7K0A0075I continue my review of the Johnson Controls, Inc. (JCI) Foreign Corrupt Practices Act (FCPA) enforcement action today by focusing on the Department of Justice’s (DOJ’s) Declination to Prosecute. Yesterday, I considered the underlying facts reported to review what lessons could be applied by a compliance practitioner to a corporate anti-corruption compliance program. Today, I want to consider the information available on the actions by JCI, beginning with the self-disclosure, which led to the DOJ to grant a Declination.

The commentary on the DOJ Declination has ranged from the FCPA Professor, who argued there was no viable cause of action against JCI for the illegal conduct of its subsidiary, China Marine, and hence the Declination was without substance; to Mike Volkov who called the declination a ‘head scratcher’ and noted “there appears to be plenty of justification to stretch here in this case when you basically have a recidivist continuing to violate the law”, in arguing there were potential criminal charges to pursue. I want to consider the matter from the angle of the new DOJ Pilot Program and see what, if anything, might be gleaned from that perspective.

One of the difficulties in evaluating any Declination is the paucity of facts available to the compliance practitioner to evaluate. In the JCI case we have the Securities and Exchange Commission (SEC) resolution via a Cease and Desist Order (Order) that lays out the facts relevant to that enforcement action. However, this Order is the product of negotiations between the SEC and JCI. This means the company can seek to keep out facts, which would point to criminal liability, reputational damage, embarrassing senior executives or a plethora of other issues the company does not want in the public domain. There is no way to know if the facts laid out in the Order are all the facts in the case that were known to the DOJ or even disclosed to the DOJ so to base an argument on this underlying premise puts you on wobbly ground. The foregoing is one of the reasons I have argued for my information to be made public around Declinations so that compliance practitioners might understand the full underlying facts.

Yet, even if one took the facts presented in the Order as only facts of this matter, there is information that could lead one to reasonably conclude that criminal charges could be considered under the FCPA. The Accounting Provisions, both Books and Records and Internal Controls, are generally thought to be civil side requirements only. However the statute does make violations of the Accounting Provisions under the following:

(4) No criminal liability shall be imposed for failing to comply with the requirements of paragraph (2) of this subsection except as pro­vided in paragraph (5) of this subsection.

(5) No person shall knowingly circumvent or knowingly fail to imple­ment a system of internal accounting controls or knowingly falsify any book, record, or account described in paragraph (2).

Paragraph 2 refers to the Internal Controls requirements of the FCPA. This means someone must knowingly falsify such records or fail to implement a system of internal controls. The facts laid out in the Order would appear to provide at least an argument that this threshold was met. JCI’s internal controls were so poor that the company “did not understand some of the highly customized transactions at China Marine or the projects involving the sham vendors.” Additionally someone at the corporate office had to certify the financial statements were true and correct and who ever did could also have violated the FCPA. Volkov noted the DOJ could “stretch” to bring criminal charges but either through the argument of conscious avoidance or simply on the facts laid out in the Order, I find an argument for criminal liability plausible. Of course, these arguments do not convict JCI of criminal violation of the FCPA, only a trier of fact can do so, yet they make clear that there are credible arguments which could be pursued which makes a Declination an appropriate mechanism for the DOJ to use, in its discretion.

What led the DOJ to exercise its discretion in issuing the Declination? We can find some guidance from the four requirements under the Pilot Program. First, that there be self-disclosure, which was present in this matter. The Order stated that the company self-disclosed within one month after receiving a second anonymous whistleblower compliance. Second is cooperation during the investigation. The Order stated JCI provided “thorough, complete and timely cooperation” which consisted of the following:

  • JCI promptly and routinely provided the staff with the results of its investigation as it progressed, and provided all supporting documentation requested.
  • JCI provided factual chronologies, hot document binders, and interview summaries, as well as English translations of numerous documents and emails.
  • JCI made employees available for interviews.
  • JCI provided “real time” downloads of employee interviews and made other foreign employees available for interview.
  • When the company caught a Chinese employee shredding documents, it quickly secured the office to preserve evidence.
  • JCI’s cooperation assisted the staff’s investigation.
  • JCI’s timely self-report as well as the thorough productions allowed the staff to initiate and complete its investigation quickly.

