in addressing anti-corruption risk is instituting a comprehensive compliance program designed to mitigate such risk. However, implementing a series of well-formulated policies is hardly sufficient. Companies must also formalise measures to continually evaluate the effectiveness of the anti-corruption compliance policies, procedures, and controls in place, as well as the content of various training regimens. They also need to identify gaps in the existing control environment and develop and/or augment appropriate accounting controls to further minimise the risk of illegal payments. It is also important to consider how effectively anti-corruption testing is incorporated into the internal audit function. Companies should assess the degree to which current accounting controls are compliant with the books and records provision of the FCPA and other pertinent laws under which the company operates. Finally, they should understand how incentive compensation systems may be exacerbating anti-corruption risk. These are but a few practices companies should consider.
Walker: Management should implement procedures to assist internal audit staff to identify, investigate and remediate potential corrupt practices in every region in which the company operates. There should be a robust schedule of internal audit testing, particularly of travel and expense reimbursement and requests for payments to vendors. Further, companies should have procedures in place to perform due diligence on outside vendors, agents and consultants, and risk-based FCPA-specific due diligence procedures to review potential acquisition targets. Employees throughout the company should be trained in the control procedures that will minimise both the risk of misconduct and the likelihood that any misconduct will escape detection. Companies should also have a hotline for employees to raise concerns about any suspicious conduct they observe.
FW: In the face of tightened budgets for the compliance function, what steps can companies take to allocate scarce resources to their highest and best use?
Walker: I believe the current economic downturn may cause managers who are under pressure to show profits to neglect to erect and enforce procedures to ensure that employees and agents comply with the FCPA. To maximise the cost effectiveness of an FCPA compliance program, companies should determine which markets pose the greatest risk of improper conduct and tailor compliance programs to meet those risks. Compliance staff in those regions should be well-trained to recognise red flags. Third party agents and consultants should be thoroughly vetted when they are necessary, and avoided in favor of in-house employees who are well-versed in the company’s compliance regime. Finally, senior management must make clear to employees that FCPA compliance is not optional, and failure to comply is more costly to the company in terms of the financial cost of investigating and resolving an FCPA prosecution and the reputational cost.
Martin: For ‘issuers’, strong internal controls, worldwide, must be a priority. Often, financial control weaknesses give rise to the easiest cases for the SEC to pursue, and hence can be the area of greatest vulnerability. In addition, it is essential that every company subject to the FCPA has a comprehensive and clearly communicated code of conduct, with FCPA compliance directives. This must be coupled with training, monitoring, internal whistleblower communication channels and protocols for promptly handling allegations of misconduct independently and thoroughly.
Conducting FCPA diligence in M&A transactions, before entering into joint ventures and before signing up any third party intermediaries is also critically important. While none of these steps will always guarantee compliance by everyone worldwide, they will go a long way toward establishing the correct ‘tone at the top’ and presenting a defensible FCPA compliance program if there ever is a problem. That will have a mitigating effect in terms of any penalties, fines and sanctions that may be administered as a result of a violation.
Harfenist: Companies looking to assess their compliance program should contemplate instituting a phased, risk-based approach to ensure that resources are spent prudently and return the highest value. Before initiating any initial analytics or forensic protocols, the company should isolate pressure points being brought to bear by both internal forces and external constituencies. Once management grasps each of the pressure points the company and its employees is subject to, they will be in a better position to implement a series of forensic procedures designed to uncover whether individuals with the opportunity to alleviate the aforementioned pressures are doing so, and as a result, exposing the company to substantial risk. This reasoned approach ensures that companies consistently receive productive information from the limited investigatory resources at their disposal.
FW: With the enormous amount of data that companies maintain, how can they effectively mine their data to look for transactions and relationships with high indicia of fraud?
Harfenist: With the ever-burgeoning quantity of data companies maintain it is critical to utilise forensic tools to mine disparate databases looking for transactions that require further analysis. These tools allow users to efficiently analyse terabytes of data to identify transactions designed by those perpetrating a fraud to ‘hide in plain sight’. While these ‘Potentially Anomalous Transactions’ represent a miniscule percentage of the transaction volume, they can expose the company to significant liability. Forensic tools can search for transactions possessing specific fraud-related attributes, as well as those that fall outside the company’s ‘norm’ based upon historical patterns. Examples of such transactions include consecutive numbered invoices, weekend transactions and the use of obscure general ledger accounts. With regard to high-risk relationships, the company might consider employing forensic tools designed to ‘risk rank’ commercial relationships through a system of complex rules and initially investigate a reasonable number of the riskiest relationships.
Walker: Information concerning transactions between the company’s employees, vendors and consultants on the one hand, and government officials or anyone who arguably falls into the broad definition of ‘foreign official’ on the other, must be analysed by personnel who are well-trained to review such data and who possess the tools to effectively mine the data for potential violations of the FCPA. This includes the ability to recover deleted or hidden electronic files where necessary and determine patterns that may indicate fraudulent activity. I would recommend engaging forensic auditors who use computer-aided auditing techniques to target, organise and analyse data in a way that will help identify transactions and business relationships that warrant closer scrutiny.
