SECYesterday, I used a quotation from the Oscar winning animator, Chuck Jones who described two of his well-known creations, Roadrunner and Wily E. Coyote, by referring to philosopher George Santayana’s description of fanaticism when he articulated these cartoon characters as “redoubling your effort after you’ve forgotten your aim”. That would seem to be an excellent description for the pharmaceutical giant Novartis who recently settled a Foreign Corrupt Practices Act (FCPA) enforcement action for approximately $25MM. Yesterday I reviewed the underlying facts and today, I want to consider what the company did after it discovered the illegal conduct, what its obligations may be going forward and the lessons to be learned for the compliance practitioner.

As noted in the Securities and Exchange Commission (SEC) Cease and Desist Order (the Order), Novartis began its investigation based on an ongoing SEC investigation and “in response to media reports concerning a competitor in August 2013”. Based on this information the company “instituted an expansive review of its relationships in China with travel and event planning vendors.” Novartis actions should be well considered by every Chief Compliance Officer (CCO) and compliance professional going forward. If a competitor gets into FCPA hot water, whether through an investigation or enforcement action, this is clear signal for you to consider your company’s actions in the same area, whether that competition is in products, services or, in the case of Novartis, the same geographic area. Moreover, at this point in the history of FCPA enforcements if you are doing business in China you should take a deep review into your own operations and if you are looking to do business in China, you should put the appropriate anti-corruption protections and compliance internal controls in place.

Novartis’ internal investigation identified not only several weaknesses but also clear violations. The company found (1) “the vast majority of these vendors were retained in connection with events in which HCPs [health care providers] attended.” (2) There were a significant percentage of events that did not comply with existing compliance policies and procedures. The Order noted, “This included events for which no record existed to verify it had occurred, events for which inconsistent records existed, and events that could not be verified from available information.” (3) The company also determined through the internal investigation that its Chinese subsidiaries were using the mechanism of “travel agencies and similar vendors to plan events, funds were generated that were used to provide improper payments and other inducements to HCPs in order to increase sales of Novartis products.” Implicit in this find was that the company had not properly recorded these payments by and through travel agencies in its books and records.

In the Order section entitled, “Undertakings”, the SEC laid out what the company agreed to do on a go forward basis. Over a two-year period, they agreed to “(1) conduct an initial review and submit an initial report, and (2) conduct and prepare at least two follow-up reviews and reports”. This Initial Report is to be presented within six months after the entry of the Order and is to set forth “a complete description of its Foreign Corrupt Practices Act (“FCPA”) and anti-corruption related remediation efforts to date, its proposals reasonably designed to improve the policies and procedures of Respondent for ensuring compliance with the FCPA and other applicable anticorruption laws, and the parameters of the subsequent reviews”. The Follow Up Reports are “to further monitor and assess whether the policies and procedures of Respondent are reasonably designed to detect and prevent violations of the FCPA and other applicable anti-corruption laws”.

In an interesting limitation and one no doubt in response to HSBC Deferred Prosecution Agreement (DPA), where the US District Judge overseeing the terms of the DPA ruled that “the public has a First Amendment right to see the monitor’s report”. This was over the objections of HSBC, the Department of Justice (DOJ) and the Monitor. The Order reads, “The periodic reviews and reports submitted by Respondent will likely include proprietary, financial, confidential, and competitive business information. Public disclosure of the reports could discourage cooperation, impede pending or potential government investigations and thus undermine the objectives of the reporting requirement. For these reasons, among others, the reports and the contents thereof are intended to remain and shall remain non-public, except (a) pursuant to court order, (b) as agreed by the parties in writing, (c) to the extent that the Commission staff determines in its sole discretion that disclosure would be in furtherance of the Commission’s discharge of its duties and responsibilities, or (d) is otherwise required by law.”

While the both the SEC and Novartis recognize that these reports can (always) be released if compelled by court order, as this enforcement action was resolved in the SEC Administrative Process, there would seem less likelihood that an interested citizen or even John Q. Public would seek release of this information. Further, the reporting agreed to in this Order could arguably have some attorney-client privilege as opposed to an outside third party Monitor as was selected in the HSBC matter, who could not even argue attorney-client privilege.

