In this episode I visit with Nate Lankford, member at Miller & Chevalier on the firm’s FCPA Spring Review 2018. The quarterly Miller review is also an excellent resource for any FCPA or compliance practitioner, chocked full of statistics on enforcement actions, legal and compliance analysis, reports on international FCPA developments and commentary. It has always been a ‘Must Read’ review for any compliance professional. The FCPA Spring Review 2018 continues this trend.

In this episode, we consider some of the following issues:

  • What if anything, can be gleaned from the now one plus year of enforcement under the Trump Administration and Sessions-led Justice Department.
  • Has there been an untick in declinations?
  • Any uptick in individual prosecutions?
  • What are some of the key points from the following enforcement actions: Elbit, Transportation Logistics and Kinross?
  • Some of the top international developments including: Canada Updates Anti-Corruption Law and Enforcement Tools; French Anti-Corruption Agency Issues First Official Guidelines and France Enters into Two More Bribery-Related Negotiation Resolutions; Airbus Payment in Germany
  • The Digital Realty Trust v. Somers decision at the US Supreme Court and its implications for companies and compliance practitioners.
  • What has been the response to the new FCPA Corporate Enforcement Policy requirement for companies to prohibit software that generates but does not retain business records or communications.

A copy of the Miller & Chevalier FCPA Spring Review 2018 can be found here.

It is with no small amount of pride that I am able to announce the publication and availability of my 16thbook, The Complete Compliance Handbook, on Monday, May 21, 2018. Written in the space of a little over one-year, this book incorporates the most recent pronouncements and guidance from the Department of Justice  (DOJ), including 2017’s Evaluation of Corporate Compliance Programs (Evaluation) and FCPA Corporate Enforcement Policy, to provide the most up-to-date advice on what constitutes a best practices compliance program. This single volume compendium brings together the top ideas, topics and techniques you can incorporate your compliance program, literally in 365-days to more fully operationalize your compliance regime. If you want one volume to guide you in operationalizing compliance, this is it.

For several years, I have wanted to write a definitive, single volume on what constitutes a best practices compliance program. I decided in 2017 to bite the bullet and dedicate the year to writing it. It turned into a journey of discovery as I was able to interview many of the country’s leading compliance practitioners and others to incorporate the most current thinking into the book. I learned many new things, most particularly about the evolution of the top thinking on what constitutes abest practicescompliance program some five years after the DOJ and Securities and Exchange Commission’s (SEC’s) seminal publication, A Resource Guide to the U.S. Foreign Corrupt Practices Act, which was released in 2012.

Building up the 2012 FCPA Guide’s Ten Hallmarks of an Effective Compliance Program, I wanted to consider the advancements from the legal, regulatory, technological and innovation perspective for the compliance practitioner. The book is designed to provide you with a step-by-step guide to the design, creation, implementation of or enhancement to a compliance program. It begins with 31-days to a more effective compliance program. Each entry presents one thing you can accomplish, at little to no cost, to improve any level of compliance program. There are three key-takeaways for each entry. The final chapter goes through the same process for you to operationalize your compliance program. In between these bookends, The Complete Compliance Handbookfeatures chapters on:

  • Operationalizing Compliance Through Human Resources – Why and how Human Resources (HR) should be a key corporate discipline in operationalizing a best practices compliance program. What are the places in the full employment lifecycle of every employee that HR can bring a compliance component to more fully operationalize your compliance regime?
  • The Role of the Board of Directors and Compliance – In every recent corporate scandal, the question is always, Where was the Board?That role has become increasingly important.
  • 360-Degrees of Communication in Compliance – Compliance communication has evolved. Current best practices are not upward, downward, inbound or outbound but a communication strategy to fully encapsulate all compliance actions and touchpoints with the full spectrum of the compliance customer base. How can you use social media to create a more robust compliance dialogue in your organization?
  • Better Third-Party Risk Management – Still the highest risk in any anti-corruption compliance program. I lay out the specific program under which you can manage the full spectrum of the life cycle of third-party risk management.
  • Reporting and Investigations – How well used is your hotline? Do you receive reliable tips and information from your employee base? How do you triage hotline reports and what is your investigation protocol? Find out the best practices to these and other issues.
  • Internal Controls – How robust are your compliance internal controls? Have you performed a gap analysis to ascertain what you might have in place? Robust compliance internal controls can make your company run more efficiently.
  • Innovation in Compliance – Compliance has become one of the most truly innovative corporate disciplines. What are you doing to keep your compliance program abreast of the most recent innovations in compliance? What innovations from areas outside the compliance profession will have the most impact on compliance programs going forward? How will Artificial Intelligence (AI) make compliance more robust?
  • Written Standards – These form the very backbone of every compliance program. They include your Code of Conduct, policies and procedures. How did you design and tailor these documents to your company’s risks and your corporate culture? When was the last time your written standards were updated? Find out the best practices for all areas of written standards.
  • More Effective Compliance for Business Ventures – The range of business partners and partnerships is only limited by the imagination of the business folks involved. How do you manage the compliance risks in ventures as diverse as joint ventures (JVs), franchises, teaming agreements, 4thtier subcontractors and partnerships? This chapter also considers best practices for mergers and acquisitions (M&A).
  • Continuous Improvement – What are the current best practices for ongoing monitoring and continuous improvement of your compliance program? Most compliance practitioners are aware of auditing and monitoring but how do the new technological tools allow you to literally see “patterns in the raked leaves” of your company’s data. Why is continuous improvement no longer simply a nice-to-have but a mandatory component of any best practices compliance program?

