Blood on the TracksOn this week in 1975, Bob Dylan’s 15th studio album, Blood on the Tracks, reached the Number 1 album slot on the Billboard charts. This was in spite of no song rising above the 31st slot on the single charts. It came out in the final semester of my senior year in high school so its personal nature was very poignant to me. Two interesting facts were that Phil Ramone was an engineer on the recording sessions and Buddy Cage played steel guitar (shout out to Chris Bauer). While I probably enjoyed it because I found it to be the most accessible Dylan album to that point, the critics most generally praised it as well, finding it to be his most reflective. Indeed his son Jakob has been quoted as saying, “When I’m listening to Blood On The Tracks, that’s about my parents.”

Last week we had a second Foreign Corrupt Practices Enforcement Action (FCPA) from the Securities and Exchange Commission (SEC). This one involved the California based entity SciClone Pharmaceuticals, Inc. (SCLN) which was assessed a penalty of $2.5MM, profit disgorgement of $9.42MM and prejudgment interest of $900K for a total penalty of $12.8MM to settle SEC charges that it violated the FCPA when employees in China pumped up sales for five years by making improper payments to professionals employed at state health institutions. The penalty was for the conduct of its Chinese subsidiary, SciClone Pharmaceuticals International Ltd.

Many of the allegations reached back over 10 years, to 2005, when the Chinese subsidiary created a special VIP program for high volume customers called health care professionals (HCPs). According to the SEC Cease and Desist Order, this special program provided “weekend trips, vacations, gifts, expensive meals, foreign language classes and entertainment” to selected VIPs. It was described internally as “luring them with the promise of profit.” Clearly not the tone a Chief Compliance Officer (CCO) would want to see from his or her top salespersons. Oops, SCLN did not have a Chinese compliance officer at the time of the incidents in question because it did not have a compliance function at the company, so I guess that tone issue never came up.

Clearly the VIP program went beyond the pale as it provided for vacations for both the VIPs and their family members. But this program also had less egregious activities such as golf tournaments followed by beer drinking. However, the subsidiary’s conduct became more nefarious in 2007 when it hired “well-connected regulatory affairs specialist (Specialist) to facilitate” the application of certain licenses the company needed to distribute a new product in China.

This Specialist originally intended to send two foreign officials who were responsible for approving this license to Greece for an academic conference related to this new medical product. However visas could not be obtained in time so “the Specialist instead provided them at least $8,600 in lavish gifts.” In addition to the foregoing, the company sent many other Chinese government officials to in the US, Japan and the Chinese resort island of Hainan where “significant sightseeing was involved” in addition to an educational component.

The company even managed to fall prey to the well known Chinese bribery conduit of travel agencies by failing to conduct any due diligence on a number of travel vendors who were used to funnel bribes and improper gifts and trips involving improper sightseeing and tourist expenditures. Then again this may have been intentional given the overall posture of the subsidiary and its parent. Nevertheless it was another compliance program failure.

Finally, as part of SCLN’s internal investigation, after the discovery of all of the above, an “internal review of promotion expenses of employees from 2011 to early 2013. This review found high exception rates indicating violations of corporate policy that ranged from fake fapiao, inconsistent amounts or dates with fapiao, excessive gift or meal amounts, unverified events, doctored honoraria agreements, and duplicative meetings. A portion of the funds generated through the reimbursements were used as part of the sales practices described above that continued through at least 2012.”

Noting the foregoing conduct, the SEC Order held that SCLN did not have the appropriate internal controls in place for any type of FCPA compliance program. Both the subsidiary and parent engaged in false accounting entries by “recording the payments to health care providers as sales, marketing, and promotional expenses.” So SCLN violated both prongs of the Accounting Provisions of the FCPA , those being the accounting and internal controls provisions.

However, SCLN did make a come back which led to the relatively low fine and penalty. As noted in the Order, the company took steps, “to improve its internal accounting controls and to create a dedicated compliance function. These include the following: (1) hiring a compliance officer for its China operations; (2) undertaking an extensive review of the policies and procedures surrounding employee travel and entertainment reimbursements; (3) substantially reducing the number of suppliers providing third-party travel and event planning services; (4) improving its policies and procedures around third-party due diligence and payments; (5) incorporating anti-corruption provisions in its third-party contracts; (6) providing anti-corruption training to its third-party travel and event planning vendors; (7) disciplining employees (and their managers) who violate SciClone’s policies; and (8) creating an internal audit department and compliance department.”

