Old Way New WayToday, I end my exploration of recent Foreign Corrupt Practices Act (FCPA) enforcement actions (and one UK Bribery Act enforcement issue), which have occurred since the enactment of the Department of Justice (DOJ) Pilot Program in April. These three enforcement actions, which resulted in the companies receiving a Declination to Prosecute from the DOJ. Proving once again that I am never gonna give you up, never gonna let you down; I want to look a these Declinations to see what information they can provide to the compliance practitioner to assist them in guiding their own response should their company find itself embroiled in a FCPA investigation and attendant enforcement action.

The enforcement actions involved Nortek Corporation (Nortek), Akamai Technologies, Inc. (Akamai), and Johnson Controls, Inc. (JCI). Nortek and Akamai received Non-prosecution Agreements (NPAs) from the Securities and Exchange Commission (SEC) and Declinations to Prosecute (Declinations) from the DOJ. JCI received a civil Cease and Desist Order from the SEC and Declination from the DOJ. One other matter was resolved with the DOJ via a NPA, that being Analogic Corporation. I will discuss this matter separately below. 

The Declination Letters

The letters issued by the DOJ did not provide a plethora of detail. The Akamai and Nortek Declination letters were identical with the exception of the different corporate names. In relevant part they stated, “we have reached this conclusion … based on a number of factors, including but not limited to the fact that Nortek’s internal audit function identified the misconduct, Nortek’s prompt voluntary self-disclosure, the thorough investigation undertaken by the Company, its fulsome cooperation in this matter (including by identifying all individuals involved in or responsible for the misconduct and by providing all facts relating to that misconduct to the Department) and its agreement to continue to cooperate in any ongoing investigations of individuals, the steps that the Company has taken to enhance its compliance program and its internal accounting controls, the Company’s full remediation”. It went on to add that the company had agreed to profit disgorgement.

The JCI letter, stated, “We have reached this decision based on a number of factors, including but not limited to: the voluntary self-disclosure of the matter by JCI; the thorough investigation undertaken by the Company; the Company’s full cooperation in this matter (including its provision of all known relevant facts about the individuals involved in or responsible for the misconduct) and its agreement to continue to cooperate in any ongoing investigations of individuals; the steps that the Company has taken and continues to take to enhance its compliance program and its internal accounting controls; the Company’s full remediation”. As with the Nortek and Akamai the JCI letter also noted the company had agreed to disgorge its profits.

About the only difference I can ascertain in the letters is that Nortek and Akamai provide “fulsome” cooperation, and JCI provided “full” cooperation. Yet, the overall point of these Declinations seems to be the cooperation was very substantial.

Contrast the triple declination language with the NPA, which Analogic received, specifically noted the company’s lack of full cooperation. It stated, “the Company did not receive full cooperation credit because, in the view of the Offices, the Company’s cooperation subsequent to its self-disclosure did not include disclosure of all relevant facts that it learned during the course of its internal investigation; specifically, the Company did not disclose information that was known to the Company and Analogic about the identities of a number of the state-owned entity end-users of the Company’s products, and about certain statements given by employees in the course of the internal investigation;”

Box Score Summary of Declinations 

Pilot Program

Factor

Self-Disclosure Cooperation During Investigation Remediation Profit Disgorgement
Akamai Yes – before completing internal investigation 1. Sharing investigation;

2. Identify and present relevant documents;

3. Timely updates;

4. Updates on remedial measures;

5. Translating documents; and

6. Making witnesses available

1. Termination of culpable employees;

2. Revision of internal audit testing and protocol;

3. Strengthening of policies;

4. Creation of Compliance Committee;

5. Institution of mandatory compliance training; and

6. Modify auditing schedule to risk based approach

Yes
Nortek Yes 1. Sharing investigation

2. Timely updates

3. Segregation and organization of documents

4. Translation of documents

5. Making witnesses available

6. Conducting Risk Assessment

1. Due diligence program for 3rd parties;

2. Strengthen compliance policies;

3. Enhance compliance function, name CCO;

4. Institution of mandatory compliance training; and

5. Enhance travel and expense controls in China

 

Yes
JCI Yes – one month after it received a second anonymous complaint 1. Real time updates, interview summaries and all requested documents;