Even with these key differences, it is interesting to see such language in this Order and it could well be a manner for companies and the government to use going forward to help to keep follow up reports to the government post settlement confidential and away from disgruntled shareholders or their lawyers who might want to use the information in follow-on shareholder litigation. Finally, this could be one more reason companies agree to the SEC Administrative Process, to keep such information out of the public eye.

 

Remember the quote “redoubling your effort after you’ve forgotten your aim” as this would certainly seem to be an apt way to think about doing business in China, particularly under any type of FCPA analysis. Yet Novartis clearly got the message and moved to investigate, remediate, self-report and then work to make sure such issues do not arise in the future. They are to be commended for their work in this area. It would benefit the CCO and compliance practitioner to review the                                                           solid lessons from the Novartis FCPA enforcement action, especially in these key areas: (1) fraud schemes to develop monies to pay bribes; (2) weaknesses in compliance internal controls; (3) the clear benefits of self-reporting; (4) robust and effective internal investigations; (4) remediation during the pendency of an investigation; and (5) creating a process to test the effectiveness of your compliance program going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Head ScratchingLast week the Securities and Exchange Commission (SEC) concluded a Foreign Corrupt Practices Act (FPCA) enforcement action against Qualcomm Inc. for violations on the Accounting Provisions of the FCPA, including both the books and records and internal controls provisions. The enforcement action presented an interesting mix of clear FPCA violations of not having proper internal controls in place, a demonstration of the growing trend towards strict liability for violations of the Accounting Provisions and, finally, one head scratcher which would seem to point towards internal controls which did work. Taken together there are several important lessons to be learned for the compliance practitioner.

Hiring and Internal Controls Violations

In the Princeling enforcement category, first seen the Bank of New York Mellon FCPA enforcement action from 2014, we see how widely Qualcomm varied from its standard hiring protocols to hire the sons and daughters of officials of a state owned enterprise in China. Consider these business justifications for hiring a daughter of an official, as set out in the SEC Cease and Desist Order (Order):

  • “We received a request from the GM of [the telecom company’s subsidiary] to help find an internship position for her daughter (currently studying in the U.S.) within QC. I discussed this with [high level official] and determined that it would be important for us to support given our cooperation with [the subsidiary].”
  • Qualcomm employees understood that the daughter’s “parents are [SOE 2 subsidiary] Dept. GM level and gave us great help for Q.C. new business development.” Because “[the regional branch] is our strategic partner in China and plays an important role in leading all [the telecom company] adopting Qualcomm’s technologies,”
  • Qualcomm employees believed that the internship “would be important for us to support given our cooperation with [the subsidiary].” Specifically, the internship “would be good because we are doing quite a bit with [the subsidiary]”.

In another instance, the company provided the following for a son of an official:

  • support from a $75,000 research grant to an American university where he was studying, allowing him to retain his position in a PhD program and renew his student visa;
  • a Qualcomm internship;
  • subsequent permanent employment despite interviewers concluding that he did not meet Qualcomm’s hiring standards for the position; and
  • a business trip to China followed by leave to visit his parents over the Chinese New Year, despite other employees expressing concern regarding his qualifications for the assignment. The EVP also personally provided this employee with a $70,000 loan to buy a home.

What is even more amazing about the hiring of the son is that after the initial hiring interview he was rated as a “No Hire” because not only was he not a “skill match” for the company but he did not even “meet the minimum requirements for moving forward with an offer”. Finally, among the Qualcomm team involved in the interview process, “there was an agreement that he would be a drain (not even neutral) on teams he would join.” Yet he was offered a job as a “special favor”. [Emphasis supplied]. If someone is so unqualified that employing them will negatively impact the company, there must be another very good reason to hire them, such as providing a benefit to their father, who is an official under the FCPA.