When you couple all of the latest techniques, innovation and advancements in compliance over the past five years, together with the most recent DOJ pronouncements in the form of the Evaluation and FCPA Corporate Enforcement Policy; you can see why I wanted to write this book and why it will be helpful to the compliance practitioner and compliance profession. There is literally no other book out today with the most recent information on what constitutes a best practices compliance program.

I hope you will check it out. If you do, I know you will not be disappointed.

To purchase a copy of The Complete Compliance Handbook on Amazon.com, click here.

To purchase an autographed copy of The Complete Compliance Handbook from the author, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

We continue our exploration of the Foreign Corrupt Practices Act (FCPA) enforcement action involving Panasonic Avionics Corporation (PAC) and its parent Panasonic Corporation (Panasonic). Today, I want to conclude with some of the key lessons learned for the compliance professional.

As previously discussed the penalty assessed was approximately $280 million broken down into a $137 million payment by the company’s US unit, PAC, in criminal penalties to the Department of Justice (DOJ). The Japanese parent, Panasonic, agreed to pay disgorgement of $126,900,000 and prejudgment interest of $16,299,018.93, for a total payment of $143,199,018.93 to the Securities and Exchange Commission (SEC). The DOJ resolution documents included a Deferred Prosecution Agreement(DPA) and a Criminal Information(the Information). The SEC issued a Cease and Desist Order(the SEC Order). Both the DOJand SECalso issued Press Releases.

Due Diligence

Due diligence took it on the chin in this enforcement action, with the facts demonstrating why it is not the quality of the due diligence or some type of certification that is the key step in the third-party risk management process. While due diligence is an important step and one a company must utilize; it is the management of the relationship after the contract is signed which is the key step. As Jay Martin, Chief Compliance Officer (CCO) at BakerHughes, a GE company, continually reminds us all, it is execution of your compliance program which separates the best practices from paper programs. The same is true around due diligence.

Here the due diligence fell apart because PAC required TRACE International Certification of its third-parties. These third-parties and the PAC employees using them, knew they could not pass due diligence muster. As stated in the Information, “Certain PAC employees, however, sought secretly to rehire these agents in contravention of Company policy by rehiring them as “sub-agents” of PAC Sales Agent 2, a sales agent that had obtained TRACE certification.” Of course, there was no additional certification performed on the entity that held the certification.

Alexandra Wrage, TRACE International’s president, said, in a Wall Street Journal (WSJ) Risk & Corruption Journal article, due diligence “is a process, not an event.” Put another way, it is a step but it is only one step in process of the lifecycle of risk management for third-parties. The fifth, final and most important step, the management of the relationship is on the company. The company must monitor all third-party agents for material changes in ownership, structure, sub-agent, commission rates and total commissions. Further, there should be internal controls in place that identify changes beyond simply relying on your third-parties to disclose said changes, always remember to ‘Trust but Verify’.

There is a five-step process in the lifecycle of third-party risk management. They are: (1) Business Justification; (2) Questionnaire; (3) Due Diligence; (4) Contract; and (5) Management of the Relationship. Each step builds on the one(s) before it and if there is a failure in one it puts more pressure on the other. But the step with the most pressure and most responsibility is managing the relationship after the contact is signed. If you cannot demonstrate you are managing the relationship after the contract is signed, you are admitting you have no idea if your third-party is following your contractual requirement and you certainly have no idea if they are violating the FCPA.

