7K0A0075I continue my review of the Johnson Controls, Inc. (JCI) Foreign Corrupt Practices Act (FCPA) enforcement action today by focusing on the Department of Justice’s (DOJ’s) Declination to Prosecute. Yesterday, I considered the underlying facts reported to review what lessons could be applied by a compliance practitioner to a corporate anti-corruption compliance program. Today, I want to consider the information available on the actions by JCI, beginning with the self-disclosure, which led to the DOJ to grant a Declination.

The commentary on the DOJ Declination has ranged from the FCPA Professor, who argued there was no viable cause of action against JCI for the illegal conduct of its subsidiary, China Marine, and hence the Declination was without substance; to Mike Volkov who called the declination a ‘head scratcher’ and noted “there appears to be plenty of justification to stretch here in this case when you basically have a recidivist continuing to violate the law”, in arguing there were potential criminal charges to pursue. I want to consider the matter from the angle of the new DOJ Pilot Program and see what, if anything, might be gleaned from that perspective.

One of the difficulties in evaluating any Declination is the paucity of facts available to the compliance practitioner to evaluate. In the JCI case we have the Securities and Exchange Commission (SEC) resolution via a Cease and Desist Order (Order) that lays out the facts relevant to that enforcement action. However, this Order is the product of negotiations between the SEC and JCI. This means the company can seek to keep out facts, which would point to criminal liability, reputational damage, embarrassing senior executives or a plethora of other issues the company does not want in the public domain. There is no way to know if the facts laid out in the Order are all the facts in the case that were known to the DOJ or even disclosed to the DOJ so to base an argument on this underlying premise puts you on wobbly ground. The foregoing is one of the reasons I have argued for my information to be made public around Declinations so that compliance practitioners might understand the full underlying facts.

Yet, even if one took the facts presented in the Order as only facts of this matter, there is information that could lead one to reasonably conclude that criminal charges could be considered under the FCPA. The Accounting Provisions, both Books and Records and Internal Controls, are generally thought to be civil side requirements only. However the statute does make violations of the Accounting Provisions under the following:

(4) No criminal liability shall be imposed for failing to comply with the requirements of paragraph (2) of this subsection except as pro­vided in paragraph (5) of this subsection.

(5) No person shall knowingly circumvent or knowingly fail to imple­ment a system of internal accounting controls or knowingly falsify any book, record, or account described in paragraph (2).

Paragraph 2 refers to the Internal Controls requirements of the FCPA. This means someone must knowingly falsify such records or fail to implement a system of internal controls. The facts laid out in the Order would appear to provide at least an argument that this threshold was met. JCI’s internal controls were so poor that the company “did not understand some of the highly customized transactions at China Marine or the projects involving the sham vendors.” Additionally someone at the corporate office had to certify the financial statements were true and correct and who ever did could also have violated the FCPA. Volkov noted the DOJ could “stretch” to bring criminal charges but either through the argument of conscious avoidance or simply on the facts laid out in the Order, I find an argument for criminal liability plausible. Of course, these arguments do not convict JCI of criminal violation of the FCPA, only a trier of fact can do so, yet they make clear that there are credible arguments which could be pursued which makes a Declination an appropriate mechanism for the DOJ to use, in its discretion.

What led the DOJ to exercise its discretion in issuing the Declination? We can find some guidance from the four requirements under the Pilot Program. First, that there be self-disclosure, which was present in this matter. The Order stated that the company self-disclosed within one month after receiving a second anonymous whistleblower compliance. Second is cooperation during the investigation. The Order stated JCI provided “thorough, complete and timely cooperation” which consisted of the following:

  • JCI promptly and routinely provided the staff with the results of its investigation as it progressed, and provided all supporting documentation requested.
  • JCI provided factual chronologies, hot document binders, and interview summaries, as well as English translations of numerous documents and emails.
  • JCI made employees available for interviews.
  • JCI provided “real time” downloads of employee interviews and made other foreign employees available for interview.
  • When the company caught a Chinese employee shredding documents, it quickly secured the office to preserve evidence.
  • JCI’s cooperation assisted the staff’s investigation.
  • JCI’s timely self-report as well as the thorough productions allowed the staff to initiate and complete its investigation quickly.