The next requirement under the Pilot Program is for extensive remediation during the pendency of the investigation. Here the Order laid out some of the steps taken by JCI, including:

  • JCI terminated or separated sixteen employees implicated in or associated with the illegal scheme and placed all suspect vendors on a do-not-use/do-not-pay list.
  • JCI has closed down its China Marine offices and moved all remaining China Marine employees, none of whom perform a sales or procurement function, into existing offices.
  • JCI enhanced its integrity testing and internal audits to reevaluate vendor onboarding for all JCI business worldwide.
  • JCI implemented random site audits to ensure the delivery of goods on purchase orders.

The final requirement under the Pilot Program is that the company disgorges profits it received from its ill-gotten gain. The Order said, “From 2007 to 2013, JCI obtained a benefit of $11.8 million as a result of over $4.9 million in improper payments made to or through approximately eleven problematic vendors for the purpose of foreign and commercial bribery, and embezzlement.” This corresponds to the amount paid as disgorgement.

For any Chief Compliance Officer (CCO) or compliance practitioner reviewing the JCI enforcement action, it does not matter whether you believe JCI committed criminal acts or not. The reality is that the DOJ is once again laying out conduct it will consider to award the lowest sanction possible, a Declination. There have now been three given since the announcement of the Pilot Program in April. You should study each of these and if you find yourself in a FCPA investigation, use each Declination as a roadmap for your actions during the pendency of the investigation.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Mount OlympusThe recent Olympus Corporation and related entities (collectively ‘Olympus’) enforcement action demonstrated a company seemingly dedicated to lying, cheating and stealing its way across the globe in search of almighty dollar. As noted by Mike Volkov, “Olympus bears the unique moniker of completing a triple play of misconduct – violations of the domestic anti-kickback statute, the False Claims Act and the FCPA. At the root of its problem is a culture committed to bribery and kickbacks.”

Added to this ignominy was that the company’s Chief Compliance Officer (CCO), John Slowik, tried to stop these actions internally and was fired for his trouble. Thereafter he filed a whistleblower claim and a Qui Tam case. According to the Department of Justice (DOJ) Press Release on the resolution, he was awarded over $51MM for his bringing the illegal acts to light.

The company is the US’s largest distributor of endoscopes and related equipment and had engaged in a scheme to pay kickbacks to doctors and hospitals in the US. No doubt not wanting to be out of balance with its international sales, the company violated the Foreign Corrupt Practices (FCPA) in Latin America. Much has been and will continue to be written about the nefarious acts of the company; its long and wide spread bribery schemes all tied to together with an endemic culture of corruption as lessons to be learned by the anti-corruption compliance practitioner.

However, as this matter encompassed more than simply the FCPA and it was in the health care space, in addition to entering into a Deferred Prosecution Agreement (DPA), the company entered into a Corporate Integrity Agreement (CIA). This CIA has some very detailed instruction on the compliance program that the company must put in place going forward. I realize that much of the detail relates to the specific health care requirements of the Office of Inspector General (OIG) and the Department of Health and Human Services (HHS), nevertheless the CIA provides some interesting guideposts for you to consider in your FCPA compliance program. Over the next couple of blog posts I will detail out some of the more interesting requirements under the CIA. Today, I will start with an overview.

According the to the DOJ Press Release, “The CIA details the compliance program [for Olympus] must maintain, which must include:

  • compliance responsibilities for OCA management and the board of directors;
  • a health care compliance code of conduct that includes certain standards;
  • training and education that includes specified standards;
  • requirements for consulting arrangements, grants and charitable contributions, management of field assets and review of travel expenses;
  • risk assessment and mitigation process; and
  • review procedures for testing the compliance program.”

Under the CIA, Olympus “represents that it has implemented a compliance program that includes the following elements: a compliance officer, a compliance committee, training and education, policies and procedures, a hotline for reporting compliance issues, and monitoring and auditing activities. [Olympus] shall continue its compliance program throughout the term of this CIA and shall do so in accordance with the terms set forth below. OCA may modify its compliance program as appropriate but, at a minimum, OCA shall ensure that during the term of this CIA, it shall comply with the obligations”. The CIA had two obligations that provide insights into how a compliance program should be structured.

Compliance Committee

Within 90 days after the execution of the CIA, the company is required to create a Compliance Committee. Interestingly it laid out who should be on this Compliance Committee. Of course it include the CCO and other members of senior management necessary to meet the requirements of this CIA but went on to suggest senior management from the following functions, “senior executives of relevant departments, such as sales, marketing, legal, medical affairs/medical information, regulatory affairs, research and development, human resources, audit, finance, manufacturing, and operations”.

