We had an interesting week of anti-corruption enforcement actions last week, both in the United States and in the United Kingdom. We have now had four Foreign Corrupt Practices Act (FCPA) enforcement actions since the announcement of the Department of Justice (DOJ) Pilot Program in April. We have also had the United Kingdom Serious Fraud Office (SFO) have another court approval for a Deferred Prosecution Agreement (DPA). I thought this would be a good time to review some of the recent enforcement actions, and consider what lessons they may impart to the compliance practitioner. This Whitepaper will bring you up to date on recent enforcement actions and where things may be going down the road. I will begin with a troubling report issued by a committee of the United States House of Representatives over the DOJ’s handling of the money laundering enforcement action against United Kingdom bank HSBC back in 2012.
Troubling questions raised in HSBC prosecution
Of all the things that former Attorney General Eric Holder was criticized for by the United States Congress, one might think that his protection of financial institutions might not have been one of them. Yet, last week, a scathing report entitled ‘Too Big To Jail’ was issued by the GOP staff of the House of Representatives Financial Services Committee, which was subsequently discussed by Gretchen Morgenson in her Fair Game column in The New York Times (NYT) entitled ‘Kid Gloves For a Bank With Clout’. The report deals with the DOJ investigation into HSBC and the subsequent resolution of allegations that the bank “laundered nearly US$900 million for drug traffickers” and sanctioned countries.
While the report does not deal with the DOJ’s lack of prosecution of individuals from the 2008 financial crisis, it certainly does provide insight into how Holder conducted such resolutions with large financial institutions and may well explain how it occurred that there were no individual prosecutions. The piece begins that, even with a nearly US$2 billion fine, it was not “a body blow” to HSBC. Of course, there was the ubiquitous DPA put in place, where the DOJ would “delay or forgo prosecution of a company if it promises to change its behavior”.
While I am most generally supportive of the practice of using corporate DPAs to help enhance compliance programmes, Morgenson’s article does bring up some troubling questions about how and why HSBC was able to get off with not only an agreement not to prosecute any individuals at the bank going forward, but even have individual incentives removed from the final DPA. The House report found that DOJ leadership, in the form of AG Holder, “overruled an internal recommendation to prosecute HSBC” because of concerns that prosecution of HSBC “could result in a global financial disaster”.
That final line is one we have (unfortunately) heard before. However, the NYT article also reports on how HSBC was able to “soften the deal”. The original agreement with HSBC had language that “provides no protection from prosecution for employees who ‘knowingly and willfully’ processed financial transactions with countries under American sanctions”. University of Pennsylvania Law School Professor David A Skeel, who was quoted in the piece, said: “This is one case where it looks like the government might have been able to prosecute misbehaving executives during the crisis period, yet waived its right to do so.” Not failed to do so, but waivedits right to do so.
Even more inextricably, the DPA waived future penalties for bank executives who failed to comply with the DPA. Originally, there were sanctions against bank executives who did not meet the compliance obligations set forth in the DPA. These sanctions were financial penalties in the form of loss of bonuses. However, in the final version, this language was removed and the House report noted that the DPA, “apparently leaves open the possibility for executives to get their bonuses, despite failing to meet compliance standards”.
Another troubling aspect unearthed by the House report was “how much influence officials at the Financial Services Authority – Britain’s leading financial regulator at the time – had on the Justice Department’s process in the HSBC matter”. Morgenson quoted a Washburn University School of Law professor, Mary Kreiner Ramirez, for the following: “It would seem that in making the decision with respect to HSBC, (AG) Holder gave more attention to the concerns expressed by the FSA than he did with respect to our own agencies.” Moreover, the Financial Services Authority (FSA) got the documents on apparently something close to a real-time basis as “at the time events were unfolding”.
There has been both legal and academic criticism of DPAs. However, the article brings up another criticism of these settlement vehicles, which is less discussed, which is the internal process by which a settlement is reached. Edward J Kane, a professor of finance at Boston College, noted: “The fact that so many of these cases are settled rather than going to court means we don’t get an airing of facts and challenges of fact.”