FW: Can you outline any recent notable cases in which US authorities prosecuted non-US companies for FCPA violations?
Walker: On 28 June 2010, Technip SA, a French engineering company, resolved SEC and DOJ FCPA prosecutions with a $98m SEC settlement and $240m criminal fine. The investigations arose from Technip’s participation in a scheme to bribe Nigerian officials to obtain construction contracts. The SEC alleged that Technip, with its joint venture partners, bribed employees of an entity that was deemed an instrumentality of the Nigerian government even though the government owned less than 50 percent of the company. On 27 July 2010, bribes paid by two non-US subsidiaries to Iraqi ministries to win equipment contracts led to an FCPA action against GE and the subsidiaries, and was resolved by GE’s payment of $23.4m in disgorgement, interest and penalties. Although GE acquired the non-US subsidiaries Amersham plc and Ionics Inc. in 2004 and 2005 and the kickbacks were paid in 2000 through 2003, GE was still deemed liable for the pre-acquisition conduct.
FW: How can companies conduct business competitively while complying with FCPA in situations or jurisdictions where competitors seem to be violating the law?
Martin: A global convergence of anti-corruption standards is emerging – both on a national level in foreign countries and by treaty. As a result, today the competitors of US companies are almost certainly subject to the same anti-bribery limitations, and their local authorities are now stepping-up enforcement as well. In addition, local governments in key high risk markets like China have an ongoing anti-corruption campaign. It has finally become clear to just about everyone that conducting business on a level playing field is good for everyone – foreign governments, their economies and their citizens. It leads to the best result for all involved. While corrupt individuals inhabit every system and organisation, the commitment to weeding-out bad actors and cleaning-up institutions is getting traction worldwide. The trend is positive, and, even if it means losing out on a contract occasionally, the right answer will always be for companies to compete within the confines of their code of conduct and the law.
Walker: Implementing a strong FCPA compliance program – comprehensive training for all employees and remediation of company practices that are inconsistent with the highest standard of FCPA compliance – costs money. However, increasingly companies are discovering that they are subject to anti-bribery legislation not just under the FCPA, but under the laws in many other countries in which they do business. Moreover, recent FCPA settlements make plain that the cost of noncompliance is extremely high, and outweighs any profit that could be gained through bribery. Indeed, when one considers the settlements against Siemens AG ($800m) or BAE ($400m), for example, and then adds in the costs of investigating the misconduct, developing the legal strategy to fight the allegations and/or settle, and remediation, the better question may be how can a company remain competitive without an adequate system for ensuring FCPA compliance, even in jurisdictions where noncompliance by competitors is common.
Harfenist: I believe it is a fallacy that you cannot compete effectively in various parts of the world in those instances where you believe that your competitors are paying bribes. At a former employer, the foreign minister of an oil producing nation in Africa asked for a bribe in connection with a multi-million dollar consulting opportunity we had proposed on. In addition, we were certain that one of our main competitors for the project would be complying with the request for a bribe. However, we politely declined, yet still won the work because our qualifications, experience, level of service and price provided the overall best value. If there is one lesson to be learned from the onslaught of headlines concerning the significant fines, material disgorgements, lengthy prison sentences and damaged reputations, no matter how enticing an opportunity may appear, you cannot violate anti-corruption laws.
George Martin is head of Faegre & Benson LLP’s Corporate Group and co-chair of its International Practice. He lived and practiced law in China and Eastern Europe for five years and has an emerging markets focus, leading complex cross-border M&A and joint venture transactions, FCPA diligence and FCPA internal investigations, worldwide. He can be contacted on +1 (612) 766 7055 or by email: email@example.com.
Jeffrey Harfenist CPA, MBA, is a managing director at Navigant Consulting (PI) LLC. He has directed some of the most high-profile investigations in US history. His practice focuses on anti-corruption matters, including reactive engagements pursuant to government inquiries, and proactive compliance reviews. Mr Harfenist is expert at applying forensic tools to identify anomalous transactions and high-risk relationships. His engagements span the globe requiring the effective coordination of forensic, eDiscovery and intelligence assets. He can be contacted on +1 (713) 646 5037 or by email: firstname.lastname@example.org.
James Walker is a partner at Richards Kibbe & Orbe LLP, where he concentrates in internal investigations, white collar criminal defence, civil litigation, and professional liability. Mr Walker represents audit committees, audit committee directors, corporate officers, and other professionals in criminal, SEC, and FINRA investigations of potential violations of securities laws and Foreign Corrupt Practices Act, and in related civil litigation. He can be contacted on +1 (212) 530 1817 or by email: email@example.com.
© Financier Worldwide
George D. Martin
Faegre & Benson LLP
Navigant Consulting (PI) LLC
Richards Kibbe & Orbe LLP