Lessons Learned

Mike Volkov has called the SCLN enforcement action, “A Textbook Case of FCPA Violations for Gifts, Meals, Entertainment and Travel”. I would add that it is the textbook case for CCOs and compliance practitioners to study for lessons learned. The first thing is to review your own compliance program to see if any of these anomalies that SCLN engaged in appear in your Chinese operations or any other high risk areas. Beyond these general reviews, I would suggest a more detailed transaction monitoring and data analytics approach, which would involve:

  • Tracking not only the expenses paid for gifts, travel and entertainment by employees but tying this information back to the foreign government officials who received these benefits;
  • Look to any third parties who may have been involved in any of the foregoing, such as the ubiquitous Chinese travel agencies or the more iniquitous ‘Specialist’ who might be involved in facilitating license approvals;
  • Consider the positions which were lavished with such gifts, entertainment or travel. Did any of these persons make any approvals or decisions which allowed your company to obtain or retain business immediately before or after such treatment?

Finally, consider the thoughts of Scott Lane, Executive Chairman of the Red Flag Group, where he described the line of sight a compliance practitioner needed. Lane described the data points that a CCO or compliance practitioner should have visibility into going forward. By looking down a straight line at all of this information derived from the SCLN enforcement matter, the compliance function can identify measures to improve any high risk issues before they move to FCPA violations. While gifts, travel and entertainment expenses might be on your company’s radar for compliance department pre-approval, if they are spent on one or two government officials who may influence deal making authority regarding your company’s business it may well merit a more detailed analysis.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

CyclocrossOn this day in 1934, Hammerin’ Hank Aaron was born; who for my money is the greatest home run hitter ever. He began his professional baseball career in 1952 in the Negro League but soon joined the Milwaukee Braves of the National League in 1954, eight years after Jackie Robinson had integrated baseball. He quickly established himself as an important player for the Braves and won the National League batting title in 1956. The following season, he took home the league’s Most Valuable Player (MVP) award and helped the Braves beat Mickey Mantle and the heavily favored New York Yankees in the World Series. The Braves returned to the World Series in 1958 but lost to the Yankees in seven games.

In 1959, Aaron won his second league batting title. He hit .300 or higher for 14 seasons and slugged out at least 40 homers in eight separate seasons. In May 1970, he became the first player in baseball to record 500 homers and 3,000 hits. I will never forget Milo Hamilton’s call of Aaron’s shot to break Babe Ruth’s record of 714 career home runs, on April 8, 1974, against the Los Angeles Dodgers. Aaron retired in 1976 with 755 total homers, 2297 career runs batted in, 6856 career total bases and 1477 career extra base hits; the final three records still standing.

Aaron’s career home run records stand in stark contrast to the man who broke his record, Barry Bonds, who is believed to have used performance enhancing drugs to break the record. While Bonds’ cheating may not have been proven that of Lance Armstrong in cycling is well known and well documented. One of the most interesting (or perhaps saddest) things which occurred when Armstrong finally admitted he had doped was that cheating was so wide-spread in the sport there was no one left to award the vacated first place awards to after Armstrong was stripped of his.

Yet as bad as cheating in cycling was, it actually may have been taken to a new level with the introduction of what the Wall Street Journal (WSJ) called “technological fraud”. In an article entitled “Cycling’s New Scandal is a Motor” Jason Gay detailed that the latest scandal to hit international cycling events is the motorization of the bike. He wrote, “I’m talking about an elite-level cyclist getting busted this weekend for a motor in a bicycle. That’s right, a motor inside a leg-powered bicycle. Just when you think you’ve heard it all about illegal performance enhancement in sports, here comes … vroooooooooom … perhaps the goofiest scandal ever.”

The motor appeared in the bike of Femke Van dem Driessche in the sport of cyclocross, which combines cycling, some running with the bike on your shoulder and clearing obstacles such as barriers and steps. Gay reported that Union Cycliste Internationale President Brian Cook confirmed that there was “a concealed motor” at a news conference. You do have to admire cyclist Van dem Driessche who mounted the best big dog ate my homework since at least the Pink Panther movies when she said denied that it was her bike, adding, “I would never cheat.”

Even Gay admitted the entire episode sounded so preposterous as to be absurd, yet he noted, “It sounds absurd, but such technology exists. Small, battery-powered motors have been made that can fit inside the bottom bracket of a bicycle, near the pedals, which can be turned on and off with the push of a hidden button. It isn’t as if the bike suddenly turns into a Harley-Davidson – instead, the motor gives the rider an artificial push as he or she continues to pedal the bike.”

Sadly, Gay cited to Katie Compton, a US cyclocross racer, who was quoted as saying, “I didn’t think that it would actually ever happen.” Even worse she said, “this has probably been happening on the road more than anyone realizes”. Gay also quoted former men’s US cyclocross champion Tim Johnson who said he was “ashamed to have this happen in our sport.”

