Yesterday, I considered the recently announced Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) enforcement action against Telefônica Brasil S.A., Cease and Desist Order(Telefonica Order). Taken in tandem with the July 2015 SEC enforcement action involving BHP Billiton (BHP), also resolved via Cease and Desist Order (BHP Order), these two enforcement actions can provide some guidance for the compliance practitioner in the risk area of gifts, travel and entertainment (GTE) for high-dollar sporting events such as the World Cup, Olympics, Super Bowl, World Series or the upcoming National Basketball Association (NBA) Championship.
One must start with the Telefônica Order because it made clear that there were no policies and procedures around this process. What I found interesting were the amounts listed in the Telefônica Order. These tickets were purchased for a total amount of $5.1 million and paid in three installments over three years beginning in 2012. The tickets were valued at $2750 per ticket with an additional $454 allotted for hospitality for a total value of $3204 for each ticket handed out. Of these 1860 tickets some 194 were allotted to Brazilian government officials or officials from other governments who were customers of the company. The SEC valued the total amount allotted to Brazilian government officials as $621,576.
Nowhere in the Telefônica Order was there explicit criticism of either the aggregate amount spent or the valuation of the individual ticket price plus hospitality. What Telefônica lacked was any process to manage the risk of spending lavishly on a government official who had contract oversight of Telefônica or the ability to direct work to them. For how such a protocol could work, one must turn to the BHP enforcement action, which revolved around the company’s hospitality program for the Beijing 2008 Olympics. BHP had a paper program that appeared robust. As laid out in the Billiton Order, “BHPB developed a hospitality application which business managers were required to complete for any individuals, including government officials, whom they wished to invite.” The application included these questions to be fully answered:
- “What business obligation exists or is expected to develop between the proposed invitee and BHP Billiton?”,
- “Is BHP Billiton negotiating or considering any contract, license agreement or seeking access rights with a third party where the proposed invitee is in a position to influence the outcome of that negotiation?”
- “Do you believe that the offer of the proposed hospitality would be likely to create an impression that there is an improper connection between the provision of the hospitality and the business that is being negotiated, considered or conducted, or in any way might be perceived as breaching the Company’s Guide to Business Conduct? If yes, please provide details.”; and
- “Are there other matters relating to the relationship between BHP Billiton and the proposed invitee that you believe should be considered in relation to the provision of hospitality having regard to BHP Billiton’s Guide to Business Conduct?”
Unlike at Telefônica, the right forms were in place and some of them were fully filled out. However, as the BHP Order made clear, an effective compliance program does not end at that point. High risk does not mean you cannot engage in certain conduct. High risk means that you must have an effective compliance program and you have to manage that risk. A basic key to any effective compliance program is oversight or a second set of eyes baked in to your process. BHP formally had this oversight or second set of eyes in the form of an Olympic Sponsorship Steering Committee (OSSC) and Global Ethics Panel Sub-Committee.
Where BHP failed was that “other than reviewing approximately 10 hospitality applications for government officials in mid-2007 in order to assess the invitation process, the OSSC and the Ethics Panel subcommittee did not review the appropriateness of individual hospitality applications or airfare requests. The Ethics Panel’s charter stated that its role simply was to provide advice on ethical and compliance matters, and that “accountability rest[ed] with business leaders.” Members of the Ethics Panel understood that, consistent with their charter, their role with respect to implementation of the hospitality program was purely advisory. As a result, business managers had sole responsibility for reconciling the competing goals of inviting guests – including government officials – who would ““maximize [BHPB’s] commercial investment made in the Olympic Games” without violating anti-bribery laws.”
But there was more than simply a failure of oversight by BHP. The BHP Order noted that not all of the forms were filled out with the critical information around a whether a proposed recipient might have been a government official. Even more critically missing was information on whether the proposed recipient was in a position to exert influence over BHP business. Moreover, BHP did not provide training to the business unit employees who ended up making the call as to whether or not to provide the hospitality on payment of travel and hospitality for spouses. The BHP Order stated that BHP “did not provide any guidance to its senior managers on how they should apply this portion of the Guide when determining whether to approve invitations and airfares for government officials’ spouses.” Finally, there were no controls in place to update or provide ongoing monitoring of the critical information in the forms.
FCPA compliance is a relatively simple exercise. That does not mean it is easy. Telefônica had no compliance policy to direct employees how to entertain government officials and no procedure to accomplish this risk management. If you want to send government officials to high profile sporting events or provide other high dollar hospitality, the FCPA does not prevent you from doing so. But it is a high risk and to be in compliance you must to manage those high risks appropriately, all the way through the process. The Telefônica and BHP enforcement action provides you a detailed road map of what to do and what not to do.
I hope you are planning to attend the 14th Annual Compliance Week conference this year, held from May 20-22 in Washington, D.C. at the Mayflower Hotel. It is truly one of the top compliance and ethics conferences of the year. It features not only speakers from compliance, but auditors, lawyers, government regulators, and industry leaders. This year, I am leading a pre-conference workshop on Sunday afternoon about handling internal investigations and performing a root cause analysis. Monday will include keynote address from the always-popular Hui Chen, which sets the tone for speakers throughout the event. To review the full agenda, see who is speaking or to review the registration information click on the appropriate link.
Best of all, if you have read this blog, you are eligible for a discount on the conference cost. Enter code “TOM300” at checkout to save $300 from your registration.If you only attend one compliance conference in 2019, this is the event for you!
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2019