Both of these instances demonstrate clear violations of internal controls around the company’s hiring process. If a candidate does not make it out of the initial interview with anything more that a “No Hire” rating that should be the end of the decision making process around compliance, full stop. Do not pass Go, do not Collect $200. As the Order succinctly noted, “FCPA compliance, however, was not considered in Qualcomm’s hiring process.” A fine and penalty for this transgression was clearly warranted, as it was a clear violation of internal controls around the company’s hiring process.

Books and Records and Strict Liability

In summary fashion, the Order states “when it provided things of value and engaged in transactions that caused the company to fail to make and keep books, records, and accounts, which, in reasonable detail accurately and fairly reflected the transactions and disposition of assets of the company.” The recordation was done in a “generic and non-descript manner that obscured their purpose.” The items and other things of value included un-named and undesignated gifts, travel and entertainment, with the specific notation that “meals, gifts and entertainments were repeatedly noted as missing from Qualcomm’s gift logs.”

This portion of the Qualcomm enforcement action points towards a growing trend of a strict liability standard in FCPA enforcement under the Accounting Provisions. While there may well be wide disagreement as to whether such a standard is warranted under the FCPA, I think it is coming and it is something every Chief Compliance Officer (CCO) and compliance practitioner needs to be ready to address if and when the day comes that your company is under the shadow of a FCPA investigation.

This means if your books and records comes under investigation, you will have to demonstrate that it meets some minimum standard that satisfies the SEC. The FCPA Guidance states, “under the “books and records” pro­vision, issuers must make and keep books, records, and accounts that, in reasonable detail, accurately and fairly reflect an issuer’s transactions and dispositions of an issu­er’s assets.” Moreover, “the accounting provisions ensure that all public companies account for all of their assets and liabilities accurately and in reasonable detail”. Obviously, the question is what is ‘reasonable detail’? This enforcement action does not provide much guidance.

The Head-Scratcher

There was one instance of the alleged failure of internal controls that seems so anomalous that it needs to be explored. I quote in full from the Order:

  1. For example, Qualcomm offered at least 15 foreign officials lavish hospitality packages worth approximately $95,000 per couple for the 2008 Beijing Olympics. Then, in mid to late-July 2008, a member of Qualcomm’s finance department raised FCPA issues related to the Olympics with Qualcomm counsel. In August 2008, just days before the Olympics began, Qualcomm rescinded the five hospitality invitations that had been accepted due to Qualcomm’s FCPA-related concerns. The disinvited guests were from three Chinese state-owned enterprises.

 Why does this seem so anomalous? It is because the company’s internal controls stopped this seeming violation. The internal controls did what they were supposed to do, detect a potential violation and even prevent it before it happened. Even if the local business folks started down this road, it is clear that the corporate office stopped it. If a compliance program is now going to be criticized in the form of an enforcement action for doing what it is supposed to do, detecting and then preventing FCPA violations, it may be will nigh impossible for any company to be in compliance with the FCPA.

Of course, this Order was the product of negotiations between the SEC and Qualcomm so there may be additional facts around this, questionable at best, hospitality play by Qualcomm. However, if there was more to this story, the SEC needs to use those facts to educate and inform companies on their obligations and not hold them liable for actually stopping bribery and corruption.

The Qualcomm FCPA enforcement action reinforces the need for robust internal controls around the hiring process. It should be studied by both the compliance function and your company’s Human Resources (HR) function. The lessons you can learn from this enforcement action can help you to forestall a similar fate for your company.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

CorruptionToday, I continue my exploration of the lessons to be learned from the VimpelCom Ltd. (VimpelCom) Foreign Corrupt Practices Act (FCPA) enforcement action. While it is clear that the company and its Uzbeki subsidiary, Unitel LLC (Unitel), engaged in an intentional bribery scheme and probably not even a best practices compliance program would have helped prevent the corrupt acts admitted by the company, there remain significant education to be mined from both VimpelCom’s and Unitel corrupt acts. Yesterday, I explored the role of VimpelCom’s Board of Directors and senior management in the failure, together with the fraudulent stock transfer. Today I want to look at the more mundane bribery schemes to instruct the Chief Compliance Officer (CCO) or compliance practitioner regarding what to look for going forward.

