DawkinsDaryl Dawkins died yesterday. To anyone who followed the National Basketball League (NBA); Dawkins will always be remembered with the brilliant Stevie Wonder-derived moniker – Chocolate Thunder. I will also remember him for three things. First he was one of the very rare high school stars who went straight to the NBA with no college stop and was successful. The second was when he squared off to fight Maurice Lucas of the Portland Trailblazers during the 1977 NBA finals. Let’s just say Dawkins slaps at Lucas did not come close to hitting their mark. Number 3 was his thundering dunks, particularly one in a game against the Kansas City Kings at Kemper Arena on November 11, 1979, Dawkins threw down such a massive dunk that the backboard shattered. Then three weeks later he did it again.

As noted Dawkins was one of a very few high schoolers to NBAers who did even passably well. His contemporary Bill (Pugh) Willoughby had some success with Atlanta and, of course, Moses Malone had a Hall of Fame career, later taking those now Dawkins-less Philadelphia 76ers to the NBA promised land in 1983. I thought about Dawkins and his lack of college seasoning while reading the absolutely disgusting story of Art Briles, the University of Baylor, its football team and the saga of Sam Ukwuachu.

Jessica Luther and Dan Solomon have been following this sorry spectacle. In an article in Texas Monthly, entitled “Silence at Baylor”, they wrote, “That Ukwuachu transferred to Baylor in May 2013 because he had been kicked off the Boise State team for a previous incident of violence involving a female student; that Ukwuachu claimed after the transfer was announced that Baylor’s coaches “knew everything” about what happened in Idaho; and, as indicated by court documents obtained by Texas Monthly, the two programs had some communication regarding Ukwuachu in which Boise State officials expressed reticence about supporting the player’s efforts to get back on the field.”

Art Briles, the Baylor head football coach, claimed that he was never informed from anyone at Boise State about Ukwuachu’s prior incident, even implying they had covered it up. Yet Chris Petersen, then head coach at Boise State and now head coach at the University of Washington, said he had fully disclosed to Briles the details about Ukwuachu. Petersen said in a statement, ““After Sam Ukwuachu was dismissed from the Boise State football program and expressed an interest in transferring to Baylor, I initiated a call with coach Art Briles,” Petersen said. “In that conversation, I thoroughly apprised Coach Briles of the circumstances surrounding Sam’s disciplinary record and dismissal.” It is known that Boise State did not support any waiver that would have allowed Ukwuachu to play immediately for Baylor upon his transfer. In the fall of 2014 Ukwuachu sexually assaulted a female soccer player. Ukwuachu was indicted and convicted this month of second-degree sexual assault. His sentence – 180 days in jail and 10 years probation.

Briles and Baylor have claimed they are really the aggrieved party here because if Coach Petersen or anyone at Boise State had told them that Ukwuachu had been disciplined or dismissed from the Boise State team for sexual assault they would never have given him a full scholarship to Baylor. This means Briles and Baylor would have simply ignored the football facts that Ukwuachu was a Freshman All-American and highly recruited high school athlete. Indeed in early June of this year, Baylor defensive coordinator Phil Bennett said at a luncheon in Fort Worth for the Baylor Sports Network, that he expected Ukwuachu to play this year. This was in the face of a trial scheduled to begin some two months later.

All of this was overlaid by a university which, if not trying to suppress all this news about Ukwuachu, certainly did nothing to alert its student body that a scholarship athlete was on trial for sexual assault. Moreover, according to Luther and Solomon in Texas Monthly, “Meanwhile, the details about the investigation conducted by Baylor that came out during the trial reveal one that was shockingly brief: It involved reading text messages, looking at a polygraph test Ukwuachu had independently commissioned – which is rarely admissible in court – and contacting Ukwuachu, Doe, and one witness on behalf of each of them.”

I thought about all this sorry state of affairs at Baylor in the context of the Foreign Corrupt Practices Act (FCPA) and anti-corruption compliance programs. There is a clear reason why the responsibility should be on any company which wants to employ a third party to act on its behalf to do thorough due diligence on that agent. If this was not the situation, companies would make claims similar to those made by Baylor Coach Briles that “no one told me about Ukwuachu.” If Briles had accepted his responsibility for bringing a player into the university and onto his team, he might have understood the importance of knowing who you are dealing with going forward.

