Last week Credit Suisse Group AG (CSAG) and Credit Suisse (Hong Kong) Limited (CSHK), a subsidiary of CSAFG, settled a Foreign Corrupt Practices Act (FCPA) enforcement action for just over $77 million for the illegal hiring of family members and close personal friends of Chinese government employees and employees in Chinese state-owned enterprises. CSHK obtained a Non-Prosecution Agreement(NPA) from the Department of Justice (DOJ) and CSAG entered into an agreed Cease and Desist Order(Order) with the Securities and Exchange Commission (SEC). Collectively, they paid a criminal fine to the DOJ in the amount of $47 million and disgorgement to the SEC in the amount of $24.9 million with interest of $4.8 million for a total to the SEC of $29.8 million.

The FCPA enforcement matter was concluded with a substantial positive for CSAG given its conduct surrounding the affair. CSHK employees worked actively to circumvent, over-ride and hide their actions; clearly indicating the intent to provide benefits to foreign government officials in return for significant benefits. I have been considering this FCPA enforcement, lessons to be learned for the compliance practitioner and how CSHK was able to garner such a superior NPA result. Today I conclude with some of the factors which led to the DOJ giving a 15% discount on the criminal penalty and steps companies should take around the hiring of family members of foreign government officials and employees of state-owned enterprises.

Even with the intentional acts of CSHK, the (very) bad facts outlined in the prior posts, CSAG obtained what can only be described as a superior result in CSHK receiving a NPA and the US entity agreeing to a Cease and Desist Order. This enforcement action is now one of three from the spring of 2018 which demonstrates the effect of the new FCPA Corporate Enforcement Policy, announced in late November 2017, and the new anti-piling on policy announced in May 2018. The other two enforcement actions were the Declination issued to Dun & Bradstreet, Inc. and the Deferred Prosecution Agreement (DPA) obtained by Panasonic Avionics Corporation. The DOJ and SEC have made clear the benefits to a company which cooperates and remediates, even if they do not so fully and they do not self-disclose the FCPA violation.

The Result

CSHK did not receive any credit for self-disclosing the FCPA violations and “because neither it nor CSAG voluntarily and timely disclosed to the Offices the conduct described in the Statement of Facts”. However, CSHK did receive “partial credit for its and CSAG’s cooperation with the Offices’ investigation, including credit for conducting an internal investigation, making factual presentations to the Offices, voluntarily making foreign-based employees available for interviews in the United States, producing documents to the Offices from foreign countries in ways that did not implicate foreign data privacy laws, providing translations of foreign language documents, and collecting and presenting evidence to the Offices”. Tellingly, it did not receive full credit for its cooperation “because its cooperation was reactive, instead of proactive.”

CSHK did institute significant remediation, including:

(1)   adopting additional compliance internal controls related to their hiring programs;

(2)   implementing procedures in the Asia Pacific region in 2013, and globally in 2015, to ensure the identification of and anti-corruption vetting for all candidates referred for employment by foreign government officials and employees of state-owned enterprises;

(3)   requiring all candidates for employment to be screened by an independent service for connections to government officials, SOE employees and other “politically exposed persons” and verifying the efficacy of this screening;

(4)   requiring additional post-hire controls on employees linked to foreign government officials and employees of SOEs, such as ring fencing them from work involving such officials and SOE employees and requiring compliance personnel to track their performance;

(5)   requiring and conducting periodic reviews of hiring controls, and developing procedures for the regular evaluation of hiring controls;

(6)   conducting yearly headcount reviews to ensure accurate record-keeping concerning hiring; and

(7)   requiring improved FCPA and anti-corruption training for all staff, including job-specific training for bankers, recruiters, human resources, and compliance personnel.

Yet here CSHK did not receive full credit as it did not discipline those within the organization who “engaged in the misconduct, and instead only recorded policy infractions internally and provided notices of infractions”. For all of the above and some other efforts, the company did receive a 15% discount off the bottom range in the Sentencing Guidelines. It is also important to note that the SEC stated in its Order, “Respondent acknowledges that the Commission is not imposing a civil penalty based upon the imposition of a $47 million criminal fine as part of Credit Suisse’s settlement with the United States Department of Justice.”

Going Forward

It is incumbent to note that there is nothing illegal in the hiring of family members of foreign government officials or employees of SOEs. What is illegal under the FCPA is intentionally hiring a family member or close personal friend to influence a decision maker at a foreign government or SOE to confer a benefit. If the answer to that question is yes, then the FCPA is impacted. That benefit can be a new contract, contract renewal, tax benefit, confidential inside information or the wide variety of other conduct which constitutes a benefit under the FCPA.

Moreover, there is nothing in the FCPA which makes illegal or prevents the hiring of a family member or close personal friend of a foreign government official or SOE employee. Admittedly, such a hiring may be more high risk and require greater risk management but there is nothing which prevents any business from such hires. The key is that the hiring goes through the standard hiring process.

It all starts with the hiring criteria. If a candidate does not meet your company’s educational or professional standards for hiring, they should not be considered – full stop. There should not be any waivers or exceptions granted unless it is for a technical position that the candidate is uniquely suited for, all of which must be documented. If such a candidate is hired then they must be ring-fenced from working on any matter related to their family member who is a foreign government official or SOE employee.

What is the criteria Compliance can advise HR on to implement and operationalize the compliance issues in hiring? There are three questions I suggest be used to analyze the hiring of a family member of foreign official or SOEs. They can also be installed as internal controls.

  1. Does the candidate meet your firm’s hiring criteria?
  2. Did the foreign official whose family member you are considering for hire demand or even suggest your company hire the candidate?
  3. Has the foreign official made or will make a decision that will benefit your company?

If the answer to the first question is “No” and the second two “Yes”, you may well be in a high-risk area of violating the FCPA. You should investigate the matter quite thoroughly and carefully. Finally, whatever you do, Document, Document, and Document your investigation, both the findings and the conclusions. Furthermore, these questions can be set up as internal controls. This is another example of how a company can operationalize compliance and burn it into the fabric and DNA of an organization. Additionally, it provides another level of oversight or “a second set of eyes” on the hiring process around hires that are high-risk under the FCPA.

I hope you have enjoyed this short series on the CSAG FCPA enforcement action. For an enforcement south of $100 million there was quite a bit to unpack and more to learn for the compliance practitioner.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018