Failures of Internal Controls

Obviously there was a complete, total and utter failure of internal controls at PAC. Even with the subterfuge in the Asia-Pac business unit to bury corrupt agents under the umbrella of previously approved agents to avoid due diligence, there was apparently no control in place which detected the increase in commission payments to previously approved third-parties. There was an increase in commission rates to approved third-parties who took on the corrupt third-parties unable to pass due diligence muster. Additionally, there was a significant increase in the raw dollar amounts paid to approved third-parties, one such approved third-party, between 2008 and 2010, received $3,780,198.65 to pay to one corrupt third-party. At another point, the same approved third-party represented some 47 customers, through 13 corrupt third-party sub-agents who received over $7 million in illicit fees as commissions and to pay bribes.

Like I said  a complete, total and utter failure of internal controls at PAC.

But there was more than just the complete, total and utter failure of internal controls, there was management over-ride of existing controls. This was seen in the bribe payments made out of a discretionary fund designated as “Office of the President Budget” which was controlled by un-named PAC Executive 1. This money was solely and completely at PAC Executive 1’s discretion and it was “neither reviewed nor approved by any Panasonic personnel.” This budget exceeded several hundred thousand dollars annually and was “booked on PAC’s general ledger in various categories, including travel, payroll, and consultant payments”. For over seven years, PAC Executive 1 “used the Office of the President Budget to make payments to multiple individuals, including consultants that performed limited or no work for PAC with little to no supervision by anyone at PAC.”

As early as two years into the use of the President’s Fund, PAC’s internal audit department flagged that services providers where (1) hired without following procurement department processes; (2) contracted with no oversight; and (3) paid without delivering anything tangible to PAC. Yet even with this explicit finding of the violation of PAC’s internal controls the “Office of the President Budget” continued along its merry path of bribery and corruption.

The 20% Discount

While it is not clear how the government became aware of PAC’s conduct or why it sent a subpoena, it is clear that neither PAC nor Panasonic self-disclosed their illegal conduct. This is in the face of actual knowledge by PAC’s internal audit function as early as 2009. Further, there was C-Suite involvement in the bribery scheme, only identified as PAC Executives 1-4 in the settlement documents. Some of these senior executives were even seconded to PAC from the parent entity Panasonic. This would seem to invoke the egregious conduct standard laid out in the FCPA Corporate Enforcement Policy. Panasonic earned over $126,000,000 from the bribery and corruption of its US subsidiary.

Yet even with all the above and bribery schemes that lasted 13 years the company received a 20% discount off the minimum range of the US Sentencing Guidelines. If there was ever a glowing endorsement for a company cooperating with the government and extensively remediating, this enforcement action is it. When you review this enforcement action with the recently delivered Dun & Bradstreet Inc. declination you see the full power and effect of the new FCPA Enforcement Policy. Companies are now fully incentivized to step forward and self-disclose. However, if you are like PAC and have corrupt senior executives not only approving and engaging in the bribery scheme and they do not want to admit their own criminal liability, you can still make a comeback if you cooperate and remediate. PAC saved itself over $34MM by meeting requirements two and three of the FCPA Corporate Enforcement Policy. At the end of the day, that may be the most significant lesson learned by compliance professionals and perhaps the most lasting lesson from this enforcement action for company’s who find themselves in FCPA hot water.

A special shout out to you Star Wars fans out there. Today is our day so May the 4th Be With You.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

We continue our exploration of the Foreign Corrupt Practices Act (FCPA) enforcement action involving Panasonic Avionics Corporation (PAC) and its parent Panasonic Corporation (Panasonic). Today, I want to explore what actions led to PAC receiving a 20% discount from the minimum range suggested under the US Sentencing Guidelines.

The penalty assessed was approximately $280 million broken down into a $137 million payment by the company’s US unit, PAC, in criminal penalties to the Department of Justice (DOJ). The Japanese parent, Panasonic, agreed to pay disgorgement of $126,900,000 and prejudgment interest of $16,299,018.93, for a total payment of $143,199,018.93 to the Securities and Exchange Commission (SEC). The DOJ resolution documents included a Deferred Prosecution Agreement(DPA) and a Criminal Information(the Information). The SEC issued a Cease and Desist Order(the SEC Order). Both the DOJand SECalso issued Press Releases.

As I have previously noted, this matter involved massive bribery and corruption schemes, for nearly 15 years, with the participation of top management at PAC. Two of these men left the company in 2017. They were Chief Executive Officer (CEO) Paul Margis and Vice President of Finance/Chief Financial Officer (CFO) Paul Bottiaux. The corruption schemes encompassed airlines across the globe and even domestically in the US. In addition to the bribery and corruption, the conduct was also anti-competitive in nature. It certainly appears that such illegal conduct was a part of the overall business strategy and business plan of the US subsidiary. It almost begs the question of why there were no individual prosecutions. From the parent company perspective, while there were no individuals identified, one can only wonder how closely, if at all, they were watching their money-making US subsidiary from the compliance perspective.