Obviously this is a problem. But it also speaks to why the myth of the rogue employee is simply that, a myth. How many people do you think it took to develop and sell the motor unit, custom made for cyclocross? Then who do you think installed it? Too bad Van den Driessche is not German, as perhaps she could advise Volkswagen going forward on how to claim its 10-year program to defraud emissions testing was the result of ‘rogue engineers’.

How about the most recent Foreign Corrupt Practices Act (FCPA) enforcement action involving SAP? There have been rumblings that the former head of Latin America Sales, Vicente Garcia, was that pesky lone wolf, the rogue employee. He somehow managed to create a slush fund for the payment of bribes all on his own by intentionally deceiving his employer, the worldwide software giant SAP. Does anyone realistically think he did this all on his own?

But perhaps the more important question is the following: if Garcia defrauded a $85bn company, according to the site NetWorth.com; what does it say about the internal controls of a company that allowed a senior level employee to do this and indeed one who admitted that he believed paying such bribes was necessary to secure both the initial contract and additional Panamanian government contracts.

The tale of the rogue employee likens to the explanation that it was really just human error. The problem with this is there is no exploration of the compliance system failures that allowed the employee to engage in the bribery and corruption. Even if an employee can evade the controls in a system at one level there should be another level of oversight. In Garcia’s case, it appears he could set the discount rate for the corrupt distributor through which the bribe was paid in addition to the sales price with no meaningful oversight.

What about cheating by putting a motor on a leg powered bicycle? Gay said it was probably “a punch line too far”, and quoted Johnson for the following, “I laugh and you laugh, but it’s really not funny. It sucks.”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

SECThe Foreign Corrupt Practices Act (FCPA) enforcement journey, which began last summer with the guilty plea of Vicente Garcia for the payment of bribes to obtain contracts in Panama for his employer, SAP International, ended this week with the release of the Securities and Exchange Commission (SEC) civil action against the parent of SAP International, SAP SE, a German company. The case was concluded via a Cease and Desist Order (the “Order”). The fine was a relatively small $3.7MM with prejudgment interest of another $188K.

The facts were straightforward, which Garcia had previously admitted to in his guilty plea and sentencing hearing last December. He circumvented SAP internal controls to create a slush fund from which to pay bribes. To do so, he had to actively evade an internal compliance system that had stopped him from hiring a corrupt agent to facilitate the bribe payments. Frustrated by the success of the SAP compliance function to stop his initial bribery scheme, he then turned to using a previously approved distributor to facilitate the payment. He did so through giving this distributor an extra ordinary discount. The corrupt distributor then sold the SAP products to the Panamanian government at full price and used the price difference to fund the bribes to the corrupt government officials. This led to a $14.5MM sale to the distributor with $3.7MM in profits to SAP. Hence, the amount of profit disgorgement.

The bribery scheme is a clear lesson for any company that utilizes a distribution model in the sale chain. Bill Athanas, a partner in Waller Lansden Dortch & Davis LLP, has articulated a risk management technique for this type of bribery scheme, which he has called Distributor Authorization Request (DAR) and it provides a framework to help provide a business justification for any such discount, assess/manage and document any discount offered to a distributor. 

It begins with a DAR template, which is designed to capture the particulars of a given request and allows for an informed decision about whether it should be granted. Because the specifics of a particular DAR are critical to evaluating its legitimacy, it is expected that the employee submitting the DAR will provide details about how the request originated as well as an explanation in the business justification for the elevated discount. In addition, the DAR template should be designed so as to identify gaps in compliance that may otherwise go undetected.

The next step is that channels should be created to evaluate DARs. The precise structure of that system will depend on several factors, but ideally the goal should be to allow for tiered levels of approval. Athanas believes that three levels of approval are sufficient, but can be expanded or contracted as necessary. The key is the greater the discount contemplated, the more scrutiny the DAR should receive. The goal is to ensure that all DARs are vetted in an appropriately thorough fashion without negatively impacting the company’s ability to function efficiently.

Once the information gathering, review and approval processes are formulated, there must be a system in place to track, record and evaluate information relating to DARs, both approved and denied. The documentation of the total number of DARs allows companies to more accurately determine where and why discounts are increasing, whether the standard discount range should be raised or lowered, and gauge the level of commitment to compliance within the company. This information, in turn, leaves these companies better equipped to respond to government inquiries down the road.

