This week I have been considering the guilty pleas of the former Unaoil Chief Executive Officer (CEO), Cyrus Ahsani, and former Chief Operations Officer (COO), Saman Ahsani, as was laid out in their Information. Most specifically what this means for Foreign Corrupt Practices Act (FCPA) enforcement and compliance practitioners going forward. The breadth and scope of their corruption was simply stunning. Unfortunately, the number of companies in the US and beyond that knowingly availed themselves of Unaoil’s corrupt services is equally stunning.

There were 25 companies identified in the Information by industry, venue of headquarters, FCPA status and corrupt acts engaged in. In addition to those identified, two companies were named and several others were named in other news reports. By my count at least 30 companies have been tied to corrupt acts by Unaoil and only Dick Cassin on the FCPA Blog even bothered to ask who were the companies which retained Unaoil and worked with the Ahsanis. With a client list such as the one Unaoil had, you might think there would be more interest in this week. As we are now 9 years and 4 days after Panalpina Settlement Day, I wonder when we might have Unaoil Settlement Day?

The Information provided a wealth of data on how the corruption was conducted. Not only was there specific information on how the bribes were paid but there was also information on how Unaoil corrupted company officials. There were several instances where kickbacks were paid to corrupt company officials so they would engage in anticompetitive behavior such as bid-rigging. This is serious criminal conduct from the antitrust perspective in addition to the FCPA, money-laundering, wire fraud, criminal tax evasion and several violations of other criminal law.

In addition to the personal liability of those corrupt company officials identified in the Information as well as others not identified, it gives one pause to consider how well a company is monitoring its own employee ranks when people predisposed to lying, cheating, stealing and risking their very liberty to take kickbacks; what else were they illegally doing (in addition to violating the FCPA). I would certainly expect the FBI to be visiting several of these people very early one morning with something along the lines of “We need to ask you some questions, could you come with us.”

That also brings up a new criminal offense which may well come out the Unaoil matter: lying to provide a business reference. How could such actions become a federal crime? Recall that several corrupt company officials were identified in the Information. They were all using Unaoil to engage in bribery and corruption, and, when asked by Unaoil, they provided glowing references for the company; so much so that Unaoil received compliance certified status. To do so, they received kickbacks or other inducements from Unaoil. But, most importantly, they sent the fraudulent information via email so that the Wire Fraud Act was implicated.

This may mean that these corrupt company officials are on the legal hook for this action as well. But now consider this in the context of references or other information going forward. If the information is fraudulent and it is devised or intended …to defraud… and is transmitted by means of a wire… in interstate or foreign commerce; it may well violate 8 U.S.C. § 1343, which prohibits wire fraud. It would be rare that someone would engage in such fraud out of the goodness of their heart so that would mean they were paid or otherwise received a benefit to do so, even if that benefit was continued bribery and corruption. As Grace Slick said at Woodstock, “It’s a new dawn.”

The fraudulently obtained certifications also bring up a key point that many practitioners misapprehend due diligence and the overall management of third parties. Due diligence is but one part in a five-step process in the management of third parties. The steps are (1) business justification, (2) questionnaire, (3) due diligence and its evaluation, (4) compliance terms and conditions and (5) management of the relationship after the contract is signed. That final step is the most difficult but also the most important. A certification is but one part of due diligence and must be treated as only one part. It is not the be all and end all.

This leads to the final point that the Unaoil case and the Ahsani Information makes clear. That the process of a best practices compliance program is to prevent, detect and remediate on an ongoing basis. It does not stop because a company was cleared or a contract was signed. If you are doing business in a high-risk jurisdiction or in a high-risk industry you must not only remain ever vigilant, but you must also continually monitor third-parties, your own employees and transactions. For it is only through the operationalization of compliance, that you can begin to fully stop such actions before they become FCPA violations.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2019