2. Yates binders including hot docs, interview summaries, chronologies and emails;

3. Preservation of evidence.

1. Termination of culpable employees;

2. Suspension of culpable 3rd parties;

3. Incorporation of culpable China office into existing corp structure;

4. Enhanced integrity testing and auditing, including random audits; and

5 Random testing of transactions

Yes

 

 

All parties admitted to facts, which could have formed the basis of a criminal FCPA enforcement action brought by the DOJ, yet they all received Declinations. While it would certainly have been more helpful to have a full release of information by the DOJ, to assist the compliance practitioner in understanding the totality of the facts considered, these three Declinations may well mark a new starting point in criminal FCPA enforcement going forward. Since at least 2014, with the Parker Drilling and Hewlett-Packard FCPA enforcement actions, the DOJ has provided significant credit to companies who thoroughly cooperated and provided extensive remediation during the pendency of their enforcement actions. With the Pilot Program implementation, these shifts are now official DOJ policy.

One other point unrelated to the Pilot Program discussion is the length of time that the Akamai and Nortek matters were concluded. It was less than 18 months for both. This short time frame for a resolution is certainly a welcome development and shows that if a company comes forward quickly, is efficient in its investigation and proactive in its remediation, it can benefit with lower overall investigation and remediation costs as well.

All of the above are most welcome for any compliance practitioner. The DOJ Pilot Program has come out of the box with some solid wins for the companies involved, the DOJ and the greater compliance community. If this pattern continues, it will allow the DOJ to focus its resources in driving home the message that it is doing compliance that will not only work to keep a company out of trouble but will also get a company out of trouble.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

7K0A0075I continue my review of the Johnson Controls, Inc. (JCI) Foreign Corrupt Practices Act (FCPA) enforcement action today by focusing on the Department of Justice’s (DOJ’s) Declination to Prosecute. Yesterday, I considered the underlying facts reported to review what lessons could be applied by a compliance practitioner to a corporate anti-corruption compliance program. Today, I want to consider the information available on the actions by JCI, beginning with the self-disclosure, which led to the DOJ to grant a Declination.

The commentary on the DOJ Declination has ranged from the FCPA Professor, who argued there was no viable cause of action against JCI for the illegal conduct of its subsidiary, China Marine, and hence the Declination was without substance; to Mike Volkov who called the declination a ‘head scratcher’ and noted “there appears to be plenty of justification to stretch here in this case when you basically have a recidivist continuing to violate the law”, in arguing there were potential criminal charges to pursue. I want to consider the matter from the angle of the new DOJ Pilot Program and see what, if anything, might be gleaned from that perspective.

One of the difficulties in evaluating any Declination is the paucity of facts available to the compliance practitioner to evaluate. In the JCI case we have the Securities and Exchange Commission (SEC) resolution via a Cease and Desist Order (Order) that lays out the facts relevant to that enforcement action. However, this Order is the product of negotiations between the SEC and JCI. This means the company can seek to keep out facts, which would point to criminal liability, reputational damage, embarrassing senior executives or a plethora of other issues the company does not want in the public domain. There is no way to know if the facts laid out in the Order are all the facts in the case that were known to the DOJ or even disclosed to the DOJ so to base an argument on this underlying premise puts you on wobbly ground. The foregoing is one of the reasons I have argued for my information to be made public around Declinations so that compliance practitioners might understand the full underlying facts.

Yet, even if one took the facts presented in the Order as only facts of this matter, there is information that could lead one to reasonably conclude that criminal charges could be considered under the FCPA. The Accounting Provisions, both Books and Records and Internal Controls, are generally thought to be civil side requirements only. However the statute does make violations of the Accounting Provisions under the following:

(4) No criminal liability shall be imposed for failing to comply with the requirements of paragraph (2) of this subsection except as pro­vided in paragraph (5) of this subsection.

(5) No person shall knowingly circumvent or knowingly fail to imple­ment a system of internal accounting controls or knowingly falsify any book, record, or account described in paragraph (2).

