Today I conclude my two-part series on the recent Foreign Corrupt Practices Act (FCPA) enforcement action involving the Chilean chemicals and mining company Sociedad Química y Minera de Chile (SQM), which agreed to pay a criminal penalty of $15.5 million and a civil penalty of $15 million for a total fine and penalty of $30.5 million. The company settled with the Department of Justice (DOJ) via a Criminal Information and Deferred Prosecution Agreement (DPA) and with the Securities and Exchange Commission (SEC) via a Cease and Desist Order (Order).

However, before I conclude the review of the SQM enforcement, today we honor the very first ‘Trial of the Century’ involving the Big Bill Haywood, Charles Moyer, and George Pettibone, all officers of the labor union the Western Federation Miners, for the murder of former Idaho Governor Frank Steunenberg which had occurred the prior year. On this date in 1906 the three were arrested and extradited to Idaho to stand trial. Haywood’s defense counsel, Clarence Darrow, successfully defended him and secured an acquittal. The trial made national headlines and even President Theodore Roosevelt publicly commented on it. Some 20 years later Haywood fled to Russia and is one of two Americans buried at the Kremlin.

Earlier, I considered the facts of the SQM case and they were quite damning indeed, with Chief Executive Officer (CEO) involvement in the illegal conduct and Board awareness, yet do-nothingness in the face of clear illegal conduct. Today I want to consider how the company was able to achieve such a successful resolution, which included a 25% reduction off the lower end of the range suggested by the US Sentencing Guidelines and only a two-year independent monitorship.

The Deferred Prosecution Agreement (DPA) acknowledged there was no self-disclosure. Yet the company received full credit for its cooperation, with the DPA stating “the Company received full cooperation credit based on its cooperation with the Fraud Section’s investigation, which included: conducting a thorough internal investigation; producing relevant documents from overseas, accompanied by translations of key documents, to the Fraud Section; and providing to the Fraud Section all relevant facts known to it, including information about individuals involved in the misconduct”.

The DPA also detailed the extensive remediation engaged in by the company during the pendency of the enforcement action. It noted, “the Company has … engaged in a number of remedial measures, including: (1) reconstituting and staffing new compliance and internal audit divisions; (2) implementing new internal accounting/payment process controls; (3) revising the corporate Code of Ethics and conducting training for all personnel; (4) voluntarily paying over $9 million in taxes, interest, and penalties to Chilean authorities in connection with the improper payments described in the Statement of Facts; (5) disciplining the employees involved in the improper payments and false books and records described in the Statement of Facts – including terminating the employment of a senior officer of the Company and demoting another employee; and (6) providing in-depth anti-corruption and compliance training and consultations with outside compliance and internal controls experts to an employee who failed to take appropriate steps in response to red flags regarding the misconduct”.

In a December 2015 Form 6K filing to the SEC, the company provided additional detail on the scope of its remediation. It stated, “The measures that have already been adopted include: (i) dismissing Mr. P. Contesse G. from his position as SQM’s CEO; (ii) filing corrected tax returns with the Chilean Internal Revenue Service; (iii) creating SQM’s Corporate Governance Committee, which is comprised of three of its directors; (iv) separating and strengthening the team and responsibilities of the Internal Audit and Compliance departments, both of which report to SQM’s board of directors, while the latter also reports to the Company’s CEO; (v) hiring KPMG, the auditing firm, to review SQM’s payment process controls; (vi) improving the Company’s payment process controls and approvals; and, (vii) reformulating SQM’s Code of Ethics.”

Finally, the company agreed to a two-year external monitor because, as noted in the Information, “Although the Company has taken a number of remedial measures, the Company is still in the process of implementing its enhanced compliance program, which has not had an opportunity to be tested, and thus the Company has agreed to the imposition of an independent compliance monitor for a term of two years to diminish the risk of reoccurrence of the misconduct; the independent compliance monitor will serve a term of two years instead of three because of the significant enhancements the Company has already made to its compliance program, and because the Company’s size and risk profile are such that an independent compliance monitor should not need more than two years to test the Company’s compliance program.”

