In this episode I visit with WSJ MarketWatch reporter Francine McKenna on the recently concluded Taylor Bean litigation against PwC and what it might mean for the Big 3 going forward.

oscar-meyer-wienerLast week a true American original died when Richard Trentlage passed away. If you do not know his name you certainly know signature contribution to American culture, the Oscar Meyer Weiner Song. Rather amazingly Trentlage wrote the jingle in response to a contest sponsored by the Oscar Meyer Wiener Company for a new theme in 1962 and did so in an hour. According to his  obituary in the New York Times the song “debuted in 1962 a3 and became the company’s signature advertising tune in 21 English speaking countries until 2010.” Moreover the “song became a part of the fabric of American culture, with airings on the children’s television show ‘Captain Kangaroo’, on the cartoon ‘The Jetsons’ and on an episode of the ‘The Simpsons’ in 1990. The song and its writer were true American originals.

Another original was in the news last week when the UK pharmaceutical giant GlaxoSmithKline PLC resolved its outstanding Foreign Corrupt Practices Act (FCPA) issues with its settlement with the Securities and Exchange Commission (SEC) by agreeing to pay $20 million civil penalty when China-based subsidiaries spent millions of dollars on pay-to-prescribe schemes for several years to pump up sales. Even more amazingly the company received a declination from the Department of Justice. I say even more amazingly because at the time of the conduct at issue, GSK was under a Corporate Integrity Agreement, the pharma equivalent of a Deferred Prosecution Agreement. The CIA required GSK not only to obey laws (and to pay bribes) but have a functioning compliance program in place, which the company obviously did not give one whit about, at least in China.

For those who have long forgotten our friends over at GSK (hum the Oscar Meyer Wiener theme now) they were four or five major corruption scandals ago, way back in the summer of 2013 when news broke that the Chinese  government had accused the company of five years of institutional bribery and corruption. Senior GSK business unit leaders were arrested and GSK claimed to be shocked, just shocked that anyone would accuse it of bribery and corruption, especially after just paying the US government $3bn for false labeling products. Yet the corruption continued even after being reported by an anonymous whistleblower (cleverly monikered GSK Whistleblower) the company was not able to turn up any indicia of bribery and corruption in its China business in six months of looking.

As lightly as GSK apparently took these allegations, the Chinese authorities took them very seriously and in a few months of investigation turned up the massive and pervasive bribery scheme. They put numerous senior GSK China employees under house arrest and even managed to illicit a confession or two on public television.

All of this led to a secret trial in August 2014 where the company was fined approximately $490MM and the four top executives of GSK China were convicted. The non-Chinese citizens were deported. There was even a sex tape aspect to the matter but it was somewhat tangential to the case and (apparently) not a part of the SEC enforcement action. Most interestingly the SEC Order did not mention the fine paid in China and it is not part of the Order, although surely the SEC took it into account. At least I hope so.

Yet the SEC enforcement was not without some interest. The Order noted, “Between at least 2010 and June 2013, employees and agents of GSK’s China-based subsidiary and a China-based joint-venture engaged in various transactions and schemes to provide things of value to foreign officials, including healthcare professionals (“HCPs”), in order to improperly influence them and increase sales of GSK products in China.  This misconduct was facilitated in part by the use of collusive third parties that ostensibly provided legitimate travel and other services. The funds used for the improper inducements were frequently obtained under the guise of, and falsely recorded in GSK’s books and records as, legitimate travel and entertainment expense, marketing expense, speaker payments, medical associations payments, and promotion expense. Throughout this period GSK failed to devise and maintain a sufficient system of internal accounting controls and lacked an effective anticorruption compliance program. The deficiencies in GSK’s internal accounting controls and compliance program also led to instances of similar improper conduct in connection with sales in other countries in which GSK operates.”

Yet we learned more in the SEC Order about GSK China’s bribery scheme. One emphasis was the China business unit wide pervasiveness of the corruption. The Order noted that bribes were actually written into sale plans for the company, stating, “a 2013 work plan submitted by a sales representative to a regional sales manager described the intent to pay, among other things, an HCP RMB 20/box of prescribed product every month, and deliver appropriate gifts on each holiday in exchange for a guarantee of more than 40 boxes of prescribed product every month.”

There was also some attempt to investigate the conduct of the China business unit but they all failed uncover the systemic bribery of GSK China. One set of investigations noted, “During this period, local internal audit and compliance reviews identified controls deficiencies and evidence of some mechanisms that were used to fund the improper payments, but they were treated as isolated instances rather than signs of a larger problem.”