Paragraph 2 refers to the Internal Controls requirements of the FCPA. This means someone must knowingly falsify such records or fail to implement a system of internal controls. The facts laid out in the Order would appear to provide at least an argument that this threshold was met. JCI’s internal controls were so poor that the company “did not understand some of the highly customized transactions at China Marine or the projects involving the sham vendors.” Additionally someone at the corporate office had to certify the financial statements were true and correct and who ever did could also have violated the FCPA. Volkov noted the DOJ could “stretch” to bring criminal charges but either through the argument of conscious avoidance or simply on the facts laid out in the Order, I find an argument for criminal liability plausible. Of course, these arguments do not convict JCI of criminal violation of the FCPA, only a trier of fact can do so, yet they make clear that there are credible arguments which could be pursued which makes a Declination an appropriate mechanism for the DOJ to use, in its discretion.

What led the DOJ to exercise its discretion in issuing the Declination? We can find some guidance from the four requirements under the Pilot Program. First, that there be self-disclosure, which was present in this matter. The Order stated that the company self-disclosed within one month after receiving a second anonymous whistleblower compliance. Second is cooperation during the investigation. The Order stated JCI provided “thorough, complete and timely cooperation” which consisted of the following:

  • JCI promptly and routinely provided the staff with the results of its investigation as it progressed, and provided all supporting documentation requested.
  • JCI provided factual chronologies, hot document binders, and interview summaries, as well as English translations of numerous documents and emails.
  • JCI made employees available for interviews.
  • JCI provided “real time” downloads of employee interviews and made other foreign employees available for interview.
  • When the company caught a Chinese employee shredding documents, it quickly secured the office to preserve evidence.
  • JCI’s cooperation assisted the staff’s investigation.
  • JCI’s timely self-report as well as the thorough productions allowed the staff to initiate and complete its investigation quickly.

The next requirement under the Pilot Program is for extensive remediation during the pendency of the investigation. Here the Order laid out some of the steps taken by JCI, including:

  • JCI terminated or separated sixteen employees implicated in or associated with the illegal scheme and placed all suspect vendors on a do-not-use/do-not-pay list.
  • JCI has closed down its China Marine offices and moved all remaining China Marine employees, none of whom perform a sales or procurement function, into existing offices.
  • JCI enhanced its integrity testing and internal audits to reevaluate vendor onboarding for all JCI business worldwide.
  • JCI implemented random site audits to ensure the delivery of goods on purchase orders.

The final requirement under the Pilot Program is that the company disgorges profits it received from its ill-gotten gain. The Order said, “From 2007 to 2013, JCI obtained a benefit of $11.8 million as a result of over $4.9 million in improper payments made to or through approximately eleven problematic vendors for the purpose of foreign and commercial bribery, and embezzlement.” This corresponds to the amount paid as disgorgement.

For any Chief Compliance Officer (CCO) or compliance practitioner reviewing the JCI enforcement action, it does not matter whether you believe JCI committed criminal acts or not. The reality is that the DOJ is once again laying out conduct it will consider to award the lowest sanction possible, a Declination. There have now been three given since the announcement of the Pilot Program in April. You should study each of these and if you find yourself in a FCPA investigation, use each Declination as a roadmap for your actions during the pendency of the investigation.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

QuestionsWe had an interesting week of anti-corruption enforcement actions last week, both in the US and the UK. We have now had four Foreign Corrupt Practices Act (FCPA) enforcement actions since the announcement of the Depart Of Justice (DOJ) Pilot Program in April. I thought this would be a good time to review some of the recent enforcement actions, to see what lessons they may impart to the compliance practitioner. So this week will be dedicated to blog post dealing with enforcement. I will begin with a troubling report issued by a committee of the US House of Representative over the Department of Justice’s handling of the money laundering enforcement action against the UK bank, HSBC back in 2012.

Of all the things that US Congress criticized former Attorney General (AG) Eric Holder over, one might think his protections of financial institutions might not have been one of them. Yet last week there was a scathing report issued, entitled “Too Big To Jail, by the GOP staff of the House of Representatives Financial Services Committee, which was discussed by Gretchen Morgenson in her New York Times (NYT) Fair Game column entitled “Kid Gloves For a Bank With Clout. The report deals with the DOJ investigation into the UK financial institution HSBC and subsequent resolution of allegations that the bank “laundered nearly $900 million for drug traffickers” and sanctioned countries.

