The Patriots won the Super Bowl (yet again). Even more significantly This Week in FCPA is now on Spotify. To celebrate, Tom and Jay are back to at some of this week’s top compliance and ethics stories which caught their collective eyes.

  1. Goldman Sachs considers clawbacks from former execs involved in the 1MDB scandal. Matthew Goldstein reports in the New York Times.
  2. What were last year’s trends in NPAs and DPAs. Joseph Warin, Kendall Day and Melissa Farrar pen their thoughts in Law360.
  3. Stupid CEO remarks=new activist investor on Board. The Papa John saga continues. Julie Jargon in the Wall Street Journal.
  4. An intriguing analysis of the Wells Fargo scandal. Brian Taylor in the Harvard Law School Forum on Corporate Goverance and Financial Regulation.
  5. Bring out your dead. Did Wells Fargo have branches in Austrailia? Jamie Tarabay reports in the New York Times.
  6. It’s Friday afternoon. Where are your bankers? Sam Rubenfeld reports on the continuing saga of the Central Bank of Bangladesh bank heist in the WSJ Risk and Corruption Journal.
  7. Why is tennis so susceptible to corruption? The BBC previews its TV report with a story about Karim Hossam on its online site, BBC.com. Ross Evans explores in the Global Anti-Corruption Blogin Part I and in Part II.
  8. Is your organization’s culture toxic? How can you assess? Benjamin van Rooij, Adam Fine, and Judy van der Graaf explore in NYU’s Compliance and Enforcement Blog.
  9. Did the Commerce Department violate federal law in a monitor selection? Ryan Barber reports in the National Law Journal. (sub req’d)
  10. Tom has a 5-part podcast series on moving from disconnected to connected compliance, sponsored by GAN Integrity. Check out the following: Part 1-What is Disconnected Compliance; Part 2-What is Connected Compliance; Part 3– Constructing a Connected Compliance Program; Part 4-Tech and Connected Compliance; Part 5-Connected Compliance and the Human Element. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoply and YouTube. The Compliance Podcast Network is now also on Spotify. It is soon to be on Corporate Compliance Insights.
  11. Tom and Jay are speaking at the Assent Compliance, Supply Chain Conference in San Diego, on February 13. If you are interested in supply chain, compliance or the FCPA, please come by and check it out. Registration and agenda are available here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

This blog post concludes my multi-part exploration of the Petróleo Brasileiro S.A. – Petrobras (Petrobras) Foreign Corrupt Practices Act (FCPA) enforcement action. Today we consider the stunning result achieved by Petrobras – a Non-Prosecution Agreement (NPA).

The Petrobras FCPA enforcement action came in the form of a NPA  with the Department of Justice (DOJ) and Cease and Desist Order (Order) with the Securities and Exchange Commission (SEC). The penalties were stunning. The FCPA Blog reported the settlement included a criminal penalty of $853.2 million. The SEC penalty included $933.5 million civil penalty of profit disgorgement but Petrobras was given credit for the $2.95 million it had previously paid to settle its shareholder lawsuit in the US.

Under the NPA, Petrobras will pay 10 percent or $85.3 million of the criminal penalty to the DOJ and another 10 percent to the SEC. Petrobras will pay the remaining 80 percent or $682.5 million to the Ministerio Publico Federal in Brazil. The DOJ fine represents a 25% discount off the low end of the range of the US Sentencing Guidelines. In addition to the eye-popping monetary fine and penalty, there was no independent monitor required by the DOJ or SEC.

Dick Cassin has found the Petrobras FCPA enforcement action to be the highest amount of all-time, landing it as Number 1 on the Top Ten list. Even if you disagree with that assessment, it clearly comes in at Number 3 on the international enforcement list based upon the corruption fine and penalty. If you add in the $2.95 million paid in the shareholder action here in the US, the overall fine, penalty and settlement payments take Petrobras to the top of the international list.

What is a Chief Compliance Officer (CCO), compliance practitioner, General Counsel (GC) or even a Board of Directors to make of the NPA? Clearly, from the NPA and Order, Petrobras engaged in corruption of the highest order and at the highest levels, right up to the Board of Directors.  The starting point for any discussion is the FCPA Corporate Enforcement Policy (Policy) announced by Rod Rosenstein last November.

Under the Policy, there is a presumption of a declination if four criteria are met: (1) self-disclosure; (2) extensive cooperation; (3) extensive remediation; and (4) profit disgorgement. However, even if a company meets these four criteria, if there are “aggravating circumstances” defined as “involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism” a declination may not be achieved. All of this turns on self-disclosure. If there is no self-disclosure this section does not come into play.