It is incumbent that a company evaluates and addresses its risks regarding third parties. This means that an appropriate level of due diligence may vary depending on the risks arising from the particular relationship. So, for example, the appropriate level of due diligence required by a company when contracting for the performance of Information Technology (IT) services may be low, to reflect low risks of bribery on its behalf. Conversely, a business entering into the international energy market and selecting an intermediary to assist in establishing a business in such markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf.

Our British compliance cousins of course are subject to the UK Bribery Act. In its Six Principles of an Adequate Procedures compliance program, the UK Ministry of Justice (MOJ) stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of this principle is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique. The MOJ said that due diligence is so important that “the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right.”

The onus put on companies too not only do compliance but to ‘Document, Document, and Document’ that effort provides the incentive needed to comply with the law. If there was not such an incentive, you have would have corporations crying out now like Baylor Coach Briles that it was the responsibility of the school and team which dismissed him to alert them about Ukwuachu’s past misdeeds. Fortunately for FCPA compliance and the greater anti-corruption compliance community, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) do not see things in such a light.

As to Chocolate Thunder, at one point in his career Dawkins said that he was an alien from the Planet Lovetron. Alien or human, I hope you will join me in wishing a smooth trip to the great hereafter to one of the NBA’s most unique characters.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Water Going Uphill 2Usually the question I am posed is how far down the chain must you go in your due diligence to ensure that your suppliers are in compliance with the Foreign Corrupt Practices Act (FCPA). I would pose that now, after the Petrobras scandal, a company may need to examine the flow in the other direction. I thought about this directional shift when I read an exhaustive report in the Sunday New York Times (NYT) on the Petrobras scandal, entitled “Brazil’s Great Oil Swindle, by David Segal. The article reviews the genesis of and details the ongoing nature of the Petrobras scandal.

While I have previously written about the other Brazilian companies that have been caught up in the scandal, such as Oderbrecht, Camargo Corrêa and UTC Engenharia, Segal’s article detailed a level of immersion in corruption that should concern every US Company subject to the FCPA and catch the eye of Department of Justice (DOJ) prosecutors handling FCPA cases. It appears that the companies that had direct contracts with Petrobras also colluded in the old-fashioned anti-trust sense, so that not only did they control all the subcontract work done on any Petrobras project but they would also demand bribes from the subcontractors which they then passed up the chain to Petrobras executives and eventually Brazilian politicians. If this scheme turns out to be true, it literally could explode potential FCPA exposure for any US Company doing business on any subcontract where Petrobras was the eventual beneficiary.

Segal reported, “according to prosecutors, these companies stopped competing and started to collaborate. They formed a cartel and decided, in advance, which of them would win a particular deal. A charade competition was orchestrated, and the anointed winner could charge vastly more than it would in a free market.” Further, “A document obtained by prosecutors laid out what it called the “rules of the game.” The trumped-up bidding process was labeled a “sports tournament”, with an assortment of rounds and a “trophy.” There was a no-sore-loser codicil, too: “The teams that participate in a round should honor the rules that have been agreed on, even when they are not the winner.”

But the corruption did not stop simply at these non-Petrobras entities. These companies would demand bribes from their subcontractors that they passed up the line to Petrobras. Segal wrote, “From 1 to 5 percent of the value of a given contract was diverted to those on the receiving end of the scheme, a group that included 50 politicians from six parties, according to prosecutors. Money from cartel members took a circuitous route to politicians’ pockets, passing through ghost corporations whose owners made bribes look like consulting fees.”

Think about all of this for a minute. What happens when everyone and every company associated with a National Oil Company (NOC) is in on the corruption? I thought about this question when I read an article in the Financial Times (FT) by Andres Schipani, entitled “We were terrorized by the drop in oil prices, where he discussed how the drop in world oil prices has negatively affected Venezuela more than any other top oil producing company. Part of the country’s trouble is the rampant corruption around its NOC PDVSA. Schipani quoted a former minster for the following, “The design of the political economy here only benefits the corrupt.” Moreover, the country is near the bottom of the Transparency International Corruption Perceptions Index (TI-CPI) coming in at 161st out of 175 countries listed.

