SEC2015 continued the trend of Foreign Corrupt Practices Act (FCPA) enforcement actions brought by the Securities and Exchange Commission (SEC) with no parallel Department of Justice (DOJ) enforcement action. As you might expect, these SEC enforcement actions turned on violations of the Accounting Provisions of the FCPA, either the books and records provisions or the internal controls provisions. In this two-part series to begin the New Year I take a look at five SEC enforcement actions and use them to point where enforcement may be going in 2016 and what the Chief Compliance Officer (CCO) or compliance practitioner should take away from the enforcement action. Part I will focus on BNY Mellon and BHP and Part II will look at the Bristol Squibb-Myers, Hitachi and Mead Johnson enforcement actions.

BNY Mellon: Hiring of Children and Relatives

In August, the SEC announced a resolution with the Bank of New York Mellon Corporation (BNY Mellon) for FCPA violations. This was the first enforcement action around the now infamous Princesslings and Princelings investigation where US companies hired the sons and daughters of foreign government officials to curry favor and obtain or retain business.

While JPMorgan Chase has garnered the most attention around this issue, probably because of its notorious spreadsheet tracking of sons and daughters hires to develop business in China, there are multiple US companies under scrutiny for similar conduct. The FCPA Blog has reported that Credit Suisse, Goldman Sachs, Morgan Stanley, Citigroup, and UBS are all under investigation by the SEC for their hiring practices around the sons and daughters of foreign government officials. BNY Mellon has the honor of being the first company to reach resolution on this issue.

There is nothing illegal around the hiring of a close family member of a foreign governmental official. It does however present a higher risk for indicia of bribery and corruption and violation of the FCPA. A higher FCPA risk means you need to evaluate that risk more closely and manage that risk accordingly.

The obvious starting point for the hiring of a close family member of a foreign governmental official is whether the candidate is qualified for the position. If they are not qualified it is ‘Full Stop’ at that point. In the case of BNY Mellon there was no evidence any of the candidates had the academic background, credentials, leadership traits or intangible skills to meet the bank’s normal internship hiring criteria. As with any other anomaly granted in a company’s normal process, there must be a documented reason for the exception, review by appropriate authority of the exception and documentation as to why the exception was granted. None of these steps were present in the BNY Mellon matter. Put another way, if you are hiring a family member or close relative of a foreign government official for any reason other than merit, it had better be a darn good one and be well documented as to the decision-making calculus with appropriate senior management oversight.

But your risk management does not stop simply with the hiring process. If the foreign governmental official is the person who made the request for the hiring of the family member, this is a Red Flag not to be overlooked. Your analysis needs to be on the role of that foreign governmental official in awarding new business to your company or in retaining old business. If the foreign governmental official has direct or even strong indirect control over such business relations, this may present such a direct conflict of interest, this may be a risk that you cannot manage. A good rule of thumb here is whether there is full transparency in the hiring with the foreign government involved with your company. In the case of BNY Mellon, they did not want anyone in the Sovereign Wealth Fund to know BNY Mellon had hired the son or nephew. That is a clear sign that transparency is lacking and someone, somewhere is engaging in unethical conduct, if not breaking the law.

Finally, if you do decide to move forward and hire the close family member, you need to assign that new hire to work that is not associated with the business relationship between your company and the foreign government involved. Just as in the lifecycle of third party management, managing the relationship after a contract is inked is in many ways the most critical element; the same is true in the employment relationship involving close family members of foreign government officials.

Ultimately, you need to have internal controls to ensure effective compliance going forward. You cannot have customer relationship managers making the calls on hiring which over-ride the Human Resources (HR) procedures. There must be not only HR review but also mechanisms to flag for compliance review such hires. Lastly, there needs to be sufficient senior management oversight because this is such a high-risk proposition.

BHP: High-Risk Hospitality

In May came the release of the SEC FCPA enforcement action involving BHP Billiton Ltd. (BHP), which revolved around the company’s hospitality program for the Beijing 2008 Olympics. Every CCO and compliance practitioner should study this enforcement action in detail so that they can craft appropriate compliance internal controls for high dollar entertaining for big time sporting events. For any company that may be planning high dollar hospitality spends for the 2016 Brazil Olympics, this enforcement action lays out what you should and should not do in your compliance program. But this holds true for any major sporting event such as the Super Bowl, World Cup or you name the event.

BHP had a paper program that appeared robust. As laid out in the SEC Cease and Desist Order, “BHPB developed a hospitality application which business managers were required to complete for any individuals, including government officials, whom they wished to invite.” Yet, an effective compliance program does not end at that point. Now would be an appropriate time to recall that high risk does not mean you cannot engage in certain conduct. High risk means that to have an effective compliance program, you have to manage that risk. A basic key to any effective compliance program is oversight or a second set of eyes baked in to your process. BHP formally had this oversight or second set of eyes in the form of an Olympic Sponsorship Steering Committee (OSSC) and Global Ethics Panel Sub-Committee.

Where BHP failed was that “other than reviewing approximately 10 hospitality applications for government officials in mid-2007 in order to assess the invitation process, the OSSC and the Ethics Panel subcommittee did not review the appropriateness of individual hospitality applications or airfare requests. The Ethics Panel’s charter stated that its role simply was to provide advice on ethical and compliance matters, and that “accountability rest[ed] with business leaders.” Members of the Ethics Panel understood that, consistent with their charter, their role with respect to implementation of the hospitality program was purely advisory. As a result, business managers had sole responsibility for reconciling the competing goals of inviting guests – including government officials – who would ““maximize [BHPB’s] commercial investment made in the Olympic Games” without violating anti-bribery laws.”

But there was more than simply a failure of oversight by BHP. The Cease and Desist Order noted that not all of the forms were filled out with the critical information around a whether a proposed recipient might have been a government official. Even more critically missing was information on whether the proposed recipient was in a position to exert influence over BHP business. Moreover, BHP did not provide training to the business unit employees who ended up making the call as to whether or not to provide the hospitality on payment of travel and hospitality for spouses. The Cease and Desist Order stated that BHP “did not provide any guidance to its senior managers on how they should apply this portion of the Guide when determining whether to approve invitations and airfares for government officials’ spouses.” Finally, there were no controls in place to update or provide ongoing monitoring of the critical information in the forms.

All of this led to the SEC stating the following, “As a result of its failure to design and maintain sufficient internal controls over the Olympic global hospitality program, BHP invited a number of government officials who were directly involved with, or in a position to influence, pending negotiations, efforts by BHPB to obtain access rights, or other pending matters.” Perhaps it was stated most succinctly by Antonia Chion, Associate Director of the SEC’s Division of Enforcement, in the SEC Press Release announcing the enforcement action when she said, “A ‘check the box’ compliance approach of forms over substance is not enough to comply with the FCPA.”

Stay tuned for Part II tomorrow…

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016