The Yates Memo would seem to be one response to pre-emptively address some of the concerns raised by the lack of individual prosecutions. If the DOJ now requires prosecutors to go after culpable individuals in white collar crime cases such as the HSBC money laundering prosecution, or cases under the FCPA for that matter, any settlement via a DPA would not exempt future prosecutions against culpable individuals. Furthermore, it would also seem that the DOJ would strengthen up the compliance programme components of any DPA to have appropriate financial disincentives for the lack of compliance programme adherence. When you put on top of this the Yates Memo requirement that companies must dig up facts on culpable individuals and turn those facts over to the DOJ, it would seem that individuals would be more in the sight of the DOJ for prosecution.
The other factor not fully explored by commentators is that DPAs, Non Prosecution Agreements (NPAs) and other settlement mechanisms are the product of negotiations by the parties, i.e. the government and the company involved. In the context of FCPA resolutions with the Securities and Exchange Commission (SEC), no company is going to put facts supporting a criminal indictment or even claim of criminal conduct in a civil based Cease and Desist Order or other form of civil based resolution. To do so would open up the company to a very high degree of liability, which is not required if the DOJ declines to prosecute a company for criminal violations of the FCPA. That explains why there is never evidence of criminal liability in a resolution document if there is no criminal charge.
Yet the House report does raise some troubling questions about not only how the HSBC settlement was reached, but also the lack of prosecutions against any financial institution following the 2008 financial crisis.
Johnson Controls FCPA enforcement action – background facts
The next case is the Johnson Controls (JCI) FCPA enforcement action. Mike Volkov has described this action as a “head scratcher”. Whether you agree with Volkov’s analysis or not, the case has several significant points for the chief compliance officer (CCO) or compliance practitioner.
The matter was settled via a Cease and Desist Order (the Order) from the SEC and a Declination issued by the DOJ. For its penalty, JCI accepted over US$11.8 million in profits as a result of approximately US$4.9 million in improper payments made by China Marine. JCI agreed to disgorge these profits, pay pre-judgment interest of US$1,382,561 and a civil penalty of US$1,180,000 for a total amount of US$14,362,561.
The underlying facts are about as sordid as they can be for a corporate enforcement action. JCI obtained the Chinese unit, China Marine, through its purchase of York International in 2005. In 2007, York paid US$22 million to the DOJ and SEC to resolve FCPA offences in China and other countries that occurred between 2001 and 2006. York agreed to a three year independent compliance monitor. JCI, for its part, terminated those involved in China Marine’s illegal conduct after it acquired York.
JCI installed its own managing director and limited China Marine’s use of third party sales agents. However, as stated in the Order: “From 2007 to 2013, the managing director of China Marine, with the aid of approximately 18 China Marine employees in three China Marine offices, continued the bribery and theft that began under his predecessor by using vendors instead of agents to facilitate the improper payments. The improper payments were made to employees of government-owned shipyards as well as ship-owners and unknown persons.”
The bribery scheme was quite sophisticated. It involved, “a multi-stepped arrangement that required the complicity of nearly the entire China Marine office from the managing director, to the sales managers, the procurement managers and finally to the finance manager. The managing director aided or at times approved requests for the addition of certain vendors to the vendor master file without disclosing that certain sales managers had ownership or beneficial interest in the vendors. After the managing director’s approval, sales managers added bogus costs for parts and services to sales reports, which inflated the overall cost of the project, and generated purchase orders for the bogus parts and services. The procurement manager knowingly approved the purchase orders.” The scheme even included the vendors themselves who “created fake order confirmations for the unnecessary parts and services and submitted invoices for payments”. To complete the circle, the China Marine finance manager would authorise the fraudulent payments.
In what can only be called a complete, total and utter failure of JCI’s internal controls, company auditors could not understand the China Marine transactions. Furthermore, and with even more evidence of the lack of effective internal controls, many of China Marine’s transactions were deemed non-material so they were at a level below that which would trigger a review of corporate oversight from JCI’s Denmark office, which oversaw the China Marine business unit. The Order noted that the average vendor payment in the bribery scheme “was approximately US$3,400” but the total amount of bribes paid was US$4.9 million. One might reasonably wonder if JCI understood there was no materiality threshold under the FCPA. One might also ask if there was conscious indifference by the JCI corporate office.