Even the functional leadership of the Compliance Committee was specified with the CCO as a co-chair with the Chief Executive Officer (CEO). Meeting dates were specified to occur at least quarterly with minutes kept and available to the OIG. Changes in committee membership also had to be approved by the OIG.

Board of Directors

The CIA recognized the Board has the responsibility for the “review and oversight of matters related to compliance with Federal health care program requirements, FDA requirements, and the obligations of this CIA.” The Board itself is required to include a non-executive member. The CIA went on to lay out specific requirements for the Board around its oversight of the compliance function.

It stated the Board is required to meet no less than quarterly to review and oversee the compliance program. The Board must report to the OIG, “description of the documents and other materials it reviewed, as well as any additional steps taken, such as the engagement of an independent advisor or other third party resources, in its oversight of the compliance program and in support of making the resolution below during each Reporting Period”.

Most interestingly, during each reporting period under the CIA the Board is required to adopt “a resolution, signed by each individual member of the Board, summarizing its review and oversight of OCA’s compliance with Federal health care program requirements, FDA requirements, and the obligations of this CIA.”

Finally, the CIA even required specific language in each Board Resolution, reading “The Board of Directors has made a reasonable inquiry into the operations of OCA’s Compliance Program during the preceding twelve-month period including the performance of the Compliance Officer and the Compliance Committee. Based on its inquiry and review, the Board has concluded that, to the best of its knowledge, OCA has implemented an effective Compliance Program to meet Federal health care program requirements, FDA requirements, and the obligations of the Corporate Integrity Agreement.” If the Board cannot commit to this language, it must explain why not in writing to the OIG.

Admittedly these provisions may seem onerous for a company who has not engaged in multiple criminal acts. However these steps are required to ensure that Olympus fulfills its obligations going forward. Yet the requirements lay out what may move to best practices for an anti-corruption compliance program sooner rather than later. Consider the make up of the Compliance Committee and its specified regular meeting schedule. Moreover, the Board obligations could be seen as cutting edge but also drill down into how a Board can effectively provide oversight to a compliance program. Finally, the certification required on the Board resolutions will hopefully make each and every Board member take their oversight responsibilities seriously.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Tipping Point 2The second tipping point for compliance which has occurred over the last 30 days or so is the information which has leaked out that the Department of Justice (DOJ) is in the process of hiring an outside advisor to provide to the Foreign Corrupt Practices Act (FCPA) unit an additional perspective on best practices for an anti-corruption compliance program. This person, identified as Hui Chen, will advise the DOJ on not only the efficacy of a company’s compliance program but also whether Declinations should be granted based upon the facts and circumstances presented by each matter.

Based on this new compliance counsel position, I think there are now different imperatives. The first is that it will become even more important and critical for company’s to have a robust demonstrable program in place. The foundational elements of a best practices compliance program are well known and available to anyone looking. Of course, I would say one of the best places to start is my book Doing Compliance: Design, Create, and Implement an Effective Anti-Corruption Compliance Program which is based on the 10 Hallmarks of an Effective Compliance Program, as laid out in the FCPA Guidance. But you can use other formulations such as Martin’s Five Elements of an Effective Compliance Program, the OECD 13 Good Practices or even the UK’s Six Principles of Adequate Procedures as the basis for your compliance program.

Stephen Martin, the Managing Director and founder of Baker & McKenzie’s compliance consulting practice and someone who helps companies proactively enhance corporate compliance programs, has said about the creation of this new DOJ compliance consultant position, “Historically, it has been difficult for compliance professionals to explain the “return on investment” in compliance programs to senior management and Board of Directors. Companies questioned whether DOJ and SEC [Securities and Exchange Commission] really credited a pre-existing compliance program or enhancements done during an investigation and/or resolution. The DOJ and SEC listened to the compliance community and publicly released the rationale in the Morgan Stanley declination as resulting from the effectiveness of Morgan Stanley’s compliance program. Now, the DOJ is furthering its focus on the importance of compliance by clearly signaling how intently DOJ will be evaluating compliance programs in charging decisions, resolutions and monitorships. By retaining a compliance consultant with previous DOJ and in-house compliance experience, DOJ is sending a strong message to senior management and Boards of Directors that it is now critical that companies have a robust, effective and sophisticated compliance program covering both FCPA and non-FCPA risk areas.