It must be emphasized, and even re-emphasized, that VimpelCom knew exactly what it was doing, worked very hard to hide it and lied internally about what it was doing. Of course it lied publicly as well via fraudulent books and records.

For review, Unitel funded its bribes to the Uzbeki government official through a variety of mechanism. The summary is as follows:

Bribery Scheme Amount of Bribe Paid Time Frame
Fraudulent Buy-Out $37.5MM March, 2007
Outright Cash bribe for 3G network $25MM November, 2011
False Consulting Invoices for 4G Network $2MM

$30MM

2008

2011

Corrupt Reseller Payments $10MM

$10MM

2011

2013

Total $114.5MM

Bribes Paid for 3G and 4G Networks

According to the Unitel Deferred Prosecution Agreement (DPA), the company paid bribes related to the acquisition of 3G frequencies in 2007. They were falsely recorded in VimpelCom’s consolidated books and records as the acquisition of an intangible asset, namely 3G frequencies, and as consulting expenses. In 2008 another bribe was falsely recorded in the consolidated books and records as “submission and support documentation packages seeking assignment of 24 channels to Unitel” and treated as an acquisition of an intangible asset and consulting services. Finally, the 2011 bribe related to consultancy services associated with the acquisition of 4G frequencies in 2011 was falsely recorded in their consolidated books and recorded as “consulting services” and treated as consulting services and as an acquisition of an intangible asset, namely 4G frequencies.

All of these bribes were paid to a shell company that was controlled by a daughter of a foreign official. The $2MM bribe paid, according to the DPA, was an additional obligation incurred “from the moment of payment for the acquisition of Unitel.” There was a vague attempt to hide this bribe for services but the in-house counsel involved noted that the “payout term of the amount was not specified” and the in-house attorney did “not know if all the services listed in the presentation [had] to be fulfilled as a condition for the payment.” There was a later attempt to create a sham contract for these services and backdate the contract to cover this bribe payment.

The payment of $30MM in 2011 was equally fraudulent on the company’s books and records. While it was allegedly for help in procuring some 4G licenses from the Uzbeki government, the company neither needed nor wanted these 4G licenses. The whole deal smelled so bad that one witness said, “I cannot see how I can be able to sign off on this…unless the legal FCPA analysis can clarify this and settle my concerns.”

So VimpelCom moved forward to obtain an opinion from an outside counsel. However it did so without providing outside counsel its own knowledge that a foreign official owned the shell company, through which the payments were directed, and did not provide information on the nature of the transaction or its high dollar value. It was so bad that the same witness cited above asked if “VimpelCom had received any official ‘ok’ from US Governmental body/SEC”? Unfortunately VimpelCom’s in-house counsel did not bother to provide accurate information for outside counsel to review and opine upon; coupled with an outside counsel who did not appear to know to ask the basic questions about the ownership structure or to investigate on its own. Finally, VimpelCom’s in-house counsel viewed its sham due diligence report as a legal defense if a FCPA allegation arose.

False Reseller Payments

After the previously noted payments, the corrupt foreign official was paid another $20MM in 2011 and 2013. This is far past conduct in 2005 and is much nearer in time to the present. This clearly demonstrates a company’s commitment to continued bribery and corruption. However, “Because of significant currency conversion restrictions in Uzbekistan and the inability to use Uzbek som (the Uzbek unit of currency) to obtain necessary foreign goods, UNITEL frequently entered into non-transparent transactions with purported “reseller” companies to pay foreign vendors in hard currency for the provision of goods in Uzbekistan. Typically, UNITEL would contract with a local Uzbek company in Uzbek som, and that Uzbek company’s related companies located outside of Uzbekistan would agree to pay an end supplier using the hard currency (usually, U.S. dollars).”