The next requirement under the Pilot Program is for extensive remediation during the pendency of the investigation. Here the Order laid out some of the steps taken by JCI, including:

  • JCI terminated or separated sixteen employees implicated in or associated with the illegal scheme and placed all suspect vendors on a do-not-use/do-not-pay list.
  • JCI has closed down its China Marine offices and moved all remaining China Marine employees, none of whom perform a sales or procurement function, into existing offices.
  • JCI enhanced its integrity testing and internal audits to reevaluate vendor onboarding for all JCI business worldwide.
  • JCI implemented random site audits to ensure the delivery of goods on purchase orders.

The final requirement under the Pilot Program is that the company disgorges profits it received from its ill-gotten gain. The Order said, “From 2007 to 2013, JCI obtained a benefit of $11.8 million as a result of over $4.9 million in improper payments made to or through approximately eleven problematic vendors for the purpose of foreign and commercial bribery, and embezzlement.” This corresponds to the amount paid as disgorgement.

For any Chief Compliance Officer (CCO) or compliance practitioner reviewing the JCI enforcement action, it does not matter whether you believe JCI committed criminal acts or not. The reality is that the DOJ is once again laying out conduct it will consider to award the lowest sanction possible, a Declination. There have now been three given since the announcement of the Pilot Program in April. You should study each of these and if you find yourself in a FCPA investigation, use each Declination as a roadmap for your actions during the pendency of the investigation.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Questions 2I continue my exploration of recent enforcement matters and issues by turning to the Johnson Controls, Inc. (JCI) Foreign Corrupt Practices Act (FCPA) enforcement action, which was announced last week. Mike Volkov has called the enforcement action a “head scratcher”. Whether you agree with Volkov’s analysis or not, the case has several significant points for the Chief Compliance Officer (CCO) or compliance practitioner, which I will review today.

The matter was settled via a Cease and Desist Order (Order) from the Securities and Exchange Commission (SEC) and a Declination issued by the Department of Justice (DOJ). For its penalty, JCI accepted over $11.8 million in profits as a result of approximately $4.9 million in improper payments made by China Marine. JCI agreed to disgorge these profits, pay pre-judgment interest of $1,382,561 and a civil penalty of $1,180,000 for a total amount of $14,362,561.

The underlying facts are about as sordid as they can be for a corporate enforcement action. JCI obtained the Chinese unit, China Marine, through its purchase of York International (York) in 2005. In 2007, York paid $22 million to the DOJ and SEC to resolve FCPA offenses in China and other countries that occurred between 2001 and 2006.  York agreed to a three-year independent compliance monitor. JCI, for its part, terminated those involved in China Marine’s illegal conduct after it acquired York.

JCI installed its own Managing Director and limited China Marine’s use of third party sales agents. However, as stated in the Order, “From 2007 to 2013, the managing director of China Marine, with the aid of approximately eighteen China Marine employees in three China Marine offices, continued the bribery and theft that began under his predecessor by using vendors instead of agents to facilitate the improper payments. The improper payments were made to employees of government-owned shipyards as well as ship-owners and unknown persons”.

The bribery scheme was quite sophisticated. It involved, “a multi-stepped arrangement that required the complicity of nearly the entire China Marine office from the managing director, to the sales managers, the procurement managers and finally to the finance manager. The managing director aided or at times approved requests for the addition of certain vendors to the vendor master file without disclosing that certain sales managers had ownership or beneficial interest in the vendors. After the managing director’s approval, sales managers added bogus costs for parts and services to sales reports, which inflated the overall cost of the project, and generated purchase orders for the bogus parts and services. The procurement manager knowingly approved the purchase orders.” The scheme even included the vendors themselves who “created fake order confirmations for the unnecessary parts and services and submitted invoices for payments.” To complete the circle, the China Marine finance manager would authorize the fraudulent payments.