However, at some point, the company found religion and decided that violating the law as a business strategy was not the way to move forward. Obviously, PAC was aware of potential FCPA violations as far back as 2009 when PAC’s internal audit department flagged that services providers where (1) hired without following procurement department processes; (2) contracted with no oversight; and (3) paid without delivering anything tangible to PAC. The initial internal audit report stated, “consultant payments should be carefully reviewed in light of FCPA regulation [sic] due to lack of clarity in deliverables” [bold in Information] and was circulated to PAC senior management but this highlighted language was removed from the final audit report.

The DPA also noted that PAC was made aware of the allegations by a “whistleblower complaint and civil lawsuit, which the Company took steps to investigate internally.” However, as the DPA dryly noted, PAC “chose not to voluntarily report to the relevant authorities”. The DPA went on to state, “The Company did not receive voluntary disclosure credit because the Company’s disclosures occurred only after the Securities and Exchange Commission requested documents from Panasonic related to possible violations of anti-corruption laws.”

Once when it did gain that old time (FCPA) religion, PAC conducted a “thorough internal investigation; making factual presentations to the Fraud Section; providing facts learned during witness interviews conducted by the Company; voluntarily making U.S. and foreign employees available for interviews in the United States with the Fraud Section and the SEC; in one instance, proactively alerting the Fraud Section to material information relevant to the investigation; collecting, analyzing, and organizing voluminous evidence from multiple jurisdictions; and disclosing to the Fraud Section conduct in the Middle East of which the Fraud Section was previously unaware.”

PAC also engaged in significant remediation. The above-mentioned CEO and CFO left the company. Additionally, caused “several senior executives who were either involved in or aware of the misconduct to be separated” even if it was in a manner which the DOJ characterized as “in some respects untimely”. The company enhanced and “committed to continuing to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth” in the best practices compliance program found in Attachment C to the DPA. Although not part of the penalty calculation set out in the DPA, the SEC Order provided additional information on PAC’s conduct, noting the entity afforded cooperation to the SEC “in the later stages of the staff’s investigation.”, the company “replaced the senior PAC executives involved in the violations”. It also “established an Office of Compliance and Ethics led by a new Chief Compliance Officer, implemented new compliance and accounting procedures, and enhanced internal accounting controls.”

In the DPA listing of the Culpability Score under the USSG, it stated, “The organization fully cooperated in the investigation and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct.” For the conduct, PAC’s overall liability was reduced by a factor of ‘minus 2’. The highest score on this factor can be a ‘minus 5’. However under the 2017 FCPA Corporate Enforcement Policy it states, in the section entitled Limited Credit for Full Cooperation and Timely and Appropriate Remediation in FCPA Matters Without Voluntary Self-Disclosure,the following, “If a company did not voluntarily disclose its misconduct to the Department of Justice (the Department) in accordance with the standards set forth above, but later fully cooperated and timely and appropriately remediatedin accordance with the standards set forth above, the company will receive, or the Department will recommend to a sentencing court, up to a 25% reduction off of the low end of the U.S.S.G. fine range.” [emphasis mine]

One can only conclude that the religion PAC found after the SEC delivered it a subpoena met this threshold.

Tomorrow I will wrap up my consideration of the Panasonic FCPA enforcement action with lessons learned from it, contrasting it with the actions of Dun & Bradstreet Inc. (D&B) who received a full declination.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

We continue our exploration of the Foreign Corrupt Practices Act (FCPA) enforcement action involving Panasonic Avionics Corporation (PAC) and its parent Panasonic Corporation (Panasonic). Today, I want to review the bribery schemes involved.

The penalty assessed was approximately $280 million broken down into a $137 million payment by the company’s US unit, PAC, in criminal penalties to the Department of Justice (DOJ). The Japanese parent, Panasonic, agreed to pay disgorgement of $126,900,000 and prejudgment interest of $16,299,018.93, for a total payment of $143,199,018.93 to the Securities and Exchange Commission (SEC). The DOJ resolution documents included a Deferred Prosecution Agreement(DPA) and a Criminal Information(the Information). The SEC issued a Cease and Desist Order(the SEC Order). Both the DOJand SECalso issued Press Releases.