For the CCO or compliance practitioner, there are several important lessons to be garnered from this enforcement action. First is the absolute requirement for effective internal controls to be put in place. If your company does not understand the transactions that any subsidiary engages in, you have put your company at serious risk. If a company’s internal auditors cannot understand a series of transactions, they certainly cannot explain them to an auditor. Furthermore, under Sarbanes-Oxley (SOX) §404, a company must not only acknowledge its responsibility for establishing and maintaining a system of internal controls and procedures for financial reporting and assessments, but also report on the effectiveness of the company’s internal controls.
Karen Cascini and Alan DelFavero, in an article entitled ‘An Assessment of the Impact of the Sarbanes-Oxley Act on the Investigation Violations of the Foreign Corrupt Practices Act’, wrote that Section 404 “requires management to annually disclose its assessment of the firm’s internal control structure and procedures for financial reporting and include the corresponding opinions by the firm’s auditor”. More particularly, “while the FCPA required public companies to institute effective internal controls to stop the bribes and make executives accountable, SOX 404 goes further, but has similar goals”.
All of this might reasonably lead one to ask, ‘who at the corporate headquarters certified the effectiveness of both JCI’s and China Marine’s internal controls?’ Moreover, the Accounting Provisions of the FCPA also includes a section requiring accurate books and records. Clearly, JCI was not too interested in verifying the accuracy of the books and records of its China Marine subsidiary.
More than this lack of compliance with both prongs of the FCPA Accounting Provisions, the lack of seeming awareness of enhanced risks is a confounding aspect of this case. China Marine was clearly identified as a high-risk business unit of both York and later JCI. Simply putting your self-appointed managing director in place is not enough. Any competent risk management system requires oversight or, as my wife would say, ‘a second set of eyes’. This is why an effective compliance programme requires ongoing monitoring. It is even more the case when an entire business unit is high-risk.
Johnson Controls FCPA enforcement action – the Declination
Next, I want to consider the information available on the actions by JCI, beginning with the self-disclosure that led to the DOJ granting a Declination. The commentary on the DOJ Declination has ranged from the FCPA Professor, which argued there was no viable cause of action against JCI for the illegal conduct of its subsidiary, China Marine, and hence the Declination was without substance; to Mike Volkov, who called the Declination a ‘head scratcher’. In arguing there were potential criminal charges to pursue, Volkov noted, “there appears to be plenty of justification to stretch here in this case when you basically have a recidivist continuing to violate the law”. I want to consider the matter from the angle of the new DOJ Pilot Program and see what, if anything, might be gleaned from that perspective.
One of the difficulties in evaluating any Declination is the paucity of facts available to the compliance practitioner to evaluate. In the JCI case, we have the SEC resolution via a Cease and Desist Order that lays out the facts relevant to that enforcement action. However, this Order is the product of negotiations between the SEC and JCI. This means the company can seek to keep out facts that would point to criminal liability, reputational damage, embarrass senior executives or a plethora of other issues the company does not want in the public domain. There is no way to know if the facts laid out in the Order are all the facts in the case that were known to the DOJ or even disclosed to the DOJ, so to base an argument on this underlying premise puts you on wobbly ground. The foregoing is one of the reasons I have argued for my information to be made public around Declinations, as there is some basis for the self-disclosure by JCI to the DOJ.
Yet, even if one took the facts presented in the Order as only facts of this matter, there is information that could lead one to reasonably conclude that criminal charges could be considered under the FCPA. The Accounting Provisions, both Books and Records and Internal Controls, are generally thought to be civil side requirements only. However, the statute does make violations of the Accounting Provisions under the following:
(4) No criminal liability shall be imposed for failing to comply with the requirements of paragraph (2) of this subsection except as pro¬vided in paragraph (5) of this subsection.
(5) No person shall knowingly circumvent or knowingly fail to imple¬ment a system of internal accounting controls or knowingly falsify any book, record, or account described in paragraph (2).