Yet in addition to the DAR risk management technique advocated by Athanas is more robust transaction monitoring in your compliance program going forward. As noted in the Order, one of the remedial measures engaged in by SAP after the bribery and corruption was detected was that the company “audited all recent public sector Latin American transactions, regardless of Garcia’s involvement, to analyze partner profit margin data especially in comparison to discounts so that any trends could be spotted and high profit margin transactions could be identified for further investigation and review.”

This is the type of transaction monitoring which a Chief Compliance Officer (CCO) or compliance practitioner traditionally does not engage in on a pro-active basis. However this is clearly the direction that US regulators want to see companies moving towards as compliance programs evolve.

Here a couple of questions would seem relevant. What happened? and How do you know? In answering these questions, it is clearly important that there should be an understanding of the business cause of significant sales and that there could be other issues involved in the situation that may require consideration by the compliance practitioner. While a company would usually only consider an analysis of variations at the level at which the sales increase was material, this was not the path taken by SAP in their post-incident investigation. Moreover, such a sales increase would most probably be material for the Panama region and certainly for the employee in question.

Once the appropriate level is determined, direct questions should be asked and answered at that level. Explanations of a sales increase as being the result of the appointment of a new head of business development or a more aggressive sales manager should not simply be taken at face value. Questions such as what techniques were used; what was the marketing spend; how much was spent on discounts to distributors; etc., might help to get at the true underlying reason for a spike in sales. Further, a company should review its findings over subsequent periods for confirmation. So, for example, if a sales increase legitimately appears to be due to the efforts of a new person in the territory or region, is that same increase sustained in later periods? The answer to such a question might identify red flags indicating the need for further review.

A final lesson to be considered is when you have an employee like Garcia. Is he a rogue employee? Does rogue mean his behavior is only sociopathic so that he appears to operating within the rules? Or were there clear signs that greater scrutiny needed to put in place? What about his clear attempt to bring in a corrupt agent, at the last minute of a deal to facilitate it? This is a clear red flag and was not approved by SAP compliance. Does this put the company on notice that an employee is not only willing to go beyond the rules but also engage in illegal conduct down the road? How many passes does such an employee get before they are shown the door?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

DOJForeign Corrupt Practices Act (FCPA) enforcement by the Department of Justice (DOJ) was a bit different in 2015 than the preceding years. Obviously the record fines and penalties of 2014 dropped considerably. Further, there was the Joseph Sigelman trial disaster where the DOJ had to change horses in mid-stream and offer a very attractive deal to the defendant after the government’s star witness folded on the witness stand. Yet most of the DOJ nay-sayers conveniently forgot that Sigelman did plead guilty to violating the FCPA, along with two other former executives and with their former company PetroTiger admitting to conduct at issue, it would seem to mitigate the trial issues.

There were a couple of notable DOJ enforcement actions around the FCPA in 2015. The enforcement action involving IAP Worldwide Services, Inc. (IAP or “the company”) and its former Vice President (VP) James Rama, where the company agreed to a fine of $7.1MM was a bit of a head scratcher. While Rama pled guilty to a single count of conspiracy to violate the FCPA and was sentenced to 120 days in prison, IAP secured a Non-Prosecution Agreement (NPA) in addition to its fine.

What it is difficult to determine from the company NPA and Rama Plea Agreement is what conduct the company engaged in which led to the NPA because clearly both the company and Rama engaged in conduct that violated the FCPA. Under the facts presented it would appear that this case was egregious. There was a US company, setting up a scheme to pay bribes through both a US person, who was a former employee, and a foreign third party agent. Meetings to facilitate the scheme were held in the US and monies to fund bribes were wired out of a US bank account. There was nothing reported in the NPA which indicated that the company self-disclosed this FCPA violation. While there were statements of cooperation and remediation going forward, there was nothing other than the standard boilerplate language generally seen in NPAs.

In July, Louis Berger International Inc. (LBI) received a Deferred Prosecution Agreement (DPA) for its FCPA sins. As reported by the FCPA Blog, the “company, admitted violating the Foreign Corrupt Practices Act and agreed to pay a $17.1 million criminal penalty. The company said it bribed foreign officials in India, Indonesia, Vietnam, and Kuwait to win construction management contracts.” Two of its former executives, Richard Hirsch and James McClung, also pleaded guilty to conspiracy and FCPA charges. Both are currently scheduled to be sentenced in February, 2016.

In its Press Release the DOJ reported, “it gave Louis Berger a DPA because the company self reported the FCPA offenses and made U.S. and foreign employees available for interviews. The company collected and organized evidence for federal investigators and undertook “extensive remediation, including terminating the officers and employees responsible for the corrupt payments.” It also promised to improve its compliance program and internal controls.”

