In this episode I visit with Morrison Forrester partner James Koukios on the firm’s December newsletter on the Top Ten International Anti-Corruption Developments for December 2016. James and I visit about some of the lesser known highlights from the month of December 2016 in the global enforcement of anti-corruption.

Show Notes:

  1. The SFO announces an investigation into the Swiss engineering giant ABB, Ltd. for allegations of corruption coming out of the Unaoil scandal. See article in the FCPA Blog.
  2. Former Magyar Telekom exec settles with SEC before trial. See article in FCPA Blog.
  3. Tom goes on an extended rant about the ISO 37001 certification process and why it is “worse the useless”. See Tom’s post on the topic on the FCPA Compliance and Ethics Blog.
  4. Jay Rosen’s discusses his new gig with Affiliated Monitors.
  5. Everything Compliance-Episode 7 is out. It is dedicated exclusively to the first two chaotic weeks of the Trump Administration.
  6. Jay Rosen Weekend Report preview.

For some additional reading see:

1.) Mike Volkov Article on Monitors

http://blog.volkovlaw.com/2017/02/yikes-perils-remediation-corporate-monitors/

2.) Jay Rosen Weekend Read

The “Real” FCPA, SCCE + Hello Goodbye

https://www.linkedin.com/pulse/real-fcpa-scce-hello-goodbye-jay-rosen-ccep

3.) Kristy Grant-Hart on The Top Five Myths about ISO-37001 Exposed

http://fcpablog.squarespace.com/blog/2017/2/14/the-top-five-myths-about-iso-37001-exposed.html

4.) Jay Rosen new contact info

Jay Rosen, CCEP

Vice President, Business Development

Monitoring Specialist

Affiliated Monitors, Inc.

Mobile (310) 729-6746

Toll Free (866)-201-0903

JRosen@affiliatedmonitors.com

Today we honor what was called by British Lord Nelson, “the most daring act of its age”; the capture and burning of the US frigate Philadelphia in Tripoli harbor. In October 1803, the ship had run aground near Tripoli and was captured. The Americans feared that the well-constructed warship would be both a formidable addition to the Tripolitan navy and an innovative model for building future Tripolitan frigates. Hoping to prevent the Barbary pirates from gaining this military advantage, President Thomas Jefferson sent Lieutenant Stephen Decatur to lead a daring expedition into Tripoli harbor to destroy the captured American vessel. The Americans recaptured the ship and then set it alight. Decatur and his men escaped without the loss of a single American. The Philadelphia subsequently exploded when its gunpowder reserve was lit by the spreading fire.

A most “daring act” seems to be a good way to introduce a multi-part look at the recent Foreign Corrupt Practices Act (FCPA) enforcement action involving the Chilean chemicals and mining company Sociedad Química y Minera de Chile (SQM), which agreed to pay a criminal penalty of $15.5 million and a civil penalty of $15 million for a total fine and penalty of $30.5 million. The company settled with the Department of Justice (DOJ) via a Criminal Information and Deferred Prosecution Agreement (DPA) and the Securities and Exchange Commission (SEC) via a Cease and Desist Order (Order).

There were a couple of unusual aspects to this matter which bear review and consideration by any Chief Compliance Officer (CCO) and compliance practitioner, particularly for those with companies headquartered or domiciled outside the United States. The first is that the case was rare for its criminal violations of the FCPA for the Accounting Provisions; both the Books and Records and Internal Controls provisions. The second was that the company’s illegal actions appeared to have no US nexus to the conduct involved and the jurisdictional hook was that the company’s shares trade on the New York Stock Exchange (NYSE) as American Depository Receipts (ADRs) and the company is required to file periodic reports with the SEC. There were however some excellent points for review by any compliance practitioner regarding the underlying conduct involved.

According to the DOJ Press Release, “SQM knowingly failed to implement internal controls sufficient to ensure that payments from a fund under the control of one of its officers and high-level executives were made for services received and in compliance with Chilean law. Between 2008 and 2015, SQM made donations to dozens of foundations controlled by or closely tied to Chilean politicians. During this period, for example, SQM funneled approximately $630,000 to foundations controlled by a Chilean official with influence over the government’s mining plans in Chile, a key segment of SQM’s business.” It went on to add, “SQM also admitted to falsifying its books and records to conceal payments to vendors associated with politicians, logging them as consulting and professional services SQM never received. For example, in 2009, SQM paid approximately $11,000 to the sister-in-law of a Chilean official, recording the payment in SQM’s books as a payment for services received, despite the fact that the official’s sister-in-law submitted the false invoice solely to disguise payment to a Chilean senatorial campaign.” The sum total was that “SQM admitted having paid nearly $15 million between 2008 and 2015 to vendors despite having no evidence any goods or services were actually received.”

Yet in none of the resolution documents was there discussion of specific bribes paid or obtaining or retaining business by SQM. Moreover, as noted above, none of the payments were routed through the US or the US banking system. Finally, although there were numerous emails cited in the resolution documents, there was no evidence presented that they were stored on a US server or even went through the US in cyberspace.