For DOJ, this is a great step forward in being able to actually understand compliance programs and how they operate in the real world, in difficult environments when investigating and resolving matters. For companies, the “return on investment” is clear…the benefits of an effective compliance program far outweigh the costs of the program and help mitigate government enforcement and compliance related risks. For compliance professionals, the DOJ’s increasing focus provides the rationale for helping companies truly move to instituting and maintaining a practical, best practices compliance program that meets the rising expectations of the DOJ.”

Mike Volkov, in a post entitled “Political Cynicism and DOJ’s Appointment of an Internal “Compliance Program” Expert”, said the following, “It is always good to have access to compliance expertise when examining company compliance programs and imposing corporate compliance requirements. If the compliance counsel is charged with the responsibility for reviewing and revising the Schedule C requirement routinely imposed on companies that settle criminal cases, such an assignment could be a welcome development. Such revisions could be used as an opportunity to enhance corporate compliance obligations and promote effective compliance solutions.

Further, a compliance counsel could help to bridge the gap between antitrust and criminal division leaders and bring some consistency to the issue of crediting companies for corporate compliance programs. Finally, a compliance counsel could be assigned to an even more important task — further revision of the US Sentencing Guidelines to update and incorporate compliance developments into a more relevant set of standards for an effective ethics and compliance program.”

Both Martin and Volkov recognize that such an outside expert will put additional scrutiny on any compliance program that the DOJ may review. To my mind, it will make the role of the Chief Compliance Officer (CCO) and the function of a compliance program even greater and more important going forward. Yet equally important will be the focus of this new compliance counsel on decisions around whether or not to press criminal charges or give a Declination to a company. While this new compliance counsel position at the DOJ makes implementing and documenting the above steps all the more important, it also gives companies a greater chance to avoid potential FCPA liability through a DOJ Declination to Prosecute if they can demonstrate they have an effective compliance program.

Moreover, if you tie the information about the new compliance counsel with the announcement of the Yates Memo and the increased focus on corporate internal investigations to identify senior executives for prosecution, it is now even more important that companies have a robust compliance program in place. As more pressure will be put on quickly and efficiently investigating potential FCPA violations, I think the same will become truer for internal remediation of issues going forward. The message could not be clearer.

We now have two data factors around my theory that we are at a ‘tipping point’ for compliance. Stay tuned for tomorrow’s next data element.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Brithday TwoOne of the great things about Sunday afternoon is that Mike Volkov posts his Monday blog, when I usually have time to read it when I get the email notification that it is up. Yesterday he wished the Department of Justice’s (DOJ) and Securities and Exchange Commission’s (SEC) jointly released 2012 A Resource Guide to the U.S. Foreign Corrupt Practices Act (Guidance) a belated Happy 2nd Birthday and bemoaned the fact no one else had done so. Inspired, and somewhat chagrined by Volkov, I decided to blog today about a couple of the highlights from the FCPA Guidance.

I. The Ten Hallmarks of Effective Compliance Programs

As a ‘Nuts and Bolts’ guy I found the DOJ/SEC formulation of their thoughts on what might constitute a best practices compliance program, the most useful part. The Guidance cautions that there is no “one-size-fits-all” compliance program. It recognizes a variety of factors such as size, type of business, industry and risk profile a company should determine for its own needs regarding a Foreign Corrupt Practices Act (FCPA) compliance program. But the Guidance made clear that these ten points are “meant to provide insight into the aspects of compliance programs that DOJ and SEC assess”. In other words you should pay attention to these and use this information to assess your own compliance regime.