To pay these bribes Unitel entered into contracts for services with certain resellers that were neither necessary or where payments were made at highly inflated prices. Additionally, these contracts were made through contravention of the company’s internal controls as they “were approved without sufficient justification and bypassed the normal competitive tender processes. How fraudulent were these resellers? It was noted, “the office was “located in an old run-down house [building], without any signage” and “[t]here were no specialists [or technicians] there.” The employee recommended against using the reseller company as a contractor for UNITEL, as it was “not qualified and there are big risks . . . .” The employee who reported this was forced to “voluntarily resign”. Finally, when there was an attempt to audit these fake resellers, executives at Unitel stalled their own internal auditors and, when finally forced to present them for audit, claimed the “transaction was “not a reselling operation,” which resulted in the purported reseller company contract being removed from the audit.”

Failures

The failures up and down the VimpelCom and Unitel chain are simply mindboggling. Even when confronted with an employee who clearly understood and articulated that the transactions at issue were potential FCPA violations, senior management engaged in conscious avoidance to the violation. VimpelCom’s in-house counsel most likely committed criminal acts by limiting the information presented to outside counsel to fraudulently obtain a favorable opinion of counsel that the transaction passed muster. Basic internal controls were lacking or were completely over-ridden in selecting and using the resellers for services the company did not need or want.

Further, the company did not have any system for conducting, recording or verifying due diligence on third parties. The company did not require that consulting agreements or other contracts with third parties be for actual services or have any way to verify services were performed. There was a lack of appropriate controls around payments to single sourced vendors and a failure to audit third parties.

The VimpelCom case will be studied for some time for the failure of an entire compliance system.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

7K0A0116Yesterday I began a (now) three-part series on the Foreign Corrupt Practices Act (FCPA) enforcement actions involving PTC Inc. (PTC), Parametric Technology (Shanghai) Software Co. Ltd. and Parametric Technology (Hong Kong) Limited. PTC was previously known as Parametric Technology Corporation, and the two other companies were wholly owned subsidiaries (collectively PTC-China).

Today I want to consider some of the lessons to be learned from these enforcement actions. The Chinese subsidiaries settled with the Department of Justice (DOJ) via a Non-Prosecution Agreement (NPA) and PTC settled with the Securities and Exchange Commission (SEC) via an agreed Cease and Desist Order (Order), through a SEC Administrative Proceeding. These two settlement mechanisms mean there was no judicial involvement as nothing was filed in federal court.

Funding the Bribery Schemes

The bribery schemes utilized by the Chinese subsidiaries provide some excellent lessons for any compliance practitioner. The foremost thing to understand is that any bribery scheme is fraud and that means the perpetrators are going to try and hide it. No current bribery scheme is done in the open, even if top management is in on the act, as with Jack Stanley at KBR in the Nigerian bribery scheme. Someone, somewhere is going to try and hide what he or she is doing. That is why there are three parts to any best practices compliance program: prevent, detect and remediate. Just as the employees out in the field have a legal obligation not to violate the FCPA, a corporation sitting back home in America has the obligation to work to detect any bribery its employees might be engaging in.

The Chinese subsidiaries used at least three separate schemes to finance the bribe payments. The first was through an inflated commission scheme where the commission rate for their third party business partners, who facilitated the transactions, was between 15% to 30%. The problem was that the commission rate was not fixed until at or near the time the transaction was completed. Although PTC-China reported up the chain to the US parent, there was nothing in the record that would suggest PTC did anything other than approve the commission rate.

A second bribe funding mechanism was through fraudulent billing of third party business partners. Here the scheme was more sophisticated as the Chinese state-owned entity representative would sign off that the third party business partner had delivered certain services and then the PTC-China would make payment to these corrupt third party business partners. Of course there was no independent verification these services were actually delivered by the third party business representative.

Finally, abandoning all pretense of a valid transaction, PTC-China moved to a model called “Completely Outsourced Deals or CODs” where the monies used to pay bribes or later the illegal gifts, travel and entertainment were disguised as COD expenses related to success fees or subcontracting payment for business partners. It was through the use of these CODs that PTC-China was able to bury the $1MM+ they spent on gifts, travel and entertainment.