Even more damning was the following, “As early as 2010, internal audit identified problems related to sales and promotions staff practices in China. Among other findings it noted: [d]uring 2010, several new policies governing commercial activities such as grants and donations and sponsorships were introduced. The significant changes, combined with the high staff turnover, contribute to an environment where many commercial and medical staff do not understand how to apply policies or the rationale behind them. This was evidenced by approval of non-compliant activities, a lack of clarity on which policy to apply for activities such as grants, and weaknesses in documentation to support the legitimate intent of activities such as advisory.”

One wonders whether the internal audit staff was simply not competent to properly identify the bribery and corruption or if they simply knew not to look with any more depth or seeing their findings as “signs of a larger problem.” However given the finality of these resolutions with the SEC and DOJ, it is doubtful there will be any further investigations going forward as to GSK’s China issues.

Nevertheless the matter continues to present multiple lessons to be learned for the compliance practitioner. Assuming one wants to actually find nefarious conduct, stop it and then remediate it, GSK in China presents several lessons on what to look for and how to move forward. The SEC Order also re-emphasizes the bribery schemes used by the company. What the SEC Order and DOJ declination may ultimately symbolize is the end of a long and sordid affair for the company.

One might also consider the damage the scandal did to the parent company and the legacy of the soon-to-retire chief executive Sir Andrew Witty. While the scandal did not reach either the corporate parent in England and certainly not Sir Andrew, the $490MM fine in China and the $20MM fine in the US, pale beside the true cost to GSK, which was its sales targets in China. GSK had targeted the over $30 bn Chinese medical product and services market to be 20% of GSK total revenue by 2020. That strategy is now in tatters as the Chinese prosecution made GSK a non-entity in the Chinese health care market. Any transaction involving GSK involving a Chinese health care provider, invites government scrutiny. It is far easier for health care providers to purchase pharmaceuticals, health care products and medical services from companies which have not gone through such a prosecution.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

 

 

 

 

 

This Week in FCPA-Episode 19, the International Edition

Show Notes for Week ending August 26, 2016

  1. John Kerry: Corruption is ‘root cause’ of terrorism, on FCPA Blog.
  2. Eric Ben-Artzi Op-Ed piece on why he turn down his whistleblower award, as featured in the Financial Times.
  3. Lessons from History-the Tudors on compliance, from the FCPA Compliance Report.
  4. FedEx trial debacle for the DOJ, and Paul Pelletier’s recommendation to fix recent spate of ill-fated and advised DOJ prosecutions, as featured in the FCPA Blog.
  5. Hallmarks 1-5 of the Ten Hallmarks of an Effective Compliance Program, as featured in the FCPA Compliance Report.

Questions 2I continue my exploration of recent enforcement matters and issues by turning to the Johnson Controls, Inc. (JCI) Foreign Corrupt Practices Act (FCPA) enforcement action, which was announced last week. Mike Volkov has called the enforcement action a “head scratcher”. Whether you agree with Volkov’s analysis or not, the case has several significant points for the Chief Compliance Officer (CCO) or compliance practitioner, which I will review today.

The matter was settled via a Cease and Desist Order (Order) from the Securities and Exchange Commission (SEC) and a Declination issued by the Department of Justice (DOJ). For its penalty, JCI accepted over $11.8 million in profits as a result of approximately $4.9 million in improper payments made by China Marine. JCI agreed to disgorge these profits, pay pre-judgment interest of $1,382,561 and a civil penalty of $1,180,000 for a total amount of $14,362,561.

The underlying facts are about as sordid as they can be for a corporate enforcement action. JCI obtained the Chinese unit, China Marine, through its purchase of York International (York) in 2005. In 2007, York paid $22 million to the DOJ and SEC to resolve FCPA offenses in China and other countries that occurred between 2001 and 2006.  York agreed to a three-year independent compliance monitor. JCI, for its part, terminated those involved in China Marine’s illegal conduct after it acquired York.

JCI installed its own Managing Director and limited China Marine’s use of third party sales agents. However, as stated in the Order, “From 2007 to 2013, the managing director of China Marine, with the aid of approximately eighteen China Marine employees in three China Marine offices, continued the bribery and theft that began under his predecessor by using vendors instead of agents to facilitate the improper payments. The improper payments were made to employees of government-owned shipyards as well as ship-owners and unknown persons”.

The bribery scheme was quite sophisticated. It involved, “a multi-stepped arrangement that required the complicity of nearly the entire China Marine office from the managing director, to the sales managers, the procurement managers and finally to the finance manager. The managing director aided or at times approved requests for the addition of certain vendors to the vendor master file without disclosing that certain sales managers had ownership or beneficial interest in the vendors. After the managing director’s approval, sales managers added bogus costs for parts and services to sales reports, which inflated the overall cost of the project, and generated purchase orders for the bogus parts and services. The procurement manager knowingly approved the purchase orders.” The scheme even included the vendors themselves who “created fake order confirmations for the unnecessary parts and services and submitted invoices for payments.” To complete the circle, the China Marine finance manager would authorize the fraudulent payments.