Embedded throughout this affair are numerous lessons for the compliance practitioner and others. First, and foremost, is the senior executive involvement which demonstrates a clear risk for corruption at the highest levels of an organization. When you couple such blatant disregard for legal standards, with unlimited discretion and no Board oversight, you have a recipe for disaster, which is what befell SQM. The next point is the specific failure of the company’s Board of Directors in its oversight role for compliance. Apparently not realizing that by listing its shares in the US public markets, it subjected itself to US laws, the SQM Board had a total abdication of its oversight responsibility. Even when presented with clear evidence of both FCPA violations and specific failures around internal controls, the Board failed to act. One might well wonder if this had been company with a US based Board if there might finally have been a criminal prosecution of Board members for failure to fulfill their obligations under the Ten Hallmarks of an Effective Compliance program.

Finally, are the various schemes used by SQM to hide the dodgy payments. There were payments to relatives of foreign officials, through mechanisms such as “financial services” allegedly provided to the company, the always popular consulting services, one my engineering father would have loved engineering and statistical services and, finally, one which may take the cake, an invoice for areas of fertilized tests. There were also payments to various foundations and charitable entities run by or affiliated with Politically Exposed Persons (PEPs).

The jurisdictional reach of the FCPA is quite broad. On the simplest level, the US does not want companies which take advantage of raising money with US investors to be so oblivious to the basics of anti-corruption as the failure to any type of compliance program can lead to defrauding of US investors. More importantly for the global scourge of corruption, the SQM enforcement points once again to the imperative of broad US enforcement of the FCPA as the most powerful tool to combat this scourge. The moral authority of the US to do, depends on large part from its willingness to lead this fight. It should continue to do so.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

In this episode, I visit with Melissa Evans, chairman on the upcoming Third-Party Risk Management & Oversight Summit about the conference. We discuss:

1. The nature of the event.
2. Her prior experiences at last year’s event.
3. Her your role as Lead Quality Systems, Supply Chain Management, Royal Caribbean Cruises?
4. The upcoming Third Party Risk Management and Oversight Conference?
5. Some of the highlights in your mind of the conference?
6. Who should attend the conference?
7. Where can folks go for more information?

For More Information on the Event, click here. Best of all listeners to this podcast will receive a discount to the event. You can receive a 15% discount off the regular price by entering the Code CMP 161. For more information on the event, check out the website by clicking here.

Today we honor what was called by British Lord Nelson, “the most daring act of its age”; the capture and burning of the US frigate Philadelphia in Tripoli harbor. In October 1803, the ship had run aground near Tripoli and was captured. The Americans feared that the well-constructed warship would be both a formidable addition to the Tripolitan navy and an innovative model for building future Tripolitan frigates. Hoping to prevent the Barbary pirates from gaining this military advantage, President Thomas Jefferson sent Lieutenant Stephen Decatur to lead a daring expedition into Tripoli harbor to destroy the captured American vessel. The Americans recaptured the ship and then set it alight. Decatur and his men escaped without the loss of a single American. The Philadelphia subsequently exploded when its gunpowder reserve was lit by the spreading fire.

A most “daring act” seems to be a good way to introduce a multi-part look at the recent Foreign Corrupt Practices Act (FCPA) enforcement action involving the Chilean chemicals and mining company Sociedad Química y Minera de Chile (SQM), which agreed to pay a criminal penalty of $15.5 million and a civil penalty of $15 million for a total fine and penalty of $30.5 million. The company settled with the Department of Justice (DOJ) via a Criminal Information and Deferred Prosecution Agreement (DPA) and the Securities and Exchange Commission (SEC) via a Cease and Desist Order (Order).

There were a couple of unusual aspects to this matter which bear review and consideration by any Chief Compliance Officer (CCO) and compliance practitioner, particularly for those with companies headquartered or domiciled outside the United States. The first is that the case was rare for its criminal violations of the FCPA for the Accounting Provisions; both the Books and Records and Internal Controls provisions. The second was that the company’s illegal actions appeared to have no US nexus to the conduct involved and the jurisdictional hook was that the company’s shares trade on the New York Stock Exchange (NYSE) as American Depository Receipts (ADRs) and the company is required to file periodic reports with the SEC. There were however some excellent points for review by any compliance practitioner regarding the underlying conduct involved.

According to the DOJ Press Release, “SQM knowingly failed to implement internal controls sufficient to ensure that payments from a fund under the control of one of its officers and high-level executives were made for services received and in compliance with Chilean law. Between 2008 and 2015, SQM made donations to dozens of foundations controlled by or closely tied to Chilean politicians. During this period, for example, SQM funneled approximately $630,000 to foundations controlled by a Chilean official with influence over the government’s mining plans in Chile, a key segment of SQM’s business.” It went on to add, “SQM also admitted to falsifying its books and records to conceal payments to vendors associated with politicians, logging them as consulting and professional services SQM never received. For example, in 2009, SQM paid approximately $11,000 to the sister-in-law of a Chilean official, recording the payment in SQM’s books as a payment for services received, despite the fact that the official’s sister-in-law submitted the false invoice solely to disguise payment to a Chilean senatorial campaign.” The sum total was that “SQM admitted having paid nearly $15 million between 2008 and 2015 to vendors despite having no evidence any goods or services were actually received.”

Yet in none of the resolution documents was there discussion of specific bribes paid or obtaining or retaining business by SQM. Moreover, as noted above, none of the payments were routed through the US or the US banking system. Finally, although there were numerous emails cited in the resolution documents, there was no evidence presented that they were stored on a US server or even went through the US in cyberspace.

What does come through loud and clear from the Information is the discretionary fund used by the person designated as “SQM Executive” and identified as Mr. Patricio Contesse G. – former Chief Executive Officer (CEO) of SQM. When I say discretionary fund, it was apparently at his sole discretion. Simply put, according to the Information “SQM paid approximately US $14.75 million to PEPs [Politically Exposed Persons] and related parties without effective internal accounting controls, such as appropriate due diligence, documentation or oversight.”

Going more deeply into the results of the company’s internal investigation than was reported in the Information, the company made the following Form 6-K SEC disclosure in December 2015.

“(a) payments were identified that had been authorized by SQM’s former CEO, Mr. Patricio Contesse G., for which the Company did not find sufficient supporting documentation;

(b) no evidence was identified that demonstrates that payments were made in order to induce a public official to act or refrain from acting in order to assist SQM obtain economic benefits;

(c) regarding the cost center managed by SQM’s former CEO, Mr. Patricio Contesse G., it was concluded that the Company’s books did not accurately reflect transactions that have been questioned, notwithstanding the fact that, based on the amounts involved, these transactions were below the materiality threshold defined by the Company’s external auditors determined in comparison to SQM’s equity, revenues, expenses or earnings within the reported period; and(d) SQM’s internal controls were not sufficient to supervise the expenses made by the cost center managed by SQM’s former CEO and that the Company trusted Mr. P. Contesse G. to make a proper use of resources.”

This same disclosure also specifically noted that Mr. Contesse G. (the former CEO) and “Mr. Patricio Contesse F. – former director of SQM,” declined to be interviewed by company’s designated outside counsel performing the internal investigation.

Contesse G.’s involvement and fraud was more than simply using his unlimited discretion to facilitate shady payments. He was actively and intentionally involved in falsifying the company’s books and records. The Information stated, “From 2008 to 2013, at the end of each fiscal year, SQM’s books and records, including those that SQM Executive and others intentionally falsified to justify payments to vendors connected to PEPs, were used for the purpose of preparing SQM’s financial statements. In addition, during each of these years from 2008 to 2013, SQM Executive signed financial certifications as part of SQM’s securities filings that he knew to be false.”

Regarding the internal controls violations, the company’s auditors noted payments made to third parties which “had a ‘high-risk’ connection to PEPs.” These findings were even presented to the full company Board of Directors with the recommendation that adequate internal controls be put in place to prevent such conduct going forward. However, none were.

Also interesting was the lack of notation of how the company’s illegal actions came to attention of the US government. There was no company self-disclosure, no reported whistleblower, no reported referral from another law enforcement agency, domestic or foreign. It may well be there was some type of tip or even electronic information obtained by government regulators.

The actions of SQM senior management were certainly daring in the extreme, one might even say stupid, given their blatant disregard for US law. If companies want the benefits of US securities offerings and prestige, they need someone to counsel them on why they have to comply with US regulations, even in their actions exclusively outside the US. The matter also points to the need for a company’s Board of Directors to step up, ask the hard questions and then take action when management fails to fulfill its obligations to do business legally. Finally, the enforcement action makes clear the need for any company which crosses multiple borders to have a best practices compliance program in place as there will be at least one country which has an anti-bribery/anti-corruption compliance program.

In the next post we will consider how the company was able to receive a 25% discount off the minimum fine range through cooperation and remediation after the US government came knocking.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

The sorry story of Chris Correa, the St. Louis Cardinal executive convicted of hacking into the Houston Astros computer system expanded last month when Federal Judge Lynn Hughes unsealed details about the extent of the illegal conduct. As reported by David Barron and Jake Kaplan, in Houston Chronicle article entitled “As MLB ruling nears, new details of Cardinals’ hacking of Astros account”, wrote the information included “the hacking of the Astros’ email and player evaluation databases”. The unsealed documents were in Correa’s sentencing report.

There were three general areas of interest by Correa. First “Correa intruded into the Astros’ “Ground Control” database 48 times and accessed the accounts of five Astros employees. For 2 1/2 years, beginning in January 2012, Correa had unfettered access to the e-mail account of Sig Mejdal, the Astros’ director of decision sciences and a former Cardinals employee. Correa worked in St. Louis as an analyst under Mejdal, who came to Houston after the 2011 season with Astros general manager Jeff Luhnow, also a former Cardinals executive. “(Correa) knew what projects the Astros’ analytics department was researching, what concepts were promising and what ideas to avoid,” said one of the documents, signed by Michael Chu, the assistant U.S. attorney who prosecuted the case against Correa. “He had access to everything that Sig Mejdal … read and wrote.””

This information provided details on the “degree to which Correa used information from the Astros to influence the Cardinals’ draft and trade decisions. Prosecutors also noted that several months after his intrusions from March 2013 through June 2014, Correa in December 2014 received a promotion from the Cardinals.” Correa “studied the Astros’ trade notes “at least 14 times” as the July 31 non-waiver trade deadline approached and again before the annual general managers’ meetings and winter meetings the following offseason. “Ultimately, Correa was not intruding to see if the Astros took any information — rather, he was keenly focused on information that coincided with the work he was doing for the Cardinals,” Chu concluded.”

These details included checking into the Astros’ drafting strategy and player evaluations. Correa even went so far as to double check his recommendations for the draft with the Astros information before going to St. Louis brass. The article noted, “Before he proposed an idea, he could quietly check what another analytics-minded organization thought. He also could supplement his own ideas with the ideas of the Astros’ analytics department because he knew what projects the Astros’ analytics department was researching, what concepts they found promising, what ideas they had discarded.”

The second general area of intrusion was around the Astros’ internal email system, including the then Manager Bo Porter and his pitching coach. Finally, and in a delicious tactic Correa would try to use for leniency later, he sought to find information that Correa claimed the Astros illegally obtained from the Cardinals as part of the Astros’ front office staff worked for the Cardinals, including the current Astros’ General Manager.

For all his efforts, Correa was severely punished by Judge Hughes at this sentencing. Hughes accepted the US government’s recommendation in sentencing Correa to 46 months of incarceration and fining him some $300,000. Correa was also banned from Major League Baseball (MLB) for life by Commissioner Rob Manfred. Writing in the New York Times (NYT), in an article entitled Cardinals to Suffer, but Former Executive Bears Brunt in Hacking Case, Tyler Kepner wrote that Correa joins “the dubious company of Pete Rose, the hit king who gambled away his baseball future, and Jenrry Mejia, the former Mets reliever and three-time drug cheat” as the only former baseball professionals banned from the game for life.

Commissioner Manfred leveled a serious penalty on the St. Louis Cardinals as well. Kepner noted, “Manfred also ordered the Cardinals to pay $2 million to the Astros — the maximum fine he was allowed to impose, according to the league — and to give Houston their top two picks in this June’s draft.” Yet Kepner raised the question of whether the Commissioner’s sanction was appropriately severe enough as the Cardinals do not have a first-round pick in next year’s draft so that the Astros’ are actually getting the 56th and 75th pick overall in the draft. While a team does not usually find any future Hall of Famers at such late picks there is another reason why these slots can be valuable to the Astros as “The picks the Astros got on Monday carry literal value, too: the roughly $1.85 million in allotted bonus money that goes with them. That means that Luhnow, who is known for his draft creativity, will have that much more to spend on the draft this June, and the Cardinals will have that much less.”

While there were cries from some baseball executives that the punish was not stringent enough for the fine, noting the Cardinals are worth some $2bn; the Astros publicly supported the Commissioner’s final decision. Ben Reiter, writing in a Sports Illustrated article entitled “As hacking scandal finally ends, Astros satisfied with Cardinals’ penalty”, cited to Giles Kibbe, the Astros’ General Counsel (GC) for the following, “I think the award is a significant award. I don’t think they got off easy by any stretch. This is an unprecedented award by Major League Baseball that sends a clear message about the severity of Mr. Correa’s actions.” Perhaps not surprisingly, Kibbe and the Astros believed the Cardinals organization bore responsibility for Correa’s action, even though Correa apparently acted alone. Reiter said, “Kibbe also expressed his franchise’s view that while the league had appropriately concluded that while Correa had acted alone, the Cardinals still bore some responsibility as his employer and a beneficiary of his crimes. “I think the commissioner made clear in his ruling that it was only Correa—and no one else in the Cardinals’ organization—but that the Cardinals were responsible for his actions,” Kibbe said.”

What are the lessons from this entire affair? Matt Kelly, writing an article in his Radical Compliance blog, entitled “Two Compliance Lessons From Baseball Today”, found two which were the aforementioned corporate responsibility of the Cardinals (i.e. vicarious liability) and access controls, directed at the Astros for allowing the hack in the first place. I would follow Kelly’s first point because of the clear business advantages the Cardinals received from this information and the possibility they could use this advantage for years if they drafted players based upon the Astros’ confidential information. As to his second point, a robust IT security protocol is a must for any business; baseball, international energy concern or solo lawyer.

This is where the Greek gods enter the picture. Apparently the Astros were none the wiser as to Correa’s illegal act until Correa surreptitiously boasted about his hack by leaking it to the online publication Deadspin.com, so they would publish it and humiliate the Astros GM. Reiter reported, “Correa had in the summer of 2014 provided the information to Deadspin.com internal trade discussions that he had hacked from the Astros’ database, embarrassing Houston general manager Jeff Luhnow (a former colleague of Correa’s with the Cardinals) and other executives and forcing them to apologize to the players and teams involved. The irony, as Kibbe admitted, is that if not for the leak, Correa’s intrusion might never have been discovered; only after the information had become public were the Astros spurred go back and determine when their database had been illicitly accessed and what information had been viewed.”

The thing which most offended the Greek gods was hubris and Correa’s story proves once again that as the ancient Greeks learned long ago hubris always get you in the end.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

2016 was more than simply the most robust year in Foreign Corrupt Practices Act (FCPA) enforcement. It was also a record year in Securities and Exchange Commission (SEC) whistleblower awards and additionally the year the SEC literally crashed through the $100 million mark for whistleblower awards under Dodd-Frank. It would therefore seem like a very propitious time for a well-rounded conference focusing solely on this issue. Fortunately for us in the compliance space, Financial Research Associates and Compliance Week have answered the call with the Whistleblowers & Compliance conference to be held in NYC on February 27, 2016. In this episode I visit with Conference Chair, Gregory Keating, on the upcoming event.

Best of all listeners to this podcast will receive a discount to the event. You can receive a 15% discount off the regular price by entering the Code CMP 161. For more information on the event, check out the website by clicking here.