Yet that is not the end of the inquiry as the Policy goes on to state, “If a company did not voluntarily disclose its misconduct to the Department of Justice (the Department) in accordance with the standards set forth above, but later fully cooperated and timely and appropriately remediated in accordance with the standards set forth above, the company will receive, or the Department will recommend to a sentencing court, up to a 25% reduction off of the low end of the U.S.S.G. fine range.” This section has no qualifying language involving “aggravating circumstances” so it would appear that if a company meets the twin requirements of (1) full cooperation and (2) timely and appropriate remediation, they can garner up to a 25% discount. That is apparently what Petrobras did and it explains how they received the discount.

The cooperation included a “thorough” internal investigation followed by real-time sharing of the information with the DOJ and SEC. The company translated documents and made witnesses available to the government. Petrobras assisted the DOJ, SEC and Brazilian authorities in other investigations and provided information on individuals involved in the bribery and corruption.

The remediation was very extensive. It included tossing out the corrupt Board of Directors and Executive Board and bringing in a clean slate. These groups were insulated from political control or interference. A new corporate governance structure was put in place, including a new Division of Governance and Compliance. A ‘four-eyes’ policy was put in place to provide oversight on key purchasing functions and other functions which award company business.

The old and ineffective compliance policies and procedures were thrown out and a new set of best practices, compliance policies and procedures were put in place. A new internal reporting system, including an Ombudsman, and a new internal compliance controls were implemented. There were multiple terminations and employment separations for employees involved in the bribery and corruption as well as other forms of discipline. Extensive training was put on for all levels of the company as well as more robust financial controls including segregation of duties (SODs) and delegations of authority (DOAs) were revised. In short, an entire new compliance regime was installed and (hopefully) all the bad actors were thrown out.

Yet all of that does not fully explain how or why Petrobras received a NPA instead of a DeferredProsecution Agreement (DPA). I think one must go outside the eight corners of the documents (both the NPA and Order) to consider the massive penalty paid by the company, $1.87 bn + $2.95 bn in the shareholder case, and one can only imagine the pre-settlement investigative costs of a minimum of 2 times the corruption fine and penalty. There are also the numbers of Brazilians convicted criminally around the Petrobras matter, Car Wash scandal and the massive disruption to the Brazilian political system. Another factor to consider is the cooperation by Petrobras in not only its own investigation but the assistance the company provided in a number of other FCPA enforcement actions, including at least SMB Offshore NV; Keppel Offshore & Marine Ltd. and Rolls-Royce PLC. There may well have been others in Brazil.

While the remediation is most directly tied to the 25% reduction of the minimum from the Sentencing Guidelines, it no doubt also played a part in the NPA calculus. While no US monitor was appointed, the NPA specifically noted there would be Brazilian authorities oversight, coupled with an ongoing reporting requirement and end of NPA certification. This must portend a high degree of DOJ confidence in Petrobras to follow through with its agreements in the NPA.

Finally, there may be the message the DOJ is sending. The facts in this case were as bad as almost any FCPA enforcement action around. The only other ones which rival it are the other billion-dollar international corruption settlements: Siemens, Odebrecht and JBF. Perhaps one of the intended messages is that no matter how bad the corruption was, if you meet the requirements, even with no self-disclosure, you can make a significant comeback. If that was one of the messages the DOJ intended to send, I think it was heard loud and clear throughout every compliance function, legal department and Board of Directors; literally, across the globe. With that type of message, just think how much more powerful a self-disclosure can be.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

This week I have returned to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. During this week, I have considering themes from the short stories  found in The Return of Sherlock Holmes to illustrate broader application to components of a best practices compliance program. I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie Klinger. Today, I consider the theme of imagination in your compliance program.

Even though as the site Shmoop noted that  “Sherlock Holmes basically gave the world the entire CSI franchise” and that  “Holmes really was on the cutting edge of science in the 1890s.” did not only use scientific methods to solve crimes though. He also embraces science as a behavioral regime which was cool, rational, logical, and efficient. At times he even appears to be a forerunner of Mr. Spock because, “being a scientist and a scientific detective meant favoring the mind over emotion, and crime solving skills over social skills.” An example of this is found in The Adventure of the Empty House, where Holmes says, “All day I turned these facts over in my mind, endeavouring to hit some theory which could reconcile them all, and to find that line of least resistance which my poor friend had declared to be the starting-point of every investigation.” As Watson describes Holmes’s scientific methods here as he tries to follow his friends reasoning to solve the puzzle.”

The story The Adventure of the Empty House may well be one of the most famous in the entire Holmes oeuvre. It was the first story in over ten years, although Doyle set the tale only three years after the meeting of Holmes and Moriarty at Reichenbach Falls. Returned from touring the world, Watson and Holmes have an emotional reunion (at least for Watson) and then begin to tackle a locked room murder. This leads to Holmes being in jeopardy and putting a mannequin in his window to draw an attempted assassination attempt by Colonel Sebastian Moran, a henchman of Dr. Moriarty. Moran uses an air rifle which makes the murder and attempted murder all the more sinister.