Most Chief Compliance Officers (CCOs) and compliance practitioners had focused their third party risk management program around third parties, first on the sales side and then in the Supply Chain (SC). However now companies may well have to look at other relationships, particularly those where the company is a subcontractor involved in a country prone to corruption with a NOC or other key state owned enterprise. Last year the Wall Street Journal (WSJ) in an article entitled “Venezuelan Firm Is Probed In U.S.”, by José De Córdoba and Christopher M. Matthews, reported that a US company ProEnergy Services LLC (ProEnergy), a Missouri based engineering, procurement and construction company, sold turbines to Venezuelan company Derwick Associates de Venezuela SA (Derwick), who provided them to the Venezuelan national power company. The article reported that the DOJ’s “criminal fraud section are reviewing actions of Derwick and ProEnergy for possible violations of the Foreign Corrupt Practices Act”. Derwick was reported to have been “awarded hundreds of millions of dollars in contracts in little more than a year to build power plants in Venezuela, shortly before the country’s power grid began to sputter in 2009”. All of this with a commission rate paid by ProEnergy to Derwick of a reported 5%.

The Brazilian investigation poses far more dire consequences for any US Company that did business with the cartel of Brazilian companies that had locked up the Petrobras work. It means that you need to go back immediately and not only review the underlying due diligence which you did (probably none); then review the contracts with those entities; and, finally, cross-reference to see if there were any contract over-charges which were rebated back to the cartel members. If so, you may well have a serious problem on your hands as any unwarranted rebates, refunds, customer credits or anything else that could have been readily converted into cash to be used to fund a bribe.

This second part is one thing that challenges many compliance officers. The compliance function does not always have visibility into the transactions assigned to specific contracts or projects like your company might be engaged in for Petrobras in Brazil. However it also speaks to the need for transaction monitoring as not simply a cutting edge technique or even best practice but a required financial controls tool that is also applicable to compliance internal controls as well.

As Brazilian prosecutors expand ever outward from Petrobras, US companies subject to the FCPA and UK companies and others subject to the UK Bribery Act would do well to review everything around their Brazilian operations, contracts and dealings. The Petrobras scandal has shown two clear trends to-date. First is that we are far from the end of this scandal. Second, the prosecutors have been fearless so far in following the corruption trail wherever it may go. If they follow it to US companies, they could prosecute them on their own in Brazil for violation of domestic anti-bribery and anti-corruption laws or turn the evidence over to the DOJ. The thing to do now is to get out ahead of this all too certain waterfall.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Social Media VII conclude this exploration of the uses of social media in doing compliance by exploring why the compliance function is uniquely suited to using social media tools. Long gone are the days when Chief Compliance Officers (CCO) or compliance practitioners were lawyers housed in the Legal Department or the General Counsel’s (GC’s) office writing policies and procedures and then putting on eight hour training programs on same. Donna Boehme has written passionately about CCO 2.0 and the structural change to separate the CCO role from that of the GC because of the differences in focus of a CCO and GC. Simply put, a GC and legal department is there to protect the company while the CCO and compliance function exists to solve problems before the company needs protections from them.

Freed of the constraints to write policies and procedures by lawyers for lawyers, the profession has moved to integrating compliance directly into the fabric of the company. I often say that a Foreign Corrupt Practices (FCPA) compliance program is a business solution to a legal problem. The problem is how to comply with the FCPA and other anti-corruption regimes. The solution is to burn compliance into the DNA of your company so that it is not only owned by the business unit but also acted on by the business unit in its day-to-day operations.

I think this means that we are now moving to CCO 3.0 where a CCO or compliance practitioner is putting compliance into the forefront of how a company does business. The example of safety comes to mind when every corporation I ever worked at made clear that safety was everyone’s responsibility, literally from the shop floor to top of the company. I once heard of a Executive Vice President (EVP) of a major oil and gas operating company, while touring a contractor’s facility, stop the tour to point out that a contractor carry two bags of trash down a set of stairs was an unsafe practice and required the employee to carry one bag at a time so she could hold the handrail while descending the stairs. That is the level of the awareness of safety now.

The evolution of compliance is just as dramatic. Moreover, the compliance function should be on the cutting edge of moving it forward within your company. The important thing to remember about social media tools is precisely that; they are tools that a CCO, compliance practitioner or any company can use to communicate with their employee base. Put another way, social media is but one part of the communication ecosystem which can be used to market the message of compliance.