In what can only be called a complete, total and utter failure of JCI’s internal controls, company auditors could not understand the China Marine transactions. Further, and with even more evidence of the lack of effective internal controls, many of China Marine’s transactions were deemed non-material so they were at a level below that which would trigger a review of corporate oversight from JCI’s Denmark office, which oversaw the China Marine business unit. The Order noted that the average vendor payment in the bribery scheme “was approximately $3,400” but the total amount of bribes paid was $4.9MM. One might reasonably wonder if JCI understood there was no materiality threshold under the FCPA. One might also ask if there was conscious indifference by the JCI corporate office.

For the CCO or compliance practitioner there are several important lessons to be garnered from this enforcement action. First is the absolute requirement for effective internal controls to be put in place. If your company does not understand the transactions that any subsidiary engages in, you have put your company at serious risk. For if a company’s internal auditors cannot understand a series of transactions, they you certainly cannot explain them to an auditor. Further, under Sarbanes-Oxley (SOX) §404, a company must not only acknowledge its responsibility for establishing and maintaining a system of internal controls and procedures for financial reporting and an assessment, but also report on the effectiveness of the company’s internal controls.

Karen Cascini and Alan DelFavero, in an article entitled “An Assessment of the Impact of the Sarbanes-Oxley Act on the Investigation Violations of the Foreign Corrupt Practices Act”, said, “Section 404 “requires management to annually disclose its assessment of the firm’s internal control structure and procedures for financial reporting and include the corresponding opinions by the firm’s auditor”. More particularly, “while the FCPA required public companies to institute effective internal controls to stop the bribes and make executives accountable, SOX 404 goes further, but has similar goals.”

All of this might reasonably lead one to ask, who at the corporate headquarters certified the effectiveness of both the JCI and China Marine’s internal controls? Moreover, the Accounting Provisions of the FCPA also includes a section requiring accurate books and records. Clearly JCI was not too interested in verifying the accuracy of the books and records of its China Marine subsidiary.

More than this lack of compliance with both prongs of the FCPA Accounting Provisions, the lack of seeming awareness of enhanced risks is a confounding aspect of this case. China Marine was clearly identified as a high-risk business unit of both York and later JCI. Simply putting your self-appointed Managing Director in place is not enough. Any competent risk management system requires oversight, or as my wife would say ‘a second set of eyes’. This is why an effective compliance program requires ongoing monitoring. It is even truer when an entire business unit is high-risk.

Tomorrow I will continue my exploration of the JCI enforcement action by looking at the DOJ’s Declination, in conjunction with the Pilot Program.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Show Notes:

  1. To read Miller & Chevalier’s Memo on the Graham decision on the five-year statute of limitations on SEC claims of profit disgorgement on the FCPA Blog, click here.
  2. To read Miller & Chevalier’s Memo on the IRS CCA regarding the tax treatment of profit disgorgement, click here.

Battle of the Somme IIIThere have been a plethora of new books about the Battle of the Somme. Daniel Todman reviewed several in an article for the Financial Times (FT), entitled “Stories of the Somme”. One of the books reviewed, Breakdown: The Crisis of Shell Shock on the Somme, 1916, by Taylor Downing, focused on the relatively new condition identified as ‘shell shock’ a term which became ‘combat fatigue’ in World War II (WWII) and today is called ‘post traumatic stress disorder’. Downing thoroughly discussed the range of symptoms experienced by the combatants. Yet his innovation was to consider the mental health of the entire British nation as the causalities mounted and mounted with no end or even result in sight.

I thought about Taylor’s insights when considering the collective mental state of Great Britain after the Brexit vote or, as we would say in Texas Breeee-exit. The topic has certainly dominated both the UK and US news since last Friday, although since Monday, the British press is equally talking about the English exit from the European Football Championship, losing to Iceland 2-1. Many have wondered what Brexit might mean for compliance, the Foreign Corrupt Practices Act (FCPA) and enforcement of the UK Bribery Act. I explored some of the these issues with Jonathan Armstrong, from Cordery Law Firm in London, in a podcast earlier this week, you can listen to Episode 262 The Brexit Edition on the FCPA Compliance and Ethics Report.

