Last week, Airbus SE (Airbus) settled a long-standing corruption scandal by agreeing to enforcement actions in three countries; France, the United Kingdom and the US. The matter involved a massive, worldwide, long running bribery and corruption scheme, approved at the highest levels of the organization and perpetrated in multiple countries. It also became the highest amount ever assessed against an organization for international bribery and corruption, approximately $3.9 billion. Although limited to one industry, aerospace, the Airbus corruption scandal is now not only the the world’s most expansive bribery scandal but also its most expensive. Over the next several blog posts I will be exploring the enforcement actions. Today, I provide background into the paper compliance program that existed at Airbus and the corporate structure that exploited it.
Airbus had a paper compliance program of the first order. Yet Airbus also had bribery and corruption baked into its business model. It had a group called the Strategy and Marketing Organization (SMO) which was tasked with carrying out international business development, and, under the policies, procedures and internal controls of Airbus, was mandated to manage third party relationships on the sales side for the company. According to the UK-DPA, it was to “ensure that BP’s [business partners—the Airbus terms for 3rdparties] were independent of Airbus’ customers” and was responsible for compiling and apprising applications from potential and existing BPs for the purpose of compliance risk assessment.
As a segregation of duties within the company’s internal controls, the approval to enter into contracts with third parties was given to another organization, the Company Development and Selection Committee (CDSC). The CDSC’s full responsibilities included (1) approving third parties and the company’s contract with such entities, (2) approving international projects and (3) ensuring compliance with Airbus’ policies, procedures and controls. The CDSC has some impressive senior management types on it; including Airbus’ Chief Financial Officer (CFO), Chief Marketing Officer (CMO) and Chief Compliance Officer (CCO). Rather amazingly, (although perhaps not, given how corruption was baked into the Airbus business model), the CDSC somehow delegated its oversight responsibility back to the SMO.
The company’s written compliance program to prevent bribery and corruption was robust. As far back as 2001, there were Rules relating to foreign trade, which prohibited bribery and corruption. These were updated in 2008. As noted in the UK-DPA, “In the introduction to the July 2008 policy the then CEO described the policy as featuring state of the art business ethics provisions. The same policy detailed the due diligence process to be undertaken in relation to the appointment of BPs. It noted that it was very important to be aware of ‘red flags’ and listed examples of the same.” In 2013, the company rolled out its Business Ethics Policies and Rules, updating and enhancing the 2008 Rules.
In the Judgment approving the UK-DPA, the Court noted, “Airbus had a number of written policies governing payments and contractual relationships with third parties. These included policies applying to committees and these employees specifically aimed at ensuring that third parties were used appropriately and only after sufficient due diligence had been undertaken. For example the Business Ethics Policy and Rules set out fundamental ethical principles for all employees; detailed the due diligence process to be undertaken in relation to the appointment of BPs, noting that it was very important to be aware of ‘red flags’ listing examples of the same.”
As noted in the US-DPA, the SMO was not created until 2008, so it is clear that the Airbus paper compliance program applied to it. Further, the SMO was tasked with managing these third parties so it was clear it was understood this was a high-risk endeavor which needed significant and robust oversight. Part of this oversight came through in the review and application of third-party BPs. This became important later as the SMO had occasions to change records to bring them into line with the Airbus compliance requirements. Moreover, there was overlap between the SMO and its oversight body, the CDSC, as several corrupt company officials identified in the US-DPA were at times on the CDSC. This is not a situation of the fox guarding the hen house; this is the situation of the fox residing in the hen house.
Regarding the CDSC, once again there was a robust paper program in place. For international projects, the CDSC had “Terms of Reference”, which stipulated “that decisions taken had to ensure that the financial and legal risks associated with a third party agreement had been identified and minimised. It also was to ensure that governance of transactions was acceptable and did not generate any reputational risk.” The SMO itself was tasked with an authorization process that included “due diligence before any final agreement could be reached.”
As noted in the UK-DPA, in 2012, the company commissioned a review of its compliance program by some un-named firm. This un-named firm “awarded Airbus an Anti-Corruption compliance certificate for the design of its anti-bribery compliance program.” It was not clear from the UK-DPA if this company actually performed any robust assessment or took Airbus’ word that it did not engage in bribery and corruption. It could be that this company simply reviewed the paper compliance program or it could have been something far more subversive.
The US-DPA related that the SMO engaged directly in corrupt payments during the 2008-2014 time frame. These payments made through “fake and fraudulent contracts, fake and fraudulent invoices”, fake activity reports creation of fraudulent special project, investments for non-existing projects, loans never meant to be repaid and oral contracts never formally put on the books, yet somehow payments were made on them. In early 2014, the CSDC met to review, according to the UK-DPA, “details of commitments made by SMO, which were not previously known to the CSDC.”
The CSDC requested the SMO, “make revisions to its policies and procedures governing the engagement of third parties. Changes implemented during 2014 included a focus on value-for-money justifications and enhanced compliance reviews.” In a September 2014 review of all third parties approved by the SMO, there was found “significant breaches of compliance policies. Corporate Audit concluded that the majority of IMD projects performed poorly and questioned whether BPs helped create viable businesses.” This was even though some members of the CSDC were either involved with or aware of the wrongdoing of the SMO.
Tomorrow, I will detail the bribery schemes.
Airbus Information with the US Department of Justice
Airbus Deferred Prosecution Agreement with the US Department of Justice (US-DPA)
Airbus Deferred Prosecution Agreement with the Serious Fraud Office (UK-DPA)
Airbus UK Court Judgment
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2020