Last week I wrote that there are still many companies who do not allow their employees access to the most popular and useful social media tools at work or even on company computers. While these companies always claim it is due to security issues, the reality is that they simply do not trust or even respect their employees. In such a company, management is much more concerned about what employees might say about an organization than trusting that they not only want to do the right thing but will execute such a strategy when provided the opportunity to do so, through the mechanism of social media. This means that companies which trust and respect their employees do not have to worry about employees releasing confidential data through social media channels because there are plenty of other ways that employees can release confidential information if they were so inclined. Indeed think of the Dodd-Frank Whistleblower provision and how many employees who report to the Securities and Exchange Commission (SEC) reported or tried to report internally before going to the SEC. Simply put if a company does not trust and respect its employee base, communicating the message of compliance throughout an organization will be more difficult but that is clearly not the signal senior management is sending to its employees.

The compliance function must engage with its customer base, AKA the employees in a company. Charlene Li, in her recent work “The Engaged Leader”, said in the introduction “In order to be truly effective today, leaders in business and society must change how they engage, and in particular how they establish and maintain relationships with their followers via digital channels.” The same is true for the compliance function. She believes that technology has changed the dynamic between leaders and their followers. In The Engaged Leader she explains:

  • Why leaders need to master a new way of developing relationships, which begins by stepping out of traditional hierarchies
  • How to listen at scale, share to shape, and engage to transform
  • The art of making this transformative mind shift
  • The science of applying the right tools to meet your strategic goals

Li believes that “This transformation is not optional. Those who choose not to make this change will be abandoned for those who inspire people to follow them.” In an interview for the podcast HBR Ideacast, entitled ““Social Media Savvy CEO” is no Oxymoron, Li further expounded on these views. She asked why a leader would be afraid to engage with those in his or her corporation? But more than simply engagement, she asked why would a leader want to cut themself off from the best source of information for them and available to them; their employee base, through social media. After all, every company strives to have an active engagement with their customer base so why not have it with employees.

Now change out Li’s language from ‘leaders’ and insert ‘CCOs or compliance practitioners’. I think it is even more critical for the CCO or compliance practitioner because doing compliance is something that should occur in the business units. Yes a CCO can put those policies and procedures in place but it is the folks in the field who must implement them going forward. If social media can be a tool to help facilitate doing compliance why not embrace it for communications, training, input, problem identification or resolution?

Yet there is another reason for the compliance function to embrace social media going forward. One of my favorite thought leaders around innovation in the legal arena is Professor David Orozco. In a blog post, entitled “Innovation in the Legal Sector”, he said, “Innovation is a big deal. It’s been a big deal ever since customers rewarded differentiation and punished companies that failed to maintain their creative edge.” The same is equally, if not more so, applicable to the compliance arena. The Department of Justice (DOJ) has consistently made clear that FCPA compliance programs should be evolving and using the newest and best tools available. That sounds suspiciously like social media to me. So if these tools are available to you and at a very reasonable cost (i.e. free) why not consider using them. If you are afraid of information getting out of your company, why not consider using the social media concepts behind your firewall in your company intranet system?

Finally, even if you cannot use some of the publicly available tools discussed earlier, there is no reason that you cannot incorporate the concepts into your compliance program. By that I mean you can use the communication ideas inside of your company for your compliance program. You can create the equivalent of a Tweet-Up where the CCO or others answer questions that employees submit. Similarly, you can live stream a Q&A session using the concepts articulated by Meerkat and Periscope for social media live streaming. Pinning compliance reminders or other information in some type of internal company bulletin board is using the basic concept of Pinterest. I am sure that you can accomplish the same by using SharePoint. Why not create an internal compliance reminder video series using the same tools that a millennial would use to create a Facebook post?

Think all of this sounds far-fetched? Think again. In this month’s issue of the Compliance Week magazine, Guest Columnist Raphael Richmond, the CCO at Ford Motor Company, in an article entitled “Compliance? There Should Be an App for That!, detailed how the company has created an app for iPhone and Android devices that “allows users to access compliance information quickly, including brief, easy-to-understand policy summaries and answers to frequently asked questions (FAQs). The app also has a “Can I … ?” tab that acts as a quick decision tree for finding specific answers to commonly asked questions. Topics in our app address a range of compliance issues, from anti-bribery guidance to Ford’s approach to gifts and favors, meals, travel, and social events. Individuals can also report a suspected violation directly from the app to the Corporate Compliance Office.” It will certainly be exciting to see how Ford develops this tool going forward.