Contrasting the Sigelman trial were several high profiles cases where individuals pled guilty and were sentenced in 2015, most notably several former executives and employees of Direct Access Partners LLC (DAP). Former Chief Executive Officer (CEO) Benito Chinea, was sentenced to four years in prison and forfeited $3.6 million for bribing a Venezuela state bank official in return for bond trading business. Former Managing Director Joseph DeMeneses, was sentenced to four years in prison and ordered to forfeit nearly $2.7 after pleading guilty. Former Managing Partner Ernesto Lujan, was sentenced to two years in prison and ordered to forfeit $18.5 million for bribing a Venezuela state bank official. Former Senior Vice President Tomas Clarke pleaded guilty and was sentenced to two years in prison and ordered to forfeit nearly $5.8 million. Finally, Broker Jose Alejandro Hurtado was sentenced to three years in prison and ordered to forfeit nearly $11.9 million for being the middleman in a scheme to bribe a Venezuela state bank official in exchange for bond trading work.

In December Vicente Eduardo Garcia, a former Regional Director of Enterprise Software for SAP International Inc., was sentenced to 22 months in prison for bribing officials in Panama to win government contracts. Garcia admitted that he conspired with others, including advisors and consultants to SAP, to pay bribes to two Panamanian government officials, as well as to the agent of a third government official, with the understanding that a portion of the money would be paid to the third official. Garcia used sham contracts and false invoices to disguise the bribes. The money shot in this case was set out in the DOJ Press Release, which stated “Garcia further admitted that he believed paying such bribes was necessary to secure both the initial contract and additional Panamanian government contracts.” The bribery scheme netted the Panamanian SAP channel ops partner at least one contract valued at $14.5MM.

Other than the priceless quote from Garcia above, the year was fairly quiet on the DOJ enforcement front; there were no blockbuster settlements as we saw in 2014. However, that does not mean the year was not significant for the compliance practitioner. The DOJ provide quite a bit of solid information to the Chief Compliance Officer (CCO) and compliance practitioner. The Yates Memo set out a new calculus for the receipt of any cooperation credit for a company embroiled in a FCPA investigation (emphasis was in the original Memo). Now if a company desires such credit it must investigate and turn over information on individuals in the corporation involved, directly or indirectly (that is the question) before it even gets to the question of an effective compliance program.

Immediately after the release of the Yates Memo came news the DOJ was hiring a compliance program subject matter expert (SME) in a new Compliance Counsel role. This new hire turned out to be Hui Chen, an experienced corporate compliance practitioner who is also an ex-DOJer. Through Ms. Chen and through remarks by Assistant Attorney General Leslie R. Caldwell, the DOJ communicated its expectations around how this new position would evaluate the compliance programs of company’s in enforcement actions before the DOJ.

Caldwell laid out these metrics or factors the Compliance Counsel would utilize in her evaluation using the following factors:

  • Does the institution ensure that its directors and senior managers provide strong, explicit and visible support for its corporate compliance policies?
  • Do the people who are responsible for compliance have stature within the company? Do compliance teams get adequate funding and access to necessary resources? Of course, we won’t expect that a smaller company has the same compliance resources as a Fortune-50 company.
  • Are the institution’s compliance policies clear and in writing? Are they easily understood by employees? Are the policies translated into languages spoken by the company’s employees?
  • Does the institution ensure that its compliance policies are effectively communicated to all employees? Are its written policies easy for employees to find? Do employees have repeated training, which should include direction regarding what to do or with whom to consult when issues arise?
  • Does the institution review its policies and practices to keep them up to date with evolving risks and circumstances? This is especially important if a U.S.-based entity acquires or merges with another business, especially a foreign one.
  • Are there mechanisms to enforce compliance policies? Those include both incentivizing good compliance and disciplining violations. Is discipline even handed? The department does not look favorably on situations in which low-level employees who may have engaged in misconduct are terminated, but the more senior people who either directed or deliberately turned a blind eye to the conduct suffer no consequences. Such action sends the wrong message – to other employees, to the market and to the government – about the institution’s commitment to compliance.
  • Does the institution sensitize third parties like vendors, agents or consultants to the company’s expectation that its partners are also serious about compliance? This means more than including boilerplate language in a contract. It means taking action – including termination of a business relationship – if a partner demonstrates a lack of respect for laws and policies. And that attitude toward partner compliance must exist regardless of geographic location.

While the DOJ enforcement actions against companies for FCPA violations may have taken a dip in 2015, the DOJ aggressively pursued and brought to justice several individuals who violated the FCPA. Yet, for the compliance practitioner, the biggest information came from the Caldwell, Yates and Chen’s public comments around compliance programs and what the DOJ would evaluate going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016