In every recent Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) issued by the Department of Justice they all include an element along the following strictures, “The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.”[Emphasis supplied]. This means that the DOJ expects imagination in your compliance program to keep up with evolving international and industry standards. This requires you imagination in your compliance strategy.

All of this means you should begin with a strategy for your compliance program. The key to success is something that every CCO or compliance practitioner should take to heart; which is, a compliance practitioner must be able to lay out a strategy for compliance that details the efforts will support the overall business strategy. This means creating a for compliance that will create value for customers of compliance, IE., employees, third parties and customer, show how the company will capture that compliance value going forward and finally which types of compliance imagination to pursue.

If you have a good strategy, it can promote alignment among diverse groups in a company, help to clarify objectives and priorities and guide your focus on those objectives. It can also be modified as necessary and with sufficient feedback. There are several questions you need to consider in connecting your strategy to the business. Initially, how will it create value for the customers of compliance; IE., your employees and relevant third parties? Your imagination can make compliance faster, easier, quicker, nimbler and so on. Focus on that creation of value going forward. Next what types of imagination will allow the company to create and capture value, and what resources should each type receive, such as a change in technology and a change in a business process.

Obviously senior management has a key role around imagination in compliance, as imagination can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resources allocated but management must also incentivize the business units to proceed with implementing the imaginations. Another area where senior management is critical is with making trade-offs. A supply-push approach comes when your imagination is focused on something that does not yet exist, for example if you are initially implementing a FCPA compliance regime. A demand-pull approach works more closely with your existing customer base to determine what they might need and work to implement imagination around those needs.

Finally, consider what every DOJ or speaker from the Securities and Exchange Commission (SEC) I have ever heard say, when they talk about the basics of any best practices compliance program. It is that both compliance and strategies must evolve. You must recognize that your compliance program will have to be innovative. Start with a strategy which has senior management buy-in and support, then move to implement. Finally use data in a feedback loop to fine tune your imaginations. Imagination in compliance is one of the key differences between those who advocate static compliance standards embodied in a written compliance program and those who advocate an operationalized compliance program is that the latter creates an active, vibrant and effective compliance program. That is the bottom line for imagination in compliance.

I hope you have enjoyed this Sherlock Holmes inspired week as much as I have enjoyed researching it, writing it and bringing it to you. If you would like more Holmes themed compliance, please let me know.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

Today is the 74thanniversary of D-Day, the day the Allied powers crossed the English Channel and landed on the beaches of Normandy, France, beginning the liberation of Western Europe. The invasion was a success as some 155,000 Allied troops – Americans, British and Canadians – had successfully stormed Normandy’s beaches. This was in addition to the 18,000 paratroopers and glider troops who had landed the night before. While almost one year of more hard fighting was in store, it was the beginning of the end for Nazi Germany. Quora.com estimates there are only “A few thousand survivors, in their early to mid-90s. A very small number in their late 90s. A scattering of centenarians. And a very rapid rate of passing at the present time period. The “few thousand” will drop to a few hundred in a very short time span.” They are forever intertwined with history.

The Department of Justice (DOJ) announced two Foreign Corrupt Practices Act (FCPA) enforcement actions earlier this week and the intertwined nature of these two enforcement actions informs today’s blog post. The first involved SocGen S.A. (SocGen), a global financial services institution based in Paris, France, and its wholly owned subsidiary, SGA Société Générale Acceptance N.V. (SGA), who agreed to pay a combined total penalty of more than $860MM to resolve charges with criminal authorities in the US and France, including $585MM relating to a multi-year scheme to pay bribes to officials in Libya. One-half of this total was credited to a fine paid in France. This makes SocGen No. 5 on the Top Ten FCPA penalty list, displacing Halliburton and its 2009 FCPA penalty of $579MM. It also comes in at No. 10 in the Top 10 International anti-corruption enforcement actions.

SocGen also agreed to a financial penalty of $275MM for violations arising from its manipulation of the London Interbank Offered Rate (LIBOR). As noted in the DOJ Press Release, SGA “will plead guilty in the Eastern District of New York in connection with the resolution of the foreign bribery case. Together with approximately $475 million in regulatory penalties and disgorgement that Société Générale has agreed to pay to the Commodity Futures Trading Commission (CFTC) in connection with the LIBOR scheme, the total penalties to be paid by the bank exceed $1 billion.” The final resolution documents for SocGen will be a Deferred Prosecution Agreement (DPA) and Criminal Information.