While the report does not deal with the DOJ’s lack of prosecution of individuals from the 2008 financial crisis, it certainly provides insight into how Holder conducted such resolutions with large financial institutions and may well explain how it occurred that there were no individual prosecutions. The piece begins that even with a nearly $2bn fine, it was not “a body blow” to HSBC. Of course, there was the ubiquitous Deferred Prosecution Agreement (DPA) put in place, where the DOJ would “delay or forgo prosecution of a company if promises to change its behavior.”

While I am most generally supportive of the practice of using corporate DPAs to help enhance compliance programs, Morgenson’s article does bring up some troubling questions about how and why HSBC was able to get off with not only an agreement not to prosecute any individuals at the bank going forward, but even have individual incentives removed from the final DPA. The House report found that DOJ leadership, in the form of AG Holder, “overruled an internal recommendation to prosecute HSBC” because of concerns that prosecution of HSBC “could result in a global financial disaster.”

That final line is one we have (unfortunately) heard before. However, the NYT article also reports on how HSBC was able to “soften the deal”. The original agreement with HSBC had language which “provide no protection from prosecution for employees who ‘knowingly and willfully” processed financial transactions with countries under American sanctions”. University of Pennsylvania Law School Professor David A. Skeel, who was quoted in the piece, said, “This is one case where it looks like the government might have been able to prosecute misbehaving executives during the crisis period, yet waived its right to do so.” Not failed to do so, but waived its right to do so.

Even more inextricably, the DPA waived future penalties for bank executives who failed to comply with the DPA. Originally there were sanctions against bank executives who did not meet the compliance obligations set forth in the DPA. These sanctions were financial penalties in the form of loss of bonuses. However, in the final version this language was removed and the House report noted the DPA, “apparently leaves open the possibility for executives to get their bonuses, despite failing to meet compliance standards.”

Another troubling aspect unearthed by the House report was ‘how much influence officials at the Financial Services Authority – Britain’s top financial regulator at the time – had on the Justice Department’s process in the HSBC matter”. Morgenson quoted a Washburn University School of Law professor, Mary Kreiner Ramirez for the following, “It would seem that in making the decision with respect to HSBC, (AG) Holder gave more attention to the concerns expressed by the F.S.A than he did with respect to our own agencies.” Moreover, the FSA got the documents on apparently something close to a real-time basis as “at the time events were unfolding.”

There has been both legal and academic criticism of DPAs. However the article brings up another criticism of the settlement vehicles, which is less discussed, the internal process by which a settlement is reached. Edward J. Kane, a professor of finance at Boston College, noted, “The fact that so many of these cases are settled rather than going to court means we don’t get an airing of facts and challenges of fact.”

The Yates Memo would seem to be one response to pre-emptively address some of the concerns raised by the lack of individual prosecution. For if the DOJ now requires prosecutors to go after culpable individuals in white collar crime cases such as the HSBC money laundering prosecution or cases under the FCPA for that matter, any settlement via a DPA would not exempt out future prosecutions against culpable individuals. Further, it would also seem that the DOJ would strengthen up the compliance program components of any DPA to have appropriate financial disincentives for the lack of compliance program adherence. When you put on top of this the Yates Memo requirement that companies must dig up facts on culpable individuals and turn those facts over to the DOJ, it would seem that individuals would be more in the sights of DOJ for prosecution.

The other factor not fully explored by commentators is that DPAs, Non-prosecution agreements (NPAs) and other settlement mechanisms are the product of negotiations by the parties, i.e. the government and the company involved. In the context of FCPA resolutions with the Securities and Exchange Commission (SEC), no company is going to put facts supporting a criminal indictment or even claim of criminal conduct in a civil based Cease and Desist Order or other form of civil based resolution. To do so would open up the company to a very high degree of liability, which is not required if the DOJ declines to prosecute a company for criminal violations of the FCPA. That explains why there is never evidence of criminal liability in a resolution document if there is no criminal charge.

Yet the House report does point up some troubling questions about not only how the HSBC settlement was reached but also the lack of prosecutions against any financial institutions after the 2008 financial crisis.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Innovation 5I have been exploring innovation in the compliance function this week. For my final piece I want to consider the innovation process itself. In an article in the MIT Sloan Management Review, entitled “Finding a Lower-Risk Path to High-Impact Innovations”, authors Joseph V. Sinfield and Freddy Solis came up with a different method to view the innovation process. They posited something called the ‘Lily Pad’ approach, which they believe can be a lower risk stratagem to innovation. I found that this approach had some interesting applications for the compliance discipline.