In what can only be called a complete, total and utter failure of JCI’s internal controls, company auditors could not understand the China Marine transactions. Further, and with even more evidence of the lack of effective internal controls, many of China Marine’s transactions were deemed non-material so they were at a level below that which would trigger a review of corporate oversight from JCI’s Denmark office, which oversaw the China Marine business unit. The Order noted that the average vendor payment in the bribery scheme “was approximately $3,400” but the total amount of bribes paid was $4.9MM. One might reasonably wonder if JCI understood there was no materiality threshold under the FCPA. One might also ask if there was conscious indifference by the JCI corporate office.

For the CCO or compliance practitioner there are several important lessons to be garnered from this enforcement action. First is the absolute requirement for effective internal controls to be put in place. If your company does not understand the transactions that any subsidiary engages in, you have put your company at serious risk. For if a company’s internal auditors cannot understand a series of transactions, they you certainly cannot explain them to an auditor. Further, under Sarbanes-Oxley (SOX) §404, a company must not only acknowledge its responsibility for establishing and maintaining a system of internal controls and procedures for financial reporting and an assessment, but also report on the effectiveness of the company’s internal controls.

Karen Cascini and Alan DelFavero, in an article entitled “An Assessment of the Impact of the Sarbanes-Oxley Act on the Investigation Violations of the Foreign Corrupt Practices Act”, said, “Section 404 “requires management to annually disclose its assessment of the firm’s internal control structure and procedures for financial reporting and include the corresponding opinions by the firm’s auditor”. More particularly, “while the FCPA required public companies to institute effective internal controls to stop the bribes and make executives accountable, SOX 404 goes further, but has similar goals.”

All of this might reasonably lead one to ask, who at the corporate headquarters certified the effectiveness of both the JCI and China Marine’s internal controls? Moreover, the Accounting Provisions of the FCPA also includes a section requiring accurate books and records. Clearly JCI was not too interested in verifying the accuracy of the books and records of its China Marine subsidiary.

More than this lack of compliance with both prongs of the FCPA Accounting Provisions, the lack of seeming awareness of enhanced risks is a confounding aspect of this case. China Marine was clearly identified as a high-risk business unit of both York and later JCI. Simply putting your self-appointed Managing Director in place is not enough. Any competent risk management system requires oversight, or as my wife would say ‘a second set of eyes’. This is why an effective compliance program requires ongoing monitoring. It is even truer when an entire business unit is high-risk.

Tomorrow I will continue my exploration of the JCI enforcement action by looking at the DOJ’s Declination, in conjunction with the Pilot Program.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Lessons LearnedToday I conclude my three-part series on the Nortek, Inc. (Nortek) and Akamai Technologies, Inc. (Akamai) Foreign Corrupt Practices Act (FCPA) enforcement actions. These enforcement actions resulted in excellent results for both companies in that they each received Non Prosecution Agreements (NPAs) from the Securities and Exchange Commission (SEC) and declinations to prosecute from the Department of Justice (DOJ). The more I have read and reread the resolution documents from both enforcement actions, the more I have come to believe they are hugely significant and need to be studied by each and every Chief Compliance Officer (CCO) and compliance practitioner whose company is subject to the FCPA. The reason is we may have well reached a turning point in FCPA enforcement and how companies evaluate potential FCPA claims and disclosure.

The reason I think we may have reached this stage is that previously, in the fact pattern presented by either Nortek or Akamai, a company may have well made the decision to investigate thoroughly, remediate effectively and then not self-disclose to the government. However these two enforcement actions, coupled with the Pilot Program, may well change this calculus. This begins with the length of time from initial discovery to self-disclosure to the final resolution announced last week.

These enforcement actions were resolved quickly and efficiently. Further, Nortek’s self-disclosure was based on the company’s 2014 audit that had identified potential issues in a routine audit of the China subsidiary. These concerns were elevated for a full FCPA forensic audit and that investigation provided the information for the self-disclosure. Akamai began its investigation after a whistleblower report in December 2014. Both cases then show a less than two-year period from initial discovery to conclusion. This speaks to the robust nature of their detect prongs; either through Nortek’s internal audit or Akamai’s whistleblower program and response.

As noted by the FCPA Blog, in a post entitled “Akamai, Nortek settle China bribe cases with SEC non-prosecution agreements”, Nortek self-disclosed this matter in January 2015 and Akamai self-disclosed to the government in February 2015 and both had resolutions in June, 2016. This is a very short reported time frame for resolution of a FCPA matter and hopefully it will be a harbinger of things to come in terms of the reduced time frame from self-disclosure to resolution. Further, the reported investigations costs were far below those usually seen in FCPA investigations and enforcement actions as Nortek reported approximately $3.1MM in “FCPA related costs”; which is significantly lower than most reported costs in such a matter.