Paragraph 2 refers to the Internal Controls requirements of the FCPA. This means someone must knowingly falsify such records or fail to implement a system of internal controls. The facts laid out in the Order would appear to provide at least an argument that this threshold was met. JCI’s internal controls were so poor that the company “did not understand some of the highly customised transactions at China Marine or the projects involving the sham vendors.” Additionally, someone at the corporate office had to certify the financial statements were true and correct and, whoever did, could also have violated the FCPA. Volkov noted that the DOJ could “stretch” to bring criminal charges. However, either through the argument of conscious indifference or simply on the facts laid out in the Order I find an argument for criminal liability plausible. Of course, these arguments do not convict JCI of criminal violation of the FCPA, only a trier of fact can do so. Yet they make clear that there are credible arguments that could be pursued that makes a Declination an appropriate mechanism for the DOJ to use, in its discretion.
What led the DOJ to exercise its discretion in issuing the Declination? We can find some guidance from the four requirements under the Pilot Program. First, that there be self-disclosure, which was present in this matter. The Order stated that the company self-disclosed within one month after receiving a second anonymous whistleblower tip. Second is cooperation during the investigation. The Order stated that JCI provided “thorough, complete and timely cooperation”, which consisted of the following:
- JCI promptly and routinely provided the staff with the results of its investigation as it progressed, and provided all supporting documentation requested.
- JCI provided factual chronologies, hot document binders, and interview summaries, as well as English translations of numerous documents and emails.
- JCI made employees available for interviews.
- JCI provided ‘real time’ downloads of employee interviews and made other foreign employees available for interview.
- When the company caught a Chinese employee shredding documents, it quickly secured the office to preserve evidence.
- JCI’s cooperation assisted the staff’s investigation.
- JCI’s timely self-report as well as the thorough productions allowed the staff to initiate and complete its investigation quickly.
The next requirement under the Pilot Program is for extensive remediation during the pendency of the investigation. Here the Order laid out some of the steps taken by JCI, including:
- JCI terminated or separated 16 employees implicated in or associated with the illegal scheme and placed all suspect vendors on a do-not-use/do-not-pay list.
- JCI has closed down its China Marine offices and moved all remaining China Marine employees, none of whom perform a sales or procurement function, into existing offices.
- JCI enhanced its integrity testing and internal audits to reevaluate vendor onboarding for all JCI business worldwide.
- JCI implemented random site audits to ensure the delivery of goods on purchase orders.
The final requirement under the Pilot Program is that the company disgorges profits it received from its ill-gotten gain. The Order stated: “From 2007 to 2013, JCI obtained a benefit of US$11.8 million as a result of over US$4.9 million in improper payments made to or through approximately 11 problematic vendors for the purpose of foreign and commercial bribery, and embezzlement.” This corresponds to the amount paid as disgorgement.
For any CCO or compliance practitioner reviewing the JCI enforcement action, it does not matter whether you believe JCI committed criminal acts or not. The reality is that the DOJ is once again laying out conduct for which it will consider awarding the lowest sanction possible, a Declination. There have now been three given since the announcement of the Pilot Program in April. You should study each of these and, if you find yourself subject to a FCPA investigation, use each Declination as a roadmap for your actions during the pendency of the investigation.
The XYZ Deferred Prosecution Agreement in the United Kingdom
I continue my exploration of recent anti-corruption enforcement with a slight detour across the pond to visit the recent DPA awarded in the United Kingdom Crown Court at Southwark, entitled Redacted Approved Judgment (Judgment), in the matter of an un-named company, designated as ‘XYZ Limited’ (XYZ). The Judgment was issued on 8 July 2016.
Of interest was the Court’s notation of the income and eventual profits to XYZ, which the Judgment stated were “taken together, in the period 2004-2013, a total of £17.24 million was paid to XYZ on the 28 implicated contracts on which bribes were offered. This sum represented 15.81 percent of the total turnover of XYZ in the period (being £109 million). The total gross profit from the implicated contracts amounted to £6,553,085 out of a total gross profit of £31.4 million (i.e. 20.82 percent). XYZ estimates a net profit of approximately £2.5 million in respect of the implicated contracts.”
XYZ’s United States parent, ABC Corporation, implemented a corporate compliance programme in 2011 and, during this initial implementation period, the bribery scheme was discovered. Subsequently, XYZ self-disclosed the illegal conduct to the SFO. The company turned over its internal investigation in 2013 and then the SFO conducted its own investigation until 2016.