PAC is a US subsidiary of Panasonic, the Japanese electronics giant. PAC manufactures and markets in-flight entertainment and communication systems for airlines. In many parts of the world, airlines are state owned enterprises and PAC found itself in FCPA hot water for issues around bribery and corruption with some of these foreign state-owned enterprises. Interestingly, PAC’s corruption also extended to the US domestic market and while some of its fraudulent conduct occurring in the US domestic market was detailed in the resolution documents, it is not clear how it may have worked its way into the FCPA enforcement action, other than contributing to the accounting provisions violations.

The Bribery Schemes

The first thing that jumps out are the breadth and scope of the bribery schemes. Not only did they last for almost 15 years, with the participation of top management at PAC (PAC Executives 1-4), but they also encompassed airlines across the globe and even domestically in the US. It certainly appears that bribery and corruption was a part of the business strategy and business plan of the US subsidiary. While there were no individuals identified from the Japanese parent, one can only wonder how closely, if at all, they were watching their money-making US subsidiary from the compliance perspective.

Bribing Government Officials with Consultancy Offers

There were several bribery and corruption schemes identified in the Information. One scheme was to bribe a foreign official while he was employed by a foreign government with the promise of a consulting gig after he left his employment. Using this tactic, PAC negotiated a consulting position with a foreign official at the same time this person was involved in negotiating a lucrative contract amendment on behalf of Middle East Airline with PAC. After he left the employ of the government the foreign official ultimately did little work for PAC, over a six-year period PAC made $875,000 in payments to foreign official that were accounted for in Panasonic’s accounting books and records as legitimate consulting expenses.

The Presidential Fund

A second scheme was truly Presidential in inspiration. This is so because bribe payments were made out of discretionary fund designated as “Office of the President Budget” which was controlled by un-named PAC Executive 1 (maybe the President?). This money was solely and totally at PAC Executive 1’s discretion and it was “neither reviewed nor approved by any Panasonic personnel.” This budget exceeded several hundred thousand dollars annually and was “booked on PAC’s general ledger in various categories, including travel, payroll, and consultant payments”. For over seven years, PAC Executive 1 “used the Office of the President Budget to make payments to multiple individuals, including consultants that performed limited or no work for PAC with little to no supervision by anyone at PAC.”

As early as two years into the use of the President’s Fund, PAC’s internal audit department flagged that services providers where (1) hired without following procurement department processes; (2) contracted with no oversight; and (3) paid without delivering anything tangible to PAC. The initial internal audit report stated, “consultant payments should be carefully reviewed in light of FCPA regulation [sic] due to lack of clarity in deliverables” [bold in original] and was circulated to PAC senior management but amazing (or perhaps not) this highlighted language was removed from the final audit report. In legal parlance, this is called actual knowledge.

 Third-Parties

PAC also used the tried and true method to pay bribes to corrupt third-parties. This strategy was a favorite in the Asia-Pacific region. PAC did little to no due diligence on these third-party agents;  hired agents recommended by those counter-parties they were negotiating with, hired agents with no experience in the aviation industry and made offshore payments to agents in locations other than where they purportedly delivered services and lived. PAC also actively worked to hide the identities of its third-parties in some countries by moving them to sub-agents of previously approved agents. Of course, neither PAC nor Panasonic had effective internal controls to detect this subterfuge or detect when payments to previously approved agents increased.

Domestic Corruption

Given the corruption business plan PAC senior executives utilized, it is perhaps not too surprising their unethical conduct would also be employed in the US domestic market. Here PAC bribed a domestic consultant who was employed with an airline with which PAC was negotiating to provide “non-public, inside, or otherwise sensitive information to PAC Executive 1 and others at PAC, including forwarding internal communications among Domestic Airline’s employees about PAC, information about Domestic Airline’s negotiations with a PAC competitor, and pricing information of a PAC competitor”. This domestic consultant was paid some $825,000 for this inside information and while his bribery may not have violated the foreign aspect of the FCPA, the characterization of his payments as “consulting services” by PAC and as “selling and general administrative expenses” by Panasonic violated the books and records provisions of the FCPA, as noted below.

False Books and Records

PAC worked to actively hide its corrupt payments in its books and records. The $875,000 in payments made to the former foreign official who was hired as a consultant was named as “consulting payments” on PAC’s books and records but magically became “selling and general administrative expenses” on Panasonic’s books and records. One approved sales agent was paid over $7 million which “for the benefit of at least thirteen different sub-agents were improperly booked by PAC as commission payments to PAC Sales Agent 2, when in fact they were payments to other sales agents who were otherwise ineligible to work with PAC”.

Tomorrow I will consider Panasonic’s and PAC’s conduct during the investigation and their remediation which led to a 20% discount in the overall DOJ criminal penalty.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018