I often say that as a CCO or compliance practitioner you are only limited by your imagination. The use of social media in your compliance function is one that is crying out for imaginative usages. As we move to CCO 3.0, the compliance function will need to avail itself of all the tools it can to communicate the message of compliance. The DOJ currently requires companies that enter into Deferred Prosecution Agreements (DPAs) to keep abreast of technological innovations in compliance. How long do you think it will take for the DOJ to start asking how much compliance communication you have both up and down the chain? If you are not using a social media tool or even a social media technique you may already be behind the 8-ball and you certainly will be left behind in the marketplace of ideas going forward.

I hope that you have enjoyed this six-part series on the use of social media in your compliance program as much as I have enjoyed researching it, writing and posting it. If you are currently using social media tools, concepts or techniques in your compliance program please contact me, as I would appreciate the opportunity to learn more about what your organization is up to in that realm. Also, please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, the FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

What Pet Should I Get?Earlier this month we had the release of a second book by Harper Lee, “Go Set a Watchman”, which was miraculously discovered having been written some 50+ years ago. This week, there was another release from a (now deceased) author from a newly discovered source. I of course refer to the release yesterday of the new Dr. Seuss book “What Pet Should I Get?, published Random House, which informs today’s compliance lesson.

The book was discovered by Seuss’ widow, as noted in the Sunday New York Times (NYT) Book Review article, entitled “Dr. Seuss Book: Yes They Found it in a Box, when she decided to “have the rest of his notes and sketches appraised, that they closely examined the contents of that box. They found a set of brightly colored alphabet flash cards, some rough sketches titled “The Horse Museum,” and a manila folder marked “Noble Failures,” with whimsical drawings that he had been unable to find a place for in his stories. But alongside the orphaned sketches was a more complete project labeled “The Pet Shop,” 16 black-and-white illustrations, with text that he had typed on paper and taped to the drawings. The pages were stained and yellowed, but the story was all there, in Dr. Seuss’ unmistakable rollicking rhymes.” This finding became the book, What Pet Should I Get?

Reading this discovery made me ponder about how a child would pay for the pet they wanted and of course my thoughts turned to that age-old parenting quandary – the allowance. It is always a question of great interest for both parents and children. As with many things involving parent/child relationships, my views have evolved. As a teenager, I certainly had the view that an allowance was a God-given right and the more the better. I would only note that my parents did not share those views. As the father of a teenaged daughter, my views reached the much fuller expression of spoiling my daughter as often as possible. Which one is correct? I still do not have a final answer.

I thought about the ongoing debate and dialogue over the allowance when I read the Foreign Corrupt Practices Act (FCPA) enforcement action brought by the Securities and Exchange Commission (SEC) against Mead Johnson Nutrition Company (Mead Johnson). The matter was resolved via SEC Administrative proceeding that concluded with a Cease and Desist Order being agreed to by the parties. Mead Johnson agreed to pay a fine of $12.3MM which consisted of profit disgorgement of $7.7MM, prejudgment interest of $1.26MM and a civil penalty of $3MM. Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit, said in a SEC Press Release, “Mead Johnson Nutrition’s lax internal control environment enabled its subsidiary to use off-the-books slush funds to pay doctors and other health care professionals in China to recommend its baby formula and give the company marketing access to mothers.”

The enforcement action turned on violations of the accounting provisions of the FCPA. This is where the ‘allowance’ issue comes into the discussion. According to the Cease and Desist Order, “certain employees of Mead Johnson China improperly compensated HCPs, who were foreign officials under the FCPA, to recommend Mead Johnson’s infant formula to, and to improperly provide contact information for, expectant and new mothers.” One of Mead Johnson’s sales channels in China was through distributors. To facilitate this illegal conduct, funding to the distributors, called the “Distributor Allowance”, was diverted to make illegal payments. The Cease and Desist Order stated, “Although the Distributor Allowance contractually belonged to the distributors, certain members of Mead Johnson China’s workforce exercised some control over how the money was spent, and certain Mead Johnson China employees provided specific guidance to distributors concerning the use of the funds. Mead Johnson China staff also maintained certain records related to Distributor Allowance expenditure by distributors. In addition, Mead Johnson China used some of the funds to reimburse Mead Johnson China’s sales personnel for a portion of their marketing and other expenditures on behalf of Mead Johnson China.”