Regarding enforcement of the UK Bribery Act, Armstrong believes that there is likely to be little change. The UK Bribery Act 2010 is not a part of any body of European Union (EU) legislation and the UK bribery prosecutors are independent of the EU regime. There may be an effect on some investigations, for example into alleged corruption in EU funds, but as the law will remain the same, there should be no change in how it is enforced. My concern would be that the British government would be so low of funds or required to use its resources in other more politically palatable areas that it could lead to underfunding for the Serious Fraud Office (SFO) to conduct investigations and put on trials for companies that do not settle with the government.

Armstrong did opine that there might well be big changes in areas which do impact FCPA enforcement and those are the areas of data privacy and data transfer. Armstrong noted while there has obviously been much debate in Europe about data transfer issues, what happens with the UK after the exit remains to be seen. He believes that much is likely to depend on whether the UK remains in the European Economic Area (EEA) or not. If the UK does, there may well be little practical change. However if the UK leaves the EEA regime, it would likely have to go through some sort of an adequacy assessment under the EU General Data Protection Regulation (GDPR). He indicated that data transfers could be complicated if the UK does not remain in the EEA as there have been allegations of surveillance by UK Government agencies. He concluded that if a working Privacy Shield deal can be done next month the UK would still be a party to that, at least in the short term. He did conclude with the well-known British admonition to ‘Watch this space”.

I was also interested with Andrew Hill’s FT On management article entitled “Five failures of leadership and one hollow Brexit success”. As usual many of Hill concepts translate well over the role of the Chief Compliance Officer (CCO) so I wanted to use this to reflect on leadership issues for the compliance professional. Hill was merciless that over the course of the referendum campaign and the subsequent events since the vote was tallied on Friday that there has been a complete, total and utter failure of British political leadership.

First is the underlying historical failure of British leadership within the EU. Hill wrote, “A dearth of leadership in the EU itself over recent years exacerbated the economic and political mess that repelled many insular UK voters from the European project. A fatal failure to exercise UK leadership in the EU… further primed the electorate to reject the invitation to remain.” For the CCO or compliance practitioner, I think this means you have to actively engage at all levels of your organization going forward. Never forgot that creating corporate allies is an ongoing process.

The second was the failure of strategy. Presciently, Hill notes that having a strategy is not the same as having a goal. Hill quotes UCLA Professor Richard Rumelt for the obvious, “Winging it is not a strategy.” You need to have both a goal and strategy. Based on the continued comments from the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) over the years, you need to have a roadmap for the design, implementation and continual improvement of your compliance program.

Failure number three is the failure of teamwork. The Brexit referendum campaign certainly embodied the age-old adage that politics makes for strange bedfellows. However in this campaign, Hill said, “The formation of opposing groups drawn from across the political spectrum was always going to pose vast challenges.” Moreover, “Scratch teams can do great work. In business the most diverse groups often come up with the best innovations, but such groups are also the hardest to manage.”

The lesson for the CCO is the management of diverse groups within an organization. Obviously the General Counsel’s (GC’s) office should be a natural ally of compliance. Yet the roles of both disciplines within an organization are very different. These differences will need to be managed throughout the existence of any compliance issue. The same is true, perhaps even more so, for other corporate functions.

As a fourth failure, Hill pointed to “disintegration of the opposition Labour party’s fragile unity after the vote has exposed the inability of Jeremy Corbyn, its leader and a reluctant Remainer, to shape the agenda”. Hill recognizes that political leaders can only get out so far in front of their constituents. Yet being a leader means more than simply talking into an echo chamber but also leaders have “a duty to conduct the sound that the chorus makes rather than simply to sing along.”

Here I think the message for the CCO is that you must continually work to shape the message of compliance throughout your organization. This certainly means more than simply coming from the compliance department. You must also get the C-Suite and senior executives to both talk the talk and to walk the walk of compliance.

Finally, is the failure in the post election phase of this disaster, Hill contends that while “Succession is almost always bloodier in politics than in business” this act by British politicians presents a “scene of near-total disarray”. He intones, “Boards often allude to contingency plans in case their chief executive is “run over by a bus”.” For any CCO, you must prepare for such an exigency. More importantly, you must lead this effort for your company.

The implications of Brexit may well be with us for many years. As a CCO you need to not only begin to prepare for some the issues identified by Jonathan Armstrong but also heed the leadership failures identified by Andrew Hill.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016