The Court went through a very detailed analysis about why it should accept a DPA and reduced the fine and penalty in a section entitled ‘The Interests of Justice’. There were several factors laid out that are rather un-typical in the DOJ’s DPA programme, even under the Pilot Program. While noting the seriousness of XYZ’s conduct and the length of time the bribery scheme was employed, the Court put some amount of weight into the fact that it was the agents and third parties who, in large part, suggested the bribery scheme and not the company. Here the Court wrote: “There is no question but that XYZ spiralled into criminality as a result of the conduct of a small number of senior executives bending to the will of agents.” The Court also noted the change in XYZ’s culture by stating: “It is clear that XYZ in its current form is effectively a different entity from that which committed the offence.”
XYZ was assessed a financial penalty of £352,000, together with a disgorgement of profits at the amount of £6,201,085 (£1,953,085 to be paid by the American parent). The disgorgement amount will be paid over five years. The Judgment specifically took into account the ability of XYZ to pay the financial penalty as one of the factors that led to the Court accepting this amount. The length of the DPA was set to be “until the earlier of 31 December 2020, or such time after 31 December 2018 but before 31 December 2020, as the financial terms have been fully met.”
Laura Dunseath, writing in a thebriberyact.com blog, entitled ‘Opinion: SFO’s second DPA – A moderate step in the right direction. Could do better’, felt “The XYZ DPA has achieved a very welcome step back in the right direction, but it still does not go far enough to truly accomplish the Government’s stated aims of incentivising companies to self-report and cooperate with the authorities.” However, for any United States practitioner who negotiates a DPA, the Court oversight in the United Kingdom is very different. The Court’s lengthy recitation of the facts, the law, the negotiations and even the Court’s own questioning of the parties and their counsel, demonstrates a level of judicial oversight not seen on this side of the pond.
Dunseath is concerned that there are not enough incentives under the SFO interpretation of the United Kingdom Bribery Act penalties to fully encourage companies to come forward and self-report. Her concern was based upon the prior DPA and a sentencing that she believed sent out mixed incentives to companies. Under the first United Kingdom DPA, involving Standard Bank, the fine was calculated using a multiplier of 300 percent – from a range of 250 percent to 400 percent – and a discount of only 33 percent, which is on a par with the discount usually applied to a guilty plea at the first opportunity. Next was the sentence involving the Sweett Group, “where its financial penalty was proportionately lower since it was calculated using a 250 percent multiplier along with the 33 percent discount; and the proceeding against it was concluded at the sentencing hearing, and it is not subject to any ongoing conditions such as the monitoring of its compliance programme or cooperation with ongoing proceedings.”
Dunseath believed that the SFO “sought to redress the balance and offer some advantage beyond the avoidance of criminal conviction” in the XYZ DPA, noting: “The fine was calculated using the 250 percent multiplier and a discount of 50 percent was applied rather than 33 percent in recognition of the fact that further discount should be given when a defendant not only pleads guilty, but brought the matter to the attention of the authorities in the first place. The financial status of the company and the impact that the fine would have on its future ability to trade was fully considered, and the fine was accordingly reduced to prevent the company being forced into insolvency.”
In a SFO press release, Director David Green said: “The decision as to whether to force a company into insolvency must be balanced with the level and nature of cooperation and this case provides a clear example to corporates.” Furthermore, comments from Green highlighted the differences between the DPA practice in the United States from that in the United Kingdom. In the United States, DPAs as private agreements between the parties and a court have no legal basis to do anything other than rubber stamp a DPA presented to it. In its statement, the SFO noted: “A DPA is not a private plea ‘deal’ or ‘bargain’ between the prosecutor and the company. It is a way in which a company accounts for its alleged offending to a criminal court, and can have no effect until a judge confirms in open court that the DPA is in the interests of justice and that its terms are fair, reasonable and proportionate.”
I find the last statement to accent the largest difference between the United Kingdom and United States practice with regard to DPAs. In the United States, it is a private agreement negotiated between the parties and has no judicial input. In the United Kingdom, there is not only judicial oversight but also, more importantly, judicial input. While I recognise that the Second Circuit has made clear that charging decisions are within the sole discretion of prosecutors, this level of judicial oversight and review go a long way towards assuring justice is accomplished in the United Kingdom.