The authors begin with the premise, which is found in the traditional risk-reward theory, when they noted, “Innovation initiatives and the funding programs that support them are generally viewed as “investments,” with an expectation that taking higher risks should be rewarded with higher returns. At the low-risk, low-return end of the spectrum, we tend to see investments that drive incremental innovation or development of innovations that are already proven. At the opposite extreme are corporate “skunk works” that seek to drive innovation in technology and business models to develop whole new product or service categories.” Compliance initiatives can fall anywhere along this spectrum for the reason that if they fail, it can create the conditions for a more systemic failure, which could bring the catastrophic consequences of a Foreign Corrupt Practices Act (FCPA) or other legal violation.

The authors believe that an incremental approach, which they designate as the ‘Lily Pad’ approach, “are developed and introduced opportunistically in application spaces that are ready for adoption. Progress in one lily pad garners resources/cash flow earlier in the development process and can create a pathway for subsequent lily pads in other application spaces.” This allows innovations to break out from their initial breakthrough at an organization, through the period where “decisions about which capabilities to develop and which application contexts to pursue” are made by the development team. All this leads to a progressive cascade of innovation moving forward, as visualized by the authors, as leaping from one lily pad to the next.

The authors list some characteristics of innovations, which they believe leaders should consider for investment. I have adapted them for the compliance function. Does the innovation “offer multiple pathways from first principles to impact” and how relevant is the innovation to multiple business lines or units? Will the innovation change the perspective of employees and even move towards reconfiguring the compliance ecosystem? Finally, is there potential for both growth and improvement in the innovation going forward?

After you have gone through and answered these questions, you should be ready to move forward with what the authors called ‘enabling actions’ and implement one or more of the innovations. By using their approach, the authors write that “Lily pad applications for an enabling innovation provide opportunities to match capability, purpose, and context in a manner that advances select performance dimensions of the innovation, aligns elements of ecosystems, and/or begins to shift” employee views across your organization. But more than simply the singular innovation, the lily pad approach allows your company to reduce the time and cost to jump to the next iteration of development.

Finally, the authors believe that you must “understand and proactively shape the ecosystem”, which for the Chief Compliance Officer (CCO) or compliance practitioner, means working with the business teams so that they understand how and why the innovation will help them achieve their corporate goals. Simply put employees can get stuck in the same rut of doing the same thing the same way. Yet it is a maxim that your compliance program must evolve to meet new risks and new demands. The authors’ lily pad approach allows for an incremental growth of change in ways that can demonstrate effectiveness and allow not only feedback but also acceptance from the employee base.

An example of such an approach could be around the use of data driven analysis from the compliance perspective of all dramatic growth in sales. Recall that there is no materiality level under the FCPA, so the business unit that experiences a dramatic growth in sales, even if non-material within the entire organization, could be the basis of a FCPA enforcement action. By focusing your innovation on one business unit that has experienced a dramatic growth, even if it is in a province of one country or a relatively small country in one larger geographic region, you can use this approach to demonstrate the usefulness of such data monitoring.

The lily pad approach would inform the presentation going forward as every business would want to know and understand how a dramatic growth occurred. Was it product driven? Was it personnel driven? Was a new sales campaign employed? Did a new or different product come to market? Of course, if the sales spike was due to nefarious activity such as bribery, corruption, financial fraud, accounting fraud or other egregious behavior then it can be reviewed and remediated as appropriate. For corporate management the initial results obtained by such a review could be the start of an entire innovation process around any portion of the sales cycle that might have been impacted by such stunning sales growth. It could certainly lead to better and more robust business forecasting going forward.

The authors end their article with four key questions, which I found to be an appropriate manner to end this series on innovation in compliance. First, do you understand the role of innovation in your compliance strategy? Second can you spot the innovations as this may well require you to think differently, particularly if you come from the legal department or have legal training, which certainly does not favor or foster innovation. Next, do you have the ability to adapt to innovations in your compliance function to the company as a whole? Put another way, can you demonstrate how an innovation in compliance will help the company do business more efficiently and in compliance with applicable laws. Of course it all begins with the willingness to engage in innovation and that starts with the top of your organization.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016