The inflated commission or “success fee” paid to third party business representatives coupled with the fraudulent accounting scheme, exemplified by the CODs, were then used to fund the illegal gifts, travel and entertainment. As was stated in the NPA, “If the business partner was to provide subcontracted services such as information technology services, those services might either be included in the total commission or itemized separately using a line item”; both mechanisms were used to fund and pay bribes.

Gifts, Travel and Entertainment Under the FCPA

Bribing Chinese government officials and representatives of state-owned enterprises is a well known bribery scheme. The number of cases prosecuted for such actions is long in both time and the number of companies. The problem is that payment for such travel, lodging and expenses may run afoul of the prohibition against corrupt payments (or promises of them) made to obtain or retain business. The FCPA allows payments to foreign officials for expenses related directly to “the promotion, demonstration, or explanation of products or services” that are “reasonable and bona fide” 15 U.S.C. §§ 78dd-1(c)(2)(A) and 78dd-2(c)(2)(A).

This affirmative defense, however, is notoriously hard to use because the travel and entertainment must be both reasonable and bona fide. Whatever you might think those two terms might mean; they cannot be defined as sightseeing tours across the US. In the NPA it specified, “Generally, the trips included one or two days of business activities at PTC headquarters in order to justify the trips, proceeded or followed by several days of sightseeing that lacked any business purpose and that was in fact the primary reason for the trip.”

There were a wide variety of illegal gifts provided by PTC-China as well. Gift giving is well known in China and certainly appropriate in some circumstances. Indeed PTC seemed to appreciate this as it had written policies and procedures requiring the following: “$50 monetary limits on the provision of gifts and business entertainment to government officials; requiring PTC-China sales staff to obtain preapprovals for business expenses over $500; and requiring that PTC-China sales staff document the date, place, attendees, and purpose of business entertainment and the recipient.” The problem, as noted in the SEC Order, was “These gifts were improperly recorded as legitimate business expenses.”

Tomorrow, I will review the accounting records violations, including both the internal controls and the books and records failures. I will also have some thoughts on the internal investigation and your conduct with the DOJ after you have self-disclosed a potential FCPA violation. Finally, I will consider the Deferred Prosecution Agreement (DPA) the SEC executed with former PTC-China employee, Yu Kai Yuan, in conjunction with settlement.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Blood on the TracksOn this week in 1975, Bob Dylan’s 15th studio album, Blood on the Tracks, reached the Number 1 album slot on the Billboard charts. This was in spite of no song rising above the 31st slot on the single charts. It came out in the final semester of my senior year in high school so its personal nature was very poignant to me. Two interesting facts were that Phil Ramone was an engineer on the recording sessions and Buddy Cage played steel guitar (shout out to Chris Bauer). While I probably enjoyed it because I found it to be the most accessible Dylan album to that point, the critics most generally praised it as well, finding it to be his most reflective. Indeed his son Jakob has been quoted as saying, “When I’m listening to Blood On The Tracks, that’s about my parents.”

Last week we had a second Foreign Corrupt Practices Enforcement Action (FCPA) from the Securities and Exchange Commission (SEC). This one involved the California based entity SciClone Pharmaceuticals, Inc. (SCLN) which was assessed a penalty of $2.5MM, profit disgorgement of $9.42MM and prejudgment interest of $900K for a total penalty of $12.8MM to settle SEC charges that it violated the FCPA when employees in China pumped up sales for five years by making improper payments to professionals employed at state health institutions. The penalty was for the conduct of its Chinese subsidiary, SciClone Pharmaceuticals International Ltd.

Many of the allegations reached back over 10 years, to 2005, when the Chinese subsidiary created a special VIP program for high volume customers called health care professionals (HCPs). According to the SEC Cease and Desist Order, this special program provided “weekend trips, vacations, gifts, expensive meals, foreign language classes and entertainment” to selected VIPs. It was described internally as “luring them with the promise of profit.” Clearly not the tone a Chief Compliance Officer (CCO) would want to see from his or her top salespersons. Oops, SCLN did not have a Chinese compliance officer at the time of the incidents in question because it did not have a compliance function at the company, so I guess that tone issue never came up.