Three-Month Pilot Program wrap up
I end this exploration of recent FCPA (and one UK Bribery Act) enforcement issues by considering the three enforcement actions that have occurred since the enactment of the DOJ Pilot Program in April. These have resulted in the companies receiving a Declination to Prosecute from the DOJ. Proving once again that I am “never gonna give you up, never gonna let you down”, I want to look at these Declinations to see what information they can provide to the compliance practitioner to assist them in guiding their own response should their company find itself embroiled in a FCPA investigation and attendant enforcement action.
The enforcement actions involved Nortek Corporation, Akamai Technologies, and Johnson Controls. Nortek and Akamai received NPAs from the SEC and Declinations to Prosecute from the DOJ. JCI received a civil Cease and Desist Order from the SEC and Declination from the DOJ. One other matter was resolved with the DOJ via a NPA, that being Analogic Corporation.
A. The Declination letters
The letters issued by the DOJ did not provide a plethora of detail. The Akamai and Nortek Declination letters were identical with the exception of the different corporate names. In relevant part they stated: “We have reached this conclusion … based on a number of factors, including but not limited to the fact that Nortek’s internal audit function identified the misconduct, Nortek’s prompt voluntary self-disclosure, the thorough investigation undertaken by the Company, its fulsome cooperation in this matter (including by identifying all individuals involved in or responsible for the misconduct and by providing all facts relating to that misconduct to the Department) and its agreement to continue to cooperate in any ongoing investigations of individuals, the steps that the Company has taken to enhance its compliance programme and its internal accounting controls, the Company’s full remediation.” It went on to add that the company had agreed to profit disgorgement.
The JCI letter, stated: “We have reached this decision based on a number of factors, including but not limited to: the voluntary self-disclosure of the matter by JCI; the thorough investigation undertaken by the Company; the Company’s full cooperation in this matter (including its provision of all known relevant facts about the individuals involved in or responsible for the misconduct) and its agreement to continue to cooperate in any ongoing investigations of individuals; the steps that the Company has taken and continues to take to enhance its compliance programme and its internal accounting controls; the Company’s full remediation.” As with Nortek and Akamai, the JCI letter also noted the company had agreed to disgorge its profits.
About the only difference I can ascertain in the letters is that Nortek and Akamai provide ‘fulsome’ cooperation, and JCI provided ‘full’ cooperation. Yet, the overall point of these Declinations seems to be that the level of cooperation was very substantial.
Contrast the triple declination language with the NPA that Analogic received, which specifically noted the company’s lack of full cooperation. It stated: “The Company did not receive full cooperation credit because, in the view of the Offices, the Company’s cooperation subsequent to its self-disclosure did not include disclosure of all relevant facts that it learned during the course of its internal investigation; specifically, the Company did not disclose information that was known to the Company and Analogic about the identities of a number of the state-owned entity end-users of the Company’s products, and about certain statements given by employees in the course of the internal investigation.”
B. Box score summary of Declinations
All parties admitted to facts that could have formed the basis of a criminal FCPA enforcement action brought by the DOJ, yet they all received Declinations. While it would certainly have been more helpful to have a full release of information by the DOJ, to assist the compliance practitioner in understanding the totality of the facts considered, these three Declinations may well mark a new starting point in criminal FCPA enforcement going forward. Since at least 2014, with the Parker Drilling and Hewlett-Packard FCPA enforcement actions, the DOJ has provided significant credit to companies that thoroughly cooperated and provided extensive remediation during the pendency of their enforcement actions. With the Pilot Program implementation, these shifts are now official DOJ policy.
One other point unrelated to the Pilot Program discussion is the length of time that the Akamai and Nortek matters were concluded. It was less than 18 months for both. This short timeframe for a resolution is certainly a welcome development and shows that if a company comes forward quickly, is efficient in its investigation and proactive in its remediation, it can benefit with lower overall investigation and remediation costs as well.
All of the above is most welcome for any compliance practitioner. The DOJ Pilot Program has come out of the box with some solid wins for the companies involved, the DOJ and the greater compliance community. If this pattern continues, it will allow the DOJ to focus its resources in driving home the message that it is doing compliance that will not only work to keep a company out of trouble but will also get a company out of trouble.