  1. Commitment from Senior Management and a Clearly Articulated Policy Against Corruption. It all starts with tone at the top. But more than simply ‘talk-the-talk’ company leadership must ‘walk-the-walk’ and lead by example. Both the DOJ and SEC look to see if a company has a “culture of compliance”. More than a paper program is required, it must have real teeth and it must be put into action, all of which is led by senior management. The Guidance states, “A strong ethical culture directly supports a strong compliance program. By adhering to ethical standards, senior managers will inspire middle managers to reinforce those standards.” This prong ends by stating that the DOJ and SEC will “evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.”
  2. Code of Conduct and Compliance Policies and Procedures. The Code of Conduct has long been seen as the foundation of a company’s overall compliance program and the Guidance acknowledges this fact. But a Code of Conduct and a company’s compliance policies need to be clear and concise. Importantly, the Guidance made clear that if a company has a large employee base that is not fluent in English such documents need to be translated into the native language of those employees. A company also needs to have appropriate internal controls based upon the risks that a company has assessed for its business model.
  3. Oversight, Autonomy, and Resources. This section began with a discussion on the assignment of a senior level executive to oversee and implement a company’s compliance program. Equally importantly, the compliance function must have “sufficient resources to ensure that the company’s compliance program is implemented effectively.” Finally, the compliance function should report to the company’s Board of Directors or an appropriate committee of the Board such as the Audit Committee. Overall, the DOJ and SEC will “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.”
  4. Risk Assessment. The Guidance states, “assessment of risk is fundamental to developing a strong compliance program”. Indeed, if there is one over-riding theme in the Guidance it is that a company should assess its risks in all areas of its business. The Guidance is also quite clear that when the DOJ and SEC look at a company’s overall compliance program, they “take into account whether and to what degree a company analyzes and addresses the particular risks it faces.” The Guidance lists factors that a company should consider in any risk assessment. They are “the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.”
  5. Training and Continuing Advice. Communication of a compliance program is a cornerstone of any anti-corruption compliance program. The Guidance specifies that both the “DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” The training should be risk based so that those high-risk employees and third party business partners receive an appropriate level of training. A company should also devote appropriate resources to providing its employees with guidance and advice on how to comply with their own compliance program on an ongoing basis.
  6. Incentives and Disciplinary Measures. Initially the Guidance notes that a company’s compliance program should apply from “the board room to the supply room – no one should be beyond its reach.” There should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. Additionally, the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.”
  7. Third-Party Due Diligence and Payments. The Guidance says that companies must engage in risk based due diligence to understand the “qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.” Next a company should articulate a business rationale for the use of the third party. This would include an evaluation of the payment arrangement to ascertain that the compensation is reasonable and will not be used as a basis for corrupt payments. Lastly, there should be ongoing monitoring of third parties.
  8. Confidential Reporting and Internal Investigation. This means more than simply a hotline. The Guidance suggests that anonymous reporting, and perhaps even a company ombudsman, might be appropriate to have in place for employees to report allegations of corruption or violations of the FCPA. Furthermore, it is just as important what a company does after an allegation is made. The Guidance states, “once an allegation is made, companies should have in place an efficient, reliable, and properly funded process for investigating the allegation and documenting the company’s response, including any disciplinary or remediation measures taken.” The final message is what did you learn from the allegation and investigation and did you apply it in your company?
  9. Continuous Improvement: Periodic Testing and Review. As noted in the Guidance, “compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.” The DOJ/SEC expects that a company will review and test its compliance controls and “think critically” about its own weaknesses and risk areas. Internal controls should also be periodically tested through targeted audits.
  1. Mergers and Acquisitions.Pre-Acquisition Due Diligence and Post-Acquisition Integration.Here the DOJ and SEC spell out their expectations in not only the post-acquisition integration phase but also in the pre-acquisition phase. This pre-acquisition information was not something on which most companies had previously focused. A company should attempt to perform as much substantive compliance due diligence that it can do before it purchases a company. After the deal is closed, an acquiring entity needs to perform a FCPA audit, train all senior management and risk employees in the purchased company and integrate the acquired entity into its compliance regime.

II. Declinations

Many commentators such The FCPA Professor, Mike Volkov, myself and others have advocated that the DOJ release information about Declinations because they are an excellent source of information for the compliance practitioner about the DOJ’s thinking on FCPA enforcement issues. Indeed I had written, “In an area like Foreign Corrupt Practice Act (FCPA) enforcement, where guiding case law is largely non-existent, compliance practitioners must rely on the actions and decisions of federal enforcement agencies for information. Such information is available in the form of enforcement actions, the release of Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs), and hypothetical fact patterns presented to the Department of Justice (DOJ) through its Opinion Release procedure. But one highly valuable source of guidance has been kept from regulated entities and their counsels: DOJ and Securities and Exchange Commission (SEC) “declination” decisions, opinions which are drafted when the agencies decline to prosecute an individual or organization. A change is needed in this counterproductive policy. The release of substantive information on declinations would help foster greater compliance with the FCPA by providing practitioners with specific facts of circumstances where investigations did not result in an enforcement action.”

Whether the DOJ was answering any of the commentary, it hardly matters. But a significant section of the Guidance is dedicated specifically to six Declinations provided to companies which self-disclosed possible FCPA violations. The types of issues reported to the DOJ were as varied as mergers and acquisitions (M&A); actions by third parties on a company’s behalf which violated the FCPA; payments improperly made by company employees which were incorrectly characterized as facilitation payments; and illegal bribes paid out by a small group of company employees. From these Declinations, I derived the following points (1) The Company was alerted to possible corrupt conduct via its compliance program or internal controls. (2) Possible FCPA violations were self-reported or otherwise voluntarily disclosed to the DOJ/SEC. (3) The entities in question conducted a thorough internal investigation and shared the results with the DOJ/SEC. (4) The conduct violative of the FCPA was not pervasive and consisted of relatively small bribes or other corrupt payments. (5) The company took immediate corrective action against the person(s) engaging in the conduct. (6) Each company’s compliance program was expanded or enhanced and these enhancements were reflected in compliance training, internal process improvements and additional enhanced internal controls.

So here’s to the Guidance at the ripe of age of 2. Thanks for coming into all of our (compliance) lives. I have also held back the best for last; the Guidance is available for free on the DOJ website and you can download it by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Dis-linkOne of my favorite words in the context of Foreign Corrupt Practices Act (FCPA) enforcement is dis-link. I find it a useful adjective in explaining how certain conduct by a company must be separated from the winning of business. But it works on so many different levels when discussing the FCPA. Last week I thought about this concept of dis-linking when I read the second Opinion Release of 2014, that being 14-02. One of the clearest ways that the Department of Justice (DOJ) communicates is through the Opinion Release procedure. This procedure provides to the compliance practitioner solid and specific information about what steps a company needs to take in the pre-acquisition phase of due diligence. However, 14-02 directly answers many FCPA naysayers long incorrect claim about how companies step into FCPA liability through mergers and acquisitions (M&A) activity.

From the Opinion Release it was noted that the Requestor is a multinational company headquartered in the United States. Requestor desired to acquire a foreign consumer products company and it’s wholly owned subsidiary (collectively, the “Target”), both of which are incorporated and operate in a foreign country, never issuing securities in the United States. The Target had negligible business contacts in the US, including no direct sale or distribution of their products. In the course of its pre-acquisition due diligence of the Target, Requestor identified a number of likely improper payments by the Target to government officials of Foreign Country, as well as substantial weaknesses in accounting and recordkeeping. In light of the bribery and other concerns identified in the due diligence process, Requestor also detailed a plan for remedial pre-acquisition measures and post-acquisition integration steps. Requestor sought from the DOJ an Opinion as to whether the Department would then bring an FCPA enforcement action against Requestor for the Target’s pre-acquisition conduct. It was specifically noted that the Requestor did not seek an Opinion from the Department as to Requestor’s criminal liability for any post-acquisition conduct by the Target.

Improper Payments and Compliance Program Weaknesses

In preparing for the acquisition, Requestor undertook due diligence aimed at identifying, among other things, potential legal and compliance concerns at the Target. Requestor retained an experienced forensic accounting firm (“the Accounting Firm”) to carry out the due diligence review. This review brought to light evidence of apparent improper payments, as well as substantial accounting weaknesses and poor recordkeeping. The Accounting Firm reviewed approximately 1,300 transactions with a total value of approximately $12.9 million with over $100,000 in transactions that raised compliance issues. The vast majority of these transactions involved payments to government officials related to obtaining permits and licenses. Other transactions involved gifts and cash donations to government officials, charitable contributions and sponsorships, and payments to members of the state-controlled media to minimize negative publicity. None of the payments, gifts, donations, contributions, or sponsorships occurred in the US, none were made by or through a US person or issuer and apparently none went through a US bank.

The due diligence showed that the Target had significant recordkeeping deficiencies. Nonetheless, documentary records did not support the vast majority of the cash payments and gifts to government officials and the charitable contributions. There were expenses that were improperly and inaccurately classified. It was specifically noted that the accounting records were so disorganized that the Accounting Firm was unable to physically locate or identify many of the underlying records for the tested transactions. Finally, the Target had not developed or implemented a written code of conduct or other compliance policies and procedures, nor did the Target’s employees show an adequate understanding or awareness of anti-bribery laws and regulations.