With the stated credit available in the Pilot Program and now the language from the DOJ in its declination and from the SEC in the two NPAs, I think companies may now see the benefits of coming forward and self-disclosing. Any company that makes the decision to not self-disclose most probably investigated and remediated so those costs will be incurring under such a scenario. However, if companies see the benefit of such self-disclosure, both in terms of not only a positive result but also a quick and efficient process, I think the calculus will change. I would also note, the straight line from the Yates Memo to the hiring of the new DOJ Compliance Counsel, Hui Chen, to the Pilot Program may well need to be extended to these two enforcement actions to demonstrate the change in the DOJ enforcement strategy.

However, there is more to be learnt from these enforcement actions than simply the fact that it may now be better to self-disclose than to choose not to do so, after complete investigation and full remediation. There were nuts and bolts nuggets about what to look for in your internal investigations. Indeed there were a couple of compelling references made not often seen in FCPA investigations reports. First in the Akamai internal investigation, its NPA reported that as a part of the company investigation it provided to the government “analyses of customer usage versus purchased capacities”. This is the type of data analysis we rarely see discussed in FCPA compliance programs yet I believe can greatly assist a CCO in looking at a large amount of information to see what risks strategically need to be investigated. Yet typically how many compliance practitioners either make this type of analysis or even have the capability to do so? This is why data analytics can be of use to the CCO going forward and, indeed, may be one of the prime ways to help the compliance function in the detect prong. Moreover, if such an analysis is used proactively, as a monitoring tool on an ongoing basis, it could move the needle from detect to prevent. This is well worth considering as you think about your compliance budget and resources going forward.

The second investigative prong reference I found interesting was in Nortek’s investigation protocol that stated the company conducted “a risk assessment to determine whether the improper conduct at Linear China occurred at Nortek’s other manufacturing locations in China.” Note that the government did not say Nortek performed a full FCPA forensic audit at the company’s other manufacturing locations in China but only a risk assessment. If there was ever language which validates the concept that a company does not have to “boil the ocean” in the context of an internal FCPA investigation, I think this statement may be it. If you move forward with a thoughtful approach, that is a well-thought out process, in a step-by-step approach, you do not need to look everywhere for everything under every rock.

Next, a word about translations. I would have thought it was almost self-evident that in any FCPA investigation it would be mandatory to translate into English foreign language documents. However in both NPAs the SEC specifically stated that the respondents “voluntarily translating documents from Chinese into English”. I guess there are still companies out there that have not gotten the message that documents have to be translated into English. So call Mr. Translations, Jay Rosen, and he will explain to you how to accomplish this requirement.

You should use both of these NPAs as guideposts to benchmark your company’s compliance program as the DOJ and SEC favorably commented on the remediation steps that both entities engaged in. In other words there were lessons on the actual doing of compliance that are significant for the compliance professional.

From the Nortek NPA, it articulated the following steps the company took:

  1. Revising its internal audit testing and protocols to focus on quickly discovering any FCPA-related improprieties;
  2. Strengthening the company’s its anti-corruption policies;
  3. Developing a Compliance Committee consisting of representatives from management and subsidiaries to supervise compliance implementation of Nortek’s policies and training;
  4. Providing extensive mandatory in-person and on-line trainings on the FCPA and anti-corruption policies to its employees around the globe in appropriate languages (there’s that translations issues again); and
  5. Adjusting its internal audit schedules to prioritize facilities located in geographic areas known for higher incidences of corruption.

From the Akamai NPA, it articulated the following steps the company took:

  1. Implementing a comprehensive due diligence processes for channel partners, which included engaging an outside consultant to conduct channel partner risk assessments;
  2. Strengthening the company’s anticorruption policies;
  3. Implementing enhanced compliance monitoring functions and structures, such as naming a Chief Compliance Officer and staffing a global team of dedicated compliance professionals in Europe, the U.S., and Asia;
  4. Providing extensive mandatory in-person and on-line trainings on FCPA and anti-corruption policies to its employees around the globe in appropriate languages; and
  5. Enhancing the company’s travel and expense control requirements in China, including requiring more detailed expense descriptions and supporting documentation and appointing an independent function with Chinese language capability to review and approve expense claims.

I hope that you will study these NPAs and declinations closely to see what lessons you may find for your compliance program. I also hope they will be a harbinger for both DOJ and SEC enforcements to come, where companies not only receive credit for turning over information on individuals for the government to prosecute but for taking steps to engage in the doing of compliance and not simply having a paper compliance program in place. No matter what the reason for the timing of these settlement resolutions, they are a welcomed addition for the FCPA compliance practitioner.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016