Clearly the VIP program went beyond the pale as it provided for vacations for both the VIPs and their family members. But this program also had less egregious activities such as golf tournaments followed by beer drinking. However, the subsidiary’s conduct became more nefarious in 2007 when it hired “well-connected regulatory affairs specialist (Specialist) to facilitate” the application of certain licenses the company needed to distribute a new product in China.

This Specialist originally intended to send two foreign officials who were responsible for approving this license to Greece for an academic conference related to this new medical product. However visas could not be obtained in time so “the Specialist instead provided them at least $8,600 in lavish gifts.” In addition to the foregoing, the company sent many other Chinese government officials to in the US, Japan and the Chinese resort island of Hainan where “significant sightseeing was involved” in addition to an educational component.

The company even managed to fall prey to the well known Chinese bribery conduit of travel agencies by failing to conduct any due diligence on a number of travel vendors who were used to funnel bribes and improper gifts and trips involving improper sightseeing and tourist expenditures. Then again this may have been intentional given the overall posture of the subsidiary and its parent. Nevertheless it was another compliance program failure.

Finally, as part of SCLN’s internal investigation, after the discovery of all of the above, an “internal review of promotion expenses of employees from 2011 to early 2013. This review found high exception rates indicating violations of corporate policy that ranged from fake fapiao, inconsistent amounts or dates with fapiao, excessive gift or meal amounts, unverified events, doctored honoraria agreements, and duplicative meetings. A portion of the funds generated through the reimbursements were used as part of the sales practices described above that continued through at least 2012.”

Noting the foregoing conduct, the SEC Order held that SCLN did not have the appropriate internal controls in place for any type of FCPA compliance program. Both the subsidiary and parent engaged in false accounting entries by “recording the payments to health care providers as sales, marketing, and promotional expenses.” So SCLN violated both prongs of the Accounting Provisions of the FCPA , those being the accounting and internal controls provisions.

However, SCLN did make a come back which led to the relatively low fine and penalty. As noted in the Order, the company took steps, “to improve its internal accounting controls and to create a dedicated compliance function. These include the following: (1) hiring a compliance officer for its China operations; (2) undertaking an extensive review of the policies and procedures surrounding employee travel and entertainment reimbursements; (3) substantially reducing the number of suppliers providing third-party travel and event planning services; (4) improving its policies and procedures around third-party due diligence and payments; (5) incorporating anti-corruption provisions in its third-party contracts; (6) providing anti-corruption training to its third-party travel and event planning vendors; (7) disciplining employees (and their managers) who violate SciClone’s policies; and (8) creating an internal audit department and compliance department.”

Lessons Learned

Mike Volkov has called the SCLN enforcement action, “A Textbook Case of FCPA Violations for Gifts, Meals, Entertainment and Travel”. I would add that it is the textbook case for CCOs and compliance practitioners to study for lessons learned. The first thing is to review your own compliance program to see if any of these anomalies that SCLN engaged in appear in your Chinese operations or any other high risk areas. Beyond these general reviews, I would suggest a more detailed transaction monitoring and data analytics approach, which would involve:

  • Tracking not only the expenses paid for gifts, travel and entertainment by employees but tying this information back to the foreign government officials who received these benefits;
  • Look to any third parties who may have been involved in any of the foregoing, such as the ubiquitous Chinese travel agencies or the more iniquitous ‘Specialist’ who might be involved in facilitating license approvals;
  • Consider the positions which were lavished with such gifts, entertainment or travel. Did any of these persons make any approvals or decisions which allowed your company to obtain or retain business immediately before or after such treatment?

Finally, consider the thoughts of Scott Lane, Executive Chairman of the Red Flag Group, where he described the line of sight a compliance practitioner needed. Lane described the data points that a CCO or compliance practitioner should have visibility into going forward. By looking down a straight line at all of this information derived from the SCLN enforcement matter, the compliance function can identify measures to improve any high risk issues before they move to FCPA violations. While gifts, travel and entertainment expenses might be on your company’s radar for compliance department pre-approval, if they are spent on one or two government officials who may influence deal making authority regarding your company’s business it may well merit a more detailed analysis.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016