Post-Acquisition Remediation

The Requestor presented several pre-closing steps to begin to remediate the Target’s weaknesses prior to the planned closing in 2015. Requestor aimed to complete the full integration of the Target into Requestor’s compliance and reporting structure within one year of the closing. Requestor has set forth an integration schedule of the Target that included various risk mitigation steps, dissemination and training with regard to compliance procedures and policies, standardization of business relationships with third parties, and formalization of the Target’s accounting and record-keeping in accordance with Requestor’s policies and applicable law.

DOJ Analysis

The DOJ noted black-letter letter when it stated, ““It is a basic principle of corporate law that a company assumes certain liabilities when merging with or acquiring another company. In a situation such as this, where a purchaser acquires the stock of a seller and integrates the target into its operations, successor liability may be conferred upon the purchaser for the acquired entity’s pre-existing criminal and civil liabilities, including, for example, for FCPA violations of the target. However this is tempered by the following from the 2012 FCPA Guidance, “Successor liability does not, however, create liability where none existed before. For example, if an issuer were to acquire a foreign company that was not previously subject to the FCPA’s jurisdiction, the mere acquisition of that foreign company would not retroactively create FCPA liability for the acquiring issuer.””

This means that because none of the payments were made in the US, none went through the US banking system and none involved a US person or entity that this would not lead to a creation of liability for the acquiring company. Moreover, there would be no continuing or ongoing illegal conduct going forward because “no contracts or other assets were determined to have been acquired through bribery that would remain in operation and from which Requestor would derive financial benefit following the acquisition.” Therefore there would be no jurisdiction under the FCPA to prosecute any person or entity involved after the acquisition.

The DOJ also provided this additional information, “To be sure, the Department encourages companies engaging in mergers and acquisitions to (1) conduct thorough risk-based FCPA and anti-corruption due diligence; (2) implement the acquiring company’s code of conduct and anti-corruption policies as quickly as practicable; (3) conduct FCPA and other relevant training for the acquired entity’s directors and employees, as well as third-party agents and partners; (4) conduct an FCPA-specific audit of the acquired entity as quickly as practicable; and (5) disclose to the Department any corrupt payments discovered during the due diligence process. See FCPA Guide at 29. Adherence to these elements by Requestor may, among several other factors, determine whether and how the Department would seek to impose post-acquisition successor liability in case of a putative violation.”

Discussion

Mike Volkov calls it ‘reading the tea leaves’ when it comes to what information the DOJ is communicating. However, sometimes I think it is far simpler. First, and foremost, 14-02 communicates that there is no such thing as ‘springing liability’ to an acquiring company in the FCPA context nor such a thing as simply buying a FCPA violation, simply through an acquisition only, there must be continuing conduct for FCPA liability to arise. Most clearly beginning with the FCPA Guidance, the DOJ and Securities and Exchange Commission (SEC) have communicated what companies need to do in any M&A environment. While many compliance practitioners had only focused on the post-acquisition integration and remediation; the clear import of 14-02 is to re-emphasize importance of the pre-acquisition phase.

Your due diligence must being in the pre-acquisition phase. The steps taken by the Requestor in this Opinion Release demonstrate some of the concrete steps that you can take. Some of the techniques you can use in the pre-acquisition phase include (1) having your internal or external legal, accounting, and compliance departments review a target’s sales and financial data, its customer contracts, and its third-party and distributor agreements; (2) performing a risk-based analysis of a target’s customer base; (3) performing an audit of selected transactions engaged in by the target; and (4) engaging in discussions with the target’s general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other major corruption-related issues that have surfaced at the target over the past ten years.

Whether you can make these inquiries or not, you will also need to engage in post-acquisition integration and remediation. 14-02 provides you with some of the steps you need to perform after the transaction is closed. If you cannot perform any or even an adequate pre-acquisition due diligence, the time frames you put in place after the acquisition closes may need to be compressed to make sure that you are not continuing any nefarious FCPA conduct going forward. But it all goes back to dis-linking. If a target is engaging in conduct that violates the FCPA but the target itself is not subject to the jurisdiction of the FCPA, you simply cannot afford to allow that conduct to continue. If you do allow such conduct to continue you will have bought a FCPA violation and your company will be actively engaging and participating in an ongoing FCPA violation. That is the final takeaway I derive from this Opinion Release; it is allowing corruption and bribery to continue which brings companies into FCPA grief. Opinion Release 14-02 provides you a roadmap of the steps you and your company can take to prevent such FCPA exposure.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014