What does come through loud and clear from the Information is the discretionary fund used by the person designated as “SQM Executive” and identified as Mr. Patricio Contesse G. – former Chief Executive Officer (CEO) of SQM. When I say discretionary fund, it was apparently at his sole discretion. Simply put, according to the Information “SQM paid approximately US $14.75 million to PEPs [Politically Exposed Persons] and related parties without effective internal accounting controls, such as appropriate due diligence, documentation or oversight.”

Going more deeply into the results of the company’s internal investigation than was reported in the Information, the company made the following Form 6-K SEC disclosure in December 2015.

“(a) payments were identified that had been authorized by SQM’s former CEO, Mr. Patricio Contesse G., for which the Company did not find sufficient supporting documentation;

(b) no evidence was identified that demonstrates that payments were made in order to induce a public official to act or refrain from acting in order to assist SQM obtain economic benefits;

(c) regarding the cost center managed by SQM’s former CEO, Mr. Patricio Contesse G., it was concluded that the Company’s books did not accurately reflect transactions that have been questioned, notwithstanding the fact that, based on the amounts involved, these transactions were below the materiality threshold defined by the Company’s external auditors determined in comparison to SQM’s equity, revenues, expenses or earnings within the reported period; and(d) SQM’s internal controls were not sufficient to supervise the expenses made by the cost center managed by SQM’s former CEO and that the Company trusted Mr. P. Contesse G. to make a proper use of resources.”

This same disclosure also specifically noted that Mr. Contesse G. (the former CEO) and “Mr. Patricio Contesse F. – former director of SQM,” declined to be interviewed by company’s designated outside counsel performing the internal investigation.

Contesse G.’s involvement and fraud was more than simply using his unlimited discretion to facilitate shady payments. He was actively and intentionally involved in falsifying the company’s books and records. The Information stated, “From 2008 to 2013, at the end of each fiscal year, SQM’s books and records, including those that SQM Executive and others intentionally falsified to justify payments to vendors connected to PEPs, were used for the purpose of preparing SQM’s financial statements. In addition, during each of these years from 2008 to 2013, SQM Executive signed financial certifications as part of SQM’s securities filings that he knew to be false.”

Regarding the internal controls violations, the company’s auditors noted payments made to third parties which “had a ‘high-risk’ connection to PEPs.” These findings were even presented to the full company Board of Directors with the recommendation that adequate internal controls be put in place to prevent such conduct going forward. However, none were.

Also interesting was the lack of notation of how the company’s illegal actions came to attention of the US government. There was no company self-disclosure, no reported whistleblower, no reported referral from another law enforcement agency, domestic or foreign. It may well be there was some type of tip or even electronic information obtained by government regulators.

The actions of SQM senior management were certainly daring in the extreme, one might even say stupid, given their blatant disregard for US law. If companies want the benefits of US securities offerings and prestige, they need someone to counsel them on why they have to comply with US regulations, even in their actions exclusively outside the US. The matter also points to the need for a company’s Board of Directors to step up, ask the hard questions and then take action when management fails to fulfill its obligations to do business legally. Finally, the enforcement action makes clear the need for any company which crosses multiple borders to have a best practices compliance program in place as there will be at least one country which has an anti-bribery/anti-corruption compliance program.

In the next post we will consider how the company was able to receive a 25% discount off the minimum fine range through cooperation and remediation after the US government came knocking.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

This episode is dedicated to the chaotic (at best) first three weeks of the Trump administration.

  1. Jonathan Armstrong leads a discussion of the Trump administrations devolution towards Privacy Shield and what it may portend for American companies doing business in the UK and EU. He highlights the recent opening of a new trial in Ireland brought by Max Schrems and also discussed the putative Muslim refugee ban in the context of broader business implications.

For the Cordery Compliance client alert on Privacy Shield, see here

  1. Jay Rosen considers what companies the intersection of business and politics under the Trump administration, the Tech sector response to the Muslim refugee ban and the more general business response to the first few weeks of the Trump administation.

For Jay’s post see, Where Do Politics End and Ethics & Compliance Begin?

  1. Matt Kelly opens with a discussion of the management process practices of the Trump administration in issuing Executive Orders and lays down some markers around compliance and regulatory issues under the new administration.

For Matt Kelly’s posts see the following:

Compliance in the Trump Era: More Markers Placed

Five Questions for SEC Nominee Jay Clayton

Yes Government Ethics is Happening

Dodd-Frank Reform Starts Coming into View

 For Tom Fox’s posts on these topics see the following:

The Trump Administration-Kaos is Bad for Business

The Trump Administration-Part II, Failures in Leadership and Management

The Trump Administration-Part III-Preparing for a Catastrophe

The Trump Administration-Part IV-the Business Response

The members of the Everything Compliance panel include:

  • Jay Rosen (Mr. Translations) – Jay is Vice President of Legal & Corporate Language Solutions at United Language Group. Rosen can be reached at rosen@ulgroup.com.
  • Mike Volkov – One of the top FCPA commentators and practitioners around and is the Chief Executive Officer (CEO) and owner of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of the noted Compliance Week Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

Today’s headline is inspired by two recent notices; the first is from a January 25 ENI Press Release crowing that “Eni is the first Italian company to receive that certification”. The second came from an article in the Financial Times (FT) entitled “Eni chief Claudio Descalzi charged with international corruption” by James Politi, where he began his piece with the opening, “Claudio Descalzi, chief executive of Eni, has suffered a setback after Italian prosecutors charged him with international corruption following a lengthy investigation into the Italian energy group’s 2011 purchase of a Nigerian exploration licence. Mr Descalzi was asked to stand trial along with Paolo Scaroni, the former chief executive of Eni, as well as nine other individuals who were involved in the $1.3bn transaction, according to Fabio De Pasquale, the lead prosecutor on the case.”

The international corruption, also involving Royal Dutch Shell, involved questions regarding “an offshore exploration bloc called OPL 245, which is estimated to contain up to 9bn barrels of oil and is considered one of Nigeria’s most highly-prized energy prospects.” It was further noted that “The main accusation is that Eni and Shell knew the money paid to the government for OPL 245 would then be funnelled to other Nigerian individuals, essentially as bribes.” In what can only be said is a non-denial denial, both “Eni and Shell have said that they simply transferred money to the Nigerian government, without making any arrangements with third parties or the ultimate beneficiaries.”

The problem I see with one headline is that it brings up the uselessness of the ISO certification process. One might reasonably ask how a company could receive a certification for its “AntiBribery Management Systems” when both its current and former chief executives are under indictment for ‘international corruption’? The ISO certification issue is separate and stands apart from the ISO 37001 standards themselves. When I sat down to read the more than 100 pages of what might constitute good compliance practices, I, for the most part, did not have too many disagreements with the articulation. However, in the global world of anti-bribery/anti-corruption enforcement there were multiple standards for an effective compliance program, including, but not limited to the Ten Hallmarks of an Effective Compliance Program, Six Principles of Adequate Procedures, the OECD 13 Good Practices and multiple others. Indeed, I published an entire book some 2 1/2 years ago to laying out what constitutes an effective compliance program. So while it is mildly interesting from an intellectual perspective, the reality is that it is not anything new, different or innovative.

Yet the title of this blog post makes clear that any ISO 37001 certification is much worse, for it can lead an unsuspecting person to conclude that because a company has the ISO 37001 certification, it is actually doing compliance. From the ENI Press Release it stated, “quality of the system of rules and controls aimed at preventing corruption”. If that does not sound like a paper compliance program I do not know what does. I should also note the same Press Release goes on to state that since 2009, Eni has enshrined the principle of “zero tolerance” as “expressed in its Code of Ethics.” I wonder if either the current or former ENI chief executive under indictment read or even knew about this robust ENI Code of Ethics. Interestingly, the Press Release also stated that Stage 2 of the ISO 37001 certification process involved “interviews with people on the ground” to assure compliance with the program. It is safe to assume these interviews did not include the current or former ENI chief executive.

What is a counter-party to ENI to conclude about the robustness of its anti-corruption compliance program? How about any other company which has an ISO 37001 certification? This is where the worse than useless part comes into play. People might actually think that this certification affirms the company which holds it is committed to doing compliance and will continue to do so going forward. The counter-party who does business with such an ISO 37001 certificate holder may well assume this certification forms some basis of protection against a Foreign Corrupt Practices Act (FCPA), UK Bribery Act or (you name the law) investigation for bribery and corruption. Nothing could be further from the truth.

The Department of Justice (DOJ), Securities and Exchange Commission (SEC) and Serious Fraud Office (SFO) continually make abundantly clear that a company is responsible for its counter-parties not violating applicable anti-corruption laws. Put another way, a third-party, with an ISO 37001 certification who violates the FCPA, UK Bribery Act or any other similar law puts your company at just as much risk as a third-party with no ISO 37001 certification. Putting it as simply as I can, an ISO 37001 certification from a counter-party is of less than zero worth to your company, your compliance program or indeed any defense against a FCPA enforcement action.

What about a company which thinks it needs an ISO 37001 certification? This is equally problematic but for different reasons. The DOJ and SEC jointly issued FCPA Guidance made clear that an effective compliance program is based upon a company assessing its own risks and then setting up a program to manage those risks going forward through training, incentives and discipline and ongoing monitoring. The Ten Hallmarks were designed to be flexible to allow each company to assess and then manage its risks. Moreover, this flexibility allows a Chief Compliance Officer (CCO) or compliance practitioner to put forward clear evidence of compliance with this approach if the government comes knocking in a FCPA investigation. The evidence from the Pilot Program is that the DOJ is taking this approach into account and has doled out multiple declinations and Non-Prosecution Agreements (NPAs) since its inception in April 2016.

So which headline is right: that ENI received an ISO 37001 certification or that the chief executive of ENI will stand trial for corruption? Unfortunately, they are both right and that simple answer communicates to every CCO and compliance practitioner across the globe that the ISO 37001 certification process is worse than useless. This is both for the company assessing the effect of such a certification from a potential third-party and a company considering whether it should obtain the certification to prove it is actually doing compliance.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017