This tactic was clearly a violation of the company’s books and records obligations under the FCPA. By doing so, Mead Johnson was able to hide its payments to doctors and health care providers (HCPs) from not only regulators but the company’s shareholders as well. As the Cease and Desist Order noted, the company’s “records were incomplete and did not reflect that a portion of Distributor Allowance was being used contrary to Mead Johnson’s policies.” Finally, the Cease and Desist Order concluded, “Up through 2013, certain Mead Johnson China employees made payments to HCPs using funds maintained by third parties. These funds and payments from the funds were not accurately reflected on Mead Johnson China’s books and records. The books and records of Mead Johnson China were consolidated into Mead Johnson’s books and records. As a result of the misconduct of Mead Johnson China, Mead Johnson failed to make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflected its transactions as required by Section 13(b)(2)(A) of the Exchange Act.”

However Mead Johnson did not stop with books and records violations. The Distributor Allowance manipulation allowed the China business unit to “improperly compensate HCPs was contrary to management’s authorization and Mead Johnson’s internal policies. Mead Johnson failed to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that Mead Johnson China’s funding of marketing and sales expenditures through third-party distributors was done in accordance with management’s authorization.” Once again the Cease and Desist Order concluded, “Up through 2013, Mead Johnson failed to devise and maintain an adequate system of internal accounting controls to ensure that Mead Johnson China’s method of funding marketing and sales expenditures through third-party distributors was not used for unauthorized purposes, such as improperly compensating Chinese HCPs to recommend Mead Johnson’s products. As a result of such failure, the improper payments to HCPs occurred contrary to management’s authorizations, in violation of Section 13(b)(2)(B) of the Exchange Act.”

In an interesting twist Mead Johnson, based on an allegation of potential FCPA violations in China, performed an internal investigation on its China unit in 2011 and came up with no evidence. Somewhat dryly the SEC noted that the company did not make any self-disclosure around these allegations and “did not thereafter promptly disclose the existence of this allegation in response to the Commission’s inquiry into this matter.”

Yet after a second internal investigation in 2013 they turned up evidence of FCPA violations, the company “undertook significant remedial measures including: termination of senior staff at Mead Johnson China; updating and enhancing financial accounting controls; significantly revising its compliance program; enhancing Mead Johnson’s compliance division, adding positions including a second senior-level position; establishing new business conduct controls and third party due-diligence procedures and contracts; establishing a unit in China that monitors compliance and controls in China on an on-going basis; and providing employees with a method to have immediate access the company’s policies and requirements.”

While there was no statement regarding self-disclosure, the company did cooperate extensively with the SEC after the company was called to task. The Cease and Desist Order noted, “Mead Johnson subsequently provided extensive and thorough cooperation. Mead Johnson voluntarily provided reports of its investigative findings; shared its analysis of documents and summaries of witness interviews; and responded to the Commission’s requests for documents and information and provided translations of key documents. These actions assisted the Commission staff in efficiently collecting valuable evidence, including information that may not have been otherwise available to the staff.”

There are several lessons to be learned from the Mead Johnson enforcement action. If it was not clear from the GlaxoSmithKline PLC (GSK) imbroglio in China in 2013-14, your internal investigation must be thorough. Performing an investigation, finding no FCPA violations only to have a regulator sitting on your shoulder and later finding such evidence is never good. The SEC also reaffirmed its clear intention to continue to enforce the accounting provisions of the FCPA, with or without a parallel Department of Justice (DOJ) enforcement action. Companies must also take heed on their internal controls. Clearly certain China business unit employees had developed a work-around of the compliance internal controls by requiring the distributors to use their allowances to pay bribes. Internal controls must not only exist but they must be effective. That means you have to test their effectiveness, not simply tick the box that you have put them in place.

Finally, and I think Dr. Seuss’ compliance lesson is that when you give out an allowance, while you may restrict some of its uses, you certainly should not direct where the money is spent. Every kid knows that if you are told where to spend your allowance, it is really not your allowance. Perhaps Mead Johnson would do well to remember that long lost lesson from childhood.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015