According to the DOJ Press Release, between 2004 and 2009, SocGen paid bribes through a Libyan “broker” in connection with 14 investments made by Libyan state-owned financial institutions. For each transaction, SocGen paid the Libyan broker a commission of between 1 ½ to 3 percent of the nominal amount of the investments made by Libyan state institutions. In total, SocGen paid the broker over $90 million, portions of which were then paid to high-level officials in order to secure the investments from various Libyan state institutions for SocGen. As a result of the corrupt scheme, SocGen obtained 13 investments and one restructuring from the Libyan state institutions worth a total of approximately $3.66BN and earned profits of approximately $523MM.

The second involved the private equity firm Legg Mason, Inc. (Legg Mason), which entered into a Non-Prosecution Agreement (NPA) with the DOJ and agreed to pay $64.2MM to resolve an investigation into violations of the FCPA in connection with Legg Mason’s participation, through a subsidiary, in a Libyan bribery scheme. The bribery scheme was a part of the scheme used by SocGen so to some extent, the enforcement actions are related.

According to the DOJ Press Releasea Legg Mason subsidiary, Permal Group Ltd. (Permal), partnered with SocGen to solicit business from state-owned financial institutions in Libya, including the Central Bank of Libya, The Libyan Arab Foreign Bank, the Economic and Social Development Fund and the Libyan Investment Authority. During this time, SocGen paid bribes through a broker in connection with 14 investments. In seven of the transactions, SocGen paid commissions to the broker to benefit Legg Mason, through its subsidiary Permal, which managed funds invested by the Libyan state institutions. In total, SocGen paid the broker over $90MM, portions of which the Libyan broker paid to high-level officials in order to secure the investments from various Libyan state institutions for SocGen. As noted, SocGen obtained 13 investments and one restructuring from the Libyan state institutions and Legg Mason, managed seven of these investments through its subsidiary Premal, and earned profits of approximately $31.6MM.

Most interestingly, neither entity self-disclosed to the US government, so they lost the chance for a declination right off the bat. With regard to SocGen, when you couple the failure to self-disclose its misconduct to the DOJ; with its substantial, though not full, cooperation with the DOJ; laid upon the seriousness of the companies’ conduct, including the high value of the bribes paid to foreign officials, you can begin to understand the high amount of the penalty. Yet these factors were tempered by the company’s “significant remediation which, together with the company’s risk profile and ongoing monitoring by L’Agence Française Anticorruption, resulted in the” DOJ determining that a monitor was not necessary in this case.”

While Legg Mason did not voluntarily and timely disclose the conduct at issue, it fully cooperated in the investigation and fully remediated. Moreover, Legg Mason’s misconduct involved only mid-to-lower level employees of Permal and was not pervasive throughout Legg Mason or Permal. SocGen, and not Legg Mason or Permal, maintained the relationship with the Libyan broker and was responsible for originating and leading the scheme; the profits earned by Legg Mason and Permal were less than one-tenth of the profits earned by SocGen. Finally, neither Legg Mason nor Permal has a history of similar misconduct.

Tomorrow I will consider the Legg Mason NPA.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

With Wells Fargo having been fined $1 billion for behaving badly, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. Wells Fargo has been fined $1 billion for variety of alleged misdeeds. Emily Flitter and Glenn Thrush report in the New York Times.
  2. Michael Held, general counsel and executive vice president of the Legal Group at the Federal Reserve Bank of New York, talks about the 3 lines of defense. His remarks are found in the NYU Compliance and Enforcement Blog.
  3. New Assistant DAG, Matthew Miner said in private practice he wants to give corporations more breaks on sentencing and cut back on Yates Memo. Will he continue to do so now that he is on the team? Adam Dobrik reports in GIR Investigative(sub req’d)
  4. Engaging in bribery and corruption still doesn’t pay as Feds seek 40-month sentence for cooperating Florida telecom exec. Dick Cassin reports in the FCPA Blog.
  5. If you lie to the DOJ and you are under a DPA, you are in big trouble, the ZTE experience. See Dick Cassin’s report in the FCPA Blog.
  6. Yet another guilty plea in the PdVSA corruption case. This time it was Ceasar Rincon and it was for money-laundering. Henry Cutter reports on it in the Wall Street Journal, Risk and Compliance Journal. See DOJ Press Release. See also Rincon’s Indictment.
  7. Will DPAs really work outside the US? Rick Messick explores in theGlobal Anti-Corruption Blog.
  8. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.
  9. The Everything Compliance gang is back in Episode 27 with a deep dive into Mark Zuckerberg’s Facebook testimony, the Michael Cohen subpoena and more. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTubeand JDSupra.
  10. Tom will be presenting a webinar with Opus Global and Hiperos on the Convergence of ABC and GDPR, next Wednesday, April 25 at 11 AM EDT. The event is at no charge. For registration and additional information, click here.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.