The top compliance roundtable podcast is back with a wealth of new topics.

  1. Matt Kelly opens with a discussion of the Equifax data breach and its implications for the compliance profession.

For Matt Kelly’s posts on the Equifax data breach and cybersecurity, see the following:

Vendor, Cybersecurity Risk, Ugh

Clayton, Congress Talk Cybersecurity

  1. Jonathan Armstrong considers the Uber situation in London where it recently lost it license to do business from the regulator Transportation for London (TfL). He discusses a prior case that he handled which had similar issues.
  2. Jay Rosen considers the massive FBI undercover operation resulting in 10 arrests in college basketball for corruption regarding high school recruits.
  3. Tom Fox sits in for Mike Volkov, who is on assignment this week. He discusses the top FCPA enforcement action of all-time, the recently announced Telia enforcement action.

For Tom Fox’s posts on the Telia enforcement action, see the following:

The Telia FCPA Resolution, Part I – Introduction

The Telia FCPA Enforcement Action: Part II – The Bribery Schemes

The Telia FCPA Enforcement Action: Part III – The Individuals

Telia FCPA Enforcement Action: Part IV – Getting Some Monies Back

Telia FCPA Enforcement Action: Part V-Lessons Learned

The gang is back with rants which follow the discussions.

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

If I told you that the last seven batting titles were won by baseball players who were originally from Venezuela, would you immediately run down to ICE and claim that our national pastime had been overrun by Venezuelan immigrants who were taking jobs away from Americans? Might you consider what exists in the Venezuelan water which made their baseball players so much better than US players? Now add to this equation that the last seven AL batting titles were won by two individuals; Houston Astro Jose Altuve and Detroit Tiger Miguel Cabrera. What do those numbers tell you, if anything other than Altuve and Cabrera are pretty good hitters?

I thought about this hitter’s anomaly when late last week we saw the release of the Alere Inc. (Alere) Securities and Exchange Commission (SEC) enforcement action which contained a Foreign Corrupt Practices Act (FCPA) component as well as penalties related to the company’s failures around revenue recognition. Alere comes on the heels of the biggest FCPA enforcement action of all-time for Telia Company AB (Telia). Alere agreed to pay more than $13MM to settle charges that it bribed foreign officials and committed accounting fraud to meet revenue targets. Of that $13MM, the company agreed to disgorge $3.3MM, interest of about $495,000 and pay a penalty of $9.2MM. It was at the opposite end of a spectrum from the Telia settlement of $965MM.

Alere is a Massachusetts-based medical manufacturer. The SEC issued an order finding that the South Korean subsidiary of Alere Inc., which produced and sold diagnostic testing equipment, improperly inflated revenues by prematurely recording sales for products that were still being stored at warehouses or otherwise not yet delivered to the customers or company’s distributors.

According to the SEC’s order, Alere also engaged in improper revenue recognition practices at several other subