Show Notes:

Old Way New WayToday, I end my exploration of recent Foreign Corrupt Practices Act (FCPA) enforcement actions (and one UK Bribery Act enforcement issue), which have occurred since the enactment of the Department of Justice (DOJ) Pilot Program in April. These three enforcement actions, which resulted in the companies receiving a Declination to Prosecute from the DOJ. Proving once again that I am never gonna give you up, never gonna let you down; I want to look a these Declinations to see what information they can provide to the compliance practitioner to assist them in guiding their own response should their company find itself embroiled in a FCPA investigation and attendant enforcement action.

The enforcement actions involved Nortek Corporation (Nortek), Akamai Technologies, Inc. (Akamai), and Johnson Controls, Inc. (JCI). Nortek and Akamai received Non-prosecution Agreements (NPAs) from the Securities and Exchange Commission (SEC) and Declinations to Prosecute (Declinations) from the DOJ. JCI received a civil Cease and Desist Order from the SEC and Declination from the DOJ. One other matter was resolved with the DOJ via a NPA, that being Analogic Corporation. I will discuss this matter separately below. 

The Declination Letters

The letters issued by the DOJ did not provide a plethora of detail. The Akamai and Nortek Declination letters were identical with the exception of the different corporate names. In relevant part they stated, “we have reached this conclusion … based on a number of factors, including but not limited to the fact that Nortek’s internal audit function identified the misconduct, Nortek’s prompt voluntary self-disclosure, the thorough investigation undertaken by the Company, its fulsome cooperation in this matter (including by identifying all individuals involved in or responsible for the misconduct and by providing all facts relating to that misconduct to the Department) and its agreement to continue to cooperate in any ongoing investigations of individuals, the steps that the Company has taken to enhance its compliance program and its internal accounting controls, the Company’s full remediation”. It went on to add that the company had agreed to profit disgorgement.

The JCI letter, stated, “We have reached this decision based on a number of factors, including but not limited to: the voluntary self-disclosure of the matter by JCI; the thorough investigation undertaken by the Company; the Company’s full cooperation in this matter (including its provision of all known relevant facts about the individuals involved in or responsible for the misconduct) and its agreement to continue to cooperate in any ongoing investigations of individuals; the steps that the Company has taken and continues to take to enhance its compliance program and its internal accounting controls; the Company’s full remediation”. As with the Nortek and Akamai the JCI letter also noted the company had agreed to disgorge its profits.

About the only difference I can ascertain in the letters is that Nortek and Akamai provide “fulsome” cooperation, and JCI provided “full” cooperation. Yet, the overall point of these Declinations seems to be the cooperation was very substantial.

Contrast the triple declination language with the NPA, which Analogic received, specifically noted the company’s lack of full cooperation. It stated, “the Company did not receive full cooperation credit because, in the view of the Offices, the Company’s cooperation subsequent to its self-disclosure did not include disclosure of all relevant facts that it learned during the course of its internal investigation; specifically, the Company did not disclose information that was known to the Company and Analogic about the identities of a number of the state-owned entity end-users of the Company’s products, and about certain statements given by employees in the course of the internal investigation;”

Box Score Summary of Declinations 

Pilot Program

Factor

Self-Disclosure Cooperation During Investigation Remediation Profit Disgorgement
Akamai Yes – before completing internal investigation 1. Sharing investigation;

2. Identify and present relevant documents;

3. Timely updates;

4. Updates on remedial measures;

5. Translating documents; and

6. Making witnesses available

1. Termination of culpable employees;

2. Revision of internal audit testing and protocol;

3. Strengthening of policies;

4. Creation of Compliance Committee;

5. Institution of mandatory compliance training; and

6. Modify auditing schedule to risk based approach

Yes
Nortek Yes 1. Sharing investigation

2. Timely updates

3. Segregation and organization of documents

4. Translation of documents

5. Making witnesses available

6. Conducting Risk Assessment

1. Due diligence program for 3rd parties;

2. Strengthen compliance policies;

3. Enhance compliance function, name CCO;

4. Institution of mandatory compliance training; and

5. Enhance travel and expense controls in China

 

Yes
JCI Yes – one month after it received a second anonymous complaint 1. Real time updates, interview summaries and all requested documents;

2. Yates binders including hot docs, interview summaries, chronologies and emails;

3. Preservation of evidence.

1. Termination of culpable employees;

2. Suspension of culpable 3rd parties;

3. Incorporation of culpable China office into existing corp structure;

4. Enhanced integrity testing and auditing, including random audits; and

5 Random testing of transactions

Yes

 

 

All parties admitted to facts, which could have formed the basis of a criminal FCPA enforcement action brought by the DOJ, yet they all received Declinations. While it would certainly have been more helpful to have a full release of information by the DOJ, to assist the compliance practitioner in understanding the totality of the facts considered, these three Declinations may well mark a new starting point in criminal FCPA enforcement going forward. Since at least 2014, with the Parker Drilling and Hewlett-Packard FCPA enforcement actions, the DOJ has provided significant credit to companies who thoroughly cooperated and provided extensive remediation during the pendency of their enforcement actions. With the Pilot Program implementation, these shifts are now official DOJ policy.

One other point unrelated to the Pilot Program discussion is the length of time that the Akamai and Nortek matters were concluded. It was less than 18 months for both. This short time frame for a resolution is certainly a welcome development and shows that if a company comes forward quickly, is efficient in its investigation and proactive in its remediation, it can benefit with lower overall investigation and remediation costs as well.

All of the above are most welcome for any compliance practitioner. The DOJ Pilot Program has come out of the box with some solid wins for the companies involved, the DOJ and the greater compliance community. If this pattern continues, it will allow the DOJ to focus its resources in driving home the message that it is doing compliance that will not only work to keep a company out of trouble but will also get a company out of trouble.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

7K0A0075I continue my review of the Johnson Controls, Inc. (JCI) Foreign Corrupt Practices Act (FCPA) enforcement action today by focusing on the Department of Justice’s (DOJ’s) Declination to Prosecute. Yesterday, I considered the underlying facts reported to review what lessons could be applied by a compliance practitioner to a corporate anti-corruption compliance program. Today, I want to consider the information available on the actions by JCI, beginning with the self-disclosure, which led to the DOJ to grant a Declination.

The commentary on the DOJ Declination has ranged from the FCPA Professor, who argued there was no viable cause of action against JCI for the illegal conduct of its subsidiary, China Marine, and hence the Declination was without substance; to Mike Volkov who called the declination a ‘head scratcher’ and noted “there appears to be plenty of justification to stretch here in this case when you basically have a recidivist continuing to violate the law”, in arguing there were potential criminal charges to pursue. I want to consider the matter from the angle of the new DOJ Pilot Program and see what, if anything, might be gleaned from that perspective.

One of the difficulties in evaluating any Declination is the paucity of facts available to the compliance practitioner to evaluate. In the JCI case we have the Securities and Exchange Commission (SEC) resolution via a Cease and Desist Order (Order) that lays out the facts relevant to that enforcement action. However, this Order is the product of negotiations between the SEC and JCI. This means the company can seek to keep out facts, which would point to criminal liability, reputational damage, embarrassing senior executives or a plethora of other issues the company does not want in the public domain. There is no way to know if the facts laid out in the Order are all the facts in the case that were known to the DOJ or even disclosed to the DOJ so to base an argument on this underlying premise puts you on wobbly ground. The foregoing is one of the reasons I have argued for my information to be made public around Declinations so that compliance practitioners might understand the full underlying facts.

Yet, even if one took the facts presented in the Order as only facts of this matter, there is information that could lead one to reasonably conclude that criminal charges could be considered under the FCPA. The Accounting Provisions, both Books and Records and Internal Controls, are generally thought to be civil side requirements only. However the statute does make violations of the Accounting Provisions under the following:

(4) No criminal liability shall be imposed for failing to comply with the requirements of paragraph (2) of this subsection except as pro­vided in paragraph (5) of this subsection.

(5) No person shall knowingly circumvent or knowingly fail to imple­ment a system of internal accounting controls or knowingly falsify any book, record, or account described in paragraph (2).

Paragraph 2 refers to the Internal Controls requirements of the FCPA. This means someone must knowingly falsify such records or fail to implement a system of internal controls. The facts laid out in the Order would appear to provide at least an argument that this threshold was met. JCI’s internal controls were so poor that the company “did not understand some of the highly customized transactions at China Marine or the projects involving the sham vendors.” Additionally someone at the corporate office had to certify the financial statements were true and correct and who ever did could also have violated the FCPA. Volkov noted the DOJ could “stretch” to bring criminal charges but either through the argument of conscious avoidance or simply on the facts laid out in the Order, I find an argument for criminal liability plausible. Of course, these arguments do not convict JCI of criminal violation of the FCPA, only a trier of fact can do so, yet they make clear that there are credible arguments which could be pursued which makes a Declination an appropriate mechanism for the DOJ to use, in its discretion.

What led the DOJ to exercise its discretion in issuing the Declination? We can find some guidance from the four requirements under the Pilot Program. First, that there be self-disclosure, which was present in this matter. The Order stated that the company self-disclosed within one month after receiving a second anonymous whistleblower compliance. Second is cooperation during the investigation. The Order stated JCI provided “thorough, complete and timely cooperation” which consisted of the following:

  • JCI promptly and routinely provided the staff with the results of its investigation as it progressed, and provided all supporting documentation requested.
  • JCI provided factual chronologies, hot document binders, and interview summaries, as well as English translations of numerous documents and emails.
  • JCI made employees available for interviews.
  • JCI provided “real time” downloads of employee interviews and made other foreign employees available for interview.
  • When the company caught a Chinese employee shredding documents, it quickly secured the office to preserve evidence.
  • JCI’s cooperation assisted the staff’s investigation.
  • JCI’s timely self-report as well as the thorough productions allowed the staff to initiate and complete its investigation quickly.

The next requirement under the Pilot Program is for extensive remediation during the pendency of the investigation. Here the Order laid out some of the steps taken by JCI, including:

  • JCI terminated or separated sixteen employees implicated in or associated with the illegal scheme and placed all suspect vendors on a do-not-use/do-not-pay list.
  • JCI has closed down its China Marine offices and moved all remaining China Marine employees, none of whom perform a sales or procurement function, into existing offices.
  • JCI enhanced its integrity testing and internal audits to reevaluate vendor onboarding for all JCI business worldwide.
  • JCI implemented random site audits to ensure the delivery of goods on purchase orders.

The final requirement under the Pilot Program is that the company disgorges profits it received from its ill-gotten gain. The Order said, “From 2007 to 2013, JCI obtained a benefit of $11.8 million as a result of over $4.9 million in improper payments made to or through approximately eleven problematic vendors for the purpose of foreign and commercial bribery, and embezzlement.” This corresponds to the amount paid as disgorgement.

For any Chief Compliance Officer (CCO) or compliance practitioner reviewing the JCI enforcement action, it does not matter whether you believe JCI committed criminal acts or not. The reality is that the DOJ is once again laying out conduct it will consider to award the lowest sanction possible, a Declination. There have now been three given since the announcement of the Pilot Program in April. You should study each of these and if you find yourself in a FCPA investigation, use each Declination as a roadmap for your actions during the pendency of the investigation.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Questions 2I continue my exploration of recent enforcement matters and issues by turning to the Johnson Controls, Inc. (JCI) Foreign Corrupt Practices Act (FCPA) enforcement action, which was announced last week. Mike Volkov has called the enforcement action a “head scratcher”. Whether you agree with Volkov’s analysis or not, the case has several significant points for the Chief Compliance Officer (CCO) or compliance practitioner, which I will review today.

The matter was settled via a Cease and Desist Order (Order) from the Securities and Exchange Commission (SEC) and a Declination issued by the Department of Justice (DOJ). For its penalty, JCI accepted over $11.8 million in profits as a result of approximately $4.9 million in improper payments made by China Marine. JCI agreed to disgorge these profits, pay pre-judgment interest of $1,382,561 and a civil penalty of $1,180,000 for a total amount of $14,362,561.

The underlying facts are about as sordid as they can be for a corporate enforcement action. JCI obtained the Chinese unit, China Marine, through its purchase of York International (York) in 2005. In 2007, York paid $22 million to the DOJ and SEC to resolve FCPA offenses in China and other countries that occurred between 2001 and 2006.  York agreed to a three-year independent compliance monitor. JCI, for its part, terminated those involved in China Marine’s illegal conduct after it acquired York.

JCI installed its own Managing Director and limited China Marine’s use of third party sales agents. However, as stated in the Order, “From 2007 to 2013, the managing director of China Marine, with the aid of approximately eighteen China Marine employees in three China Marine offices, continued the bribery and theft that began under his predecessor by using vendors instead of agents to facilitate the improper payments. The improper payments were made to employees of government-owned shipyards as well as ship-owners and unknown persons”.

The bribery scheme was quite sophisticated. It involved, “a multi-stepped arrangement that required the complicity of nearly the entire China Marine office from the managing director, to the sales managers, the procurement managers and finally to the finance manager. The managing director aided or at times approved requests for the addition of certain vendors to the vendor master file without disclosing that certain sales managers had ownership or beneficial interest in the vendors. After the managing director’s approval, sales managers added bogus costs for parts and services to sales reports, which inflated the overall cost of the project, and generated purchase orders for the bogus parts and services. The procurement manager knowingly approved the purchase orders.” The scheme even included the vendors themselves who “created fake order confirmations for the unnecessary parts and services and submitted invoices for payments.” To complete the circle, the China Marine finance manager would authorize the fraudulent payments.

In what can only be called a complete, total and utter failure of JCI’s internal controls, company auditors could not understand the China Marine transactions. Further, and with even more evidence of the lack of effective internal controls, many of China Marine’s transactions were deemed non-material so they were at a level below that which would trigger a review of corporate oversight from JCI’s Denmark office, which oversaw the China Marine business unit. The Order noted that the average vendor payment in the bribery scheme “was approximately $3,400” but the total amount of bribes paid was $4.9MM. One might reasonably wonder if JCI understood there was no materiality threshold under the FCPA. One might also ask if there was conscious indifference by the JCI corporate office.

For the CCO or compliance practitioner there are several important lessons to be garnered from this enforcement action. First is the absolute requirement for effective internal controls to be put in place. If your company does not understand the transactions that any subsidiary engages in, you have put your company at serious risk. For if a company’s internal auditors cannot understand a series of transactions, they you certainly cannot explain them to an auditor. Further, under Sarbanes-Oxley (SOX) §404, a company must not only acknowledge its responsibility for establishing and maintaining a system of internal controls and procedures for financial reporting and an assessment, but also report on the effectiveness of the company’s internal controls.

Karen Cascini and Alan DelFavero, in an article entitled “An Assessment of the Impact of the Sarbanes-Oxley Act on the Investigation Violations of the Foreign Corrupt Practices Act”, said, “Section 404 “requires management to annually disclose its assessment of the firm’s internal control structure and procedures for financial reporting and include the corresponding opinions by the firm’s auditor”. More particularly, “while the FCPA required public companies to institute effective internal controls to stop the bribes and make executives accountable, SOX 404 goes further, but has similar goals.”

All of this might reasonably lead one to ask, who at the corporate headquarters certified the effectiveness of both the JCI and China Marine’s internal controls? Moreover, the Accounting Provisions of the FCPA also includes a section requiring accurate books and records. Clearly JCI was not too interested in verifying the accuracy of the books and records of its China Marine subsidiary.

More than this lack of compliance with both prongs of the FCPA Accounting Provisions, the lack of seeming awareness of enhanced risks is a confounding aspect of this case. China Marine was clearly identified as a high-risk business unit of both York and later JCI. Simply putting your self-appointed Managing Director in place is not enough. Any competent risk management system requires oversight, or as my wife would say ‘a second set of eyes’. This is why an effective compliance program requires ongoing monitoring. It is even truer when an entire business unit is high-risk.

Tomorrow I will continue my exploration of the JCI enforcement action by looking at the DOJ’s Declination, in conjunction with the Pilot Program.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

QuestionsWe had an interesting week of anti-corruption enforcement actions last week, both in the US and the UK. We have now had four Foreign Corrupt Practices Act (FCPA) enforcement actions since the announcement of the Depart Of Justice (DOJ) Pilot Program in April. I thought this would be a good time to review some of the recent enforcement actions, to see what lessons they may impart to the compliance practitioner. So this week will be dedicated to blog post dealing with enforcement. I will begin with a troubling report issued by a committee of the US House of Representative over the Department of Justice’s handling of the money laundering enforcement action against the UK bank, HSBC back in 2012.

Of all the things that US Congress criticized former Attorney General (AG) Eric Holder over, one might think his protections of financial institutions might not have been one of them. Yet last week there was a scathing report issued, entitled “Too Big To Jail, by the GOP staff of the House of Representatives Financial Services Committee, which was discussed by Gretchen Morgenson in her New York Times (NYT) Fair Game column entitled “Kid Gloves For a Bank With Clout. The report deals with the DOJ investigation into the UK financial institution HSBC and subsequent resolution of allegations that the bank “laundered nearly $900 million for drug traffickers” and sanctioned countries.

While the report does not deal with the DOJ’s lack of prosecution of individuals from the 2008 financial crisis, it certainly provides insight into how Holder conducted such resolutions with large financial institutions and may well explain how it occurred that there were no individual prosecutions. The piece begins that even with a nearly $2bn fine, it was not “a body blow” to HSBC. Of course, there was the ubiquitous Deferred Prosecution Agreement (DPA) put in place, where the DOJ would “delay or forgo prosecution of a company if promises to change its behavior.”

While I am most generally supportive of the practice of using corporate DPAs to help enhance compliance programs, Morgenson’s article does bring up some troubling questions about how and why HSBC was able to get off with not only an agreement not to prosecute any individuals at the bank going forward, but even have individual incentives removed from the final DPA. The House report found that DOJ leadership, in the form of AG Holder, “overruled an internal recommendation to prosecute HSBC” because of concerns that prosecution of HSBC “could result in a global financial disaster.”

That final line is one we have (unfortunately) heard before. However, the NYT article also reports on how HSBC was able to “soften the deal”. The original agreement with HSBC had language which “provide no protection from prosecution for employees who ‘knowingly and willfully” processed financial transactions with countries under American sanctions”. University of Pennsylvania Law School Professor David A. Skeel, who was quoted in the piece, said, “This is one case where it looks like the government might have been able to prosecute misbehaving executives during the crisis period, yet waived its right to do so.” Not failed to do so, but waived its right to do so.

Even more inextricably, the DPA waived future penalties for bank executives who failed to comply with the DPA. Originally there were sanctions against bank executives who did not meet the compliance obligations set forth in the DPA. These sanctions were financial penalties in the form of loss of bonuses. However, in the final version this language was removed and the House report noted the DPA, “apparently leaves open the possibility for executives to get their bonuses, despite failing to meet compliance standards.”

Another troubling aspect unearthed by the House report was ‘how much influence officials at the Financial Services Authority – Britain’s top financial regulator at the time – had on the Justice Department’s process in the HSBC matter”. Morgenson quoted a Washburn University School of Law professor, Mary Kreiner Ramirez for the following, “It would seem that in making the decision with respect to HSBC, (AG) Holder gave more attention to the concerns expressed by the F.S.A than he did with respect to our own agencies.” Moreover, the FSA got the documents on apparently something close to a real-time basis as “at the time events were unfolding.”

There has been both legal and academic criticism of DPAs. However the article brings up another criticism of the settlement vehicles, which is less discussed, the internal process by which a settlement is reached. Edward J. Kane, a professor of finance at Boston College, noted, “The fact that so many of these cases are settled rather than going to court means we don’t get an airing of facts and challenges of fact.”

The Yates Memo would seem to be one response to pre-emptively address some of the concerns raised by the lack of individual prosecution. For if the DOJ now requires prosecutors to go after culpable individuals in white collar crime cases such as the HSBC money laundering prosecution or cases under the FCPA for that matter, any settlement via a DPA would not exempt out future prosecutions against culpable individuals. Further, it would also seem that the DOJ would strengthen up the compliance program components of any DPA to have appropriate financial disincentives for the lack of compliance program adherence. When you put on top of this the Yates Memo requirement that companies must dig up facts on culpable individuals and turn those facts over to the DOJ, it would seem that individuals would be more in the sights of DOJ for prosecution.

The other factor not fully explored by commentators is that DPAs, Non-prosecution agreements (NPAs) and other settlement mechanisms are the product of negotiations by the parties, i.e. the government and the company involved. In the context of FCPA resolutions with the Securities and Exchange Commission (SEC), no company is going to put facts supporting a criminal indictment or even claim of criminal conduct in a civil based Cease and Desist Order or other form of civil based resolution. To do so would open up the company to a very high degree of liability, which is not required if the DOJ declines to prosecute a company for criminal violations of the FCPA. That explains why there is never evidence of criminal liability in a resolution document if there is no criminal charge.

Yet the House report does point up some troubling questions about not only how the HSBC settlement was reached but also the lack of prosecutions against any financial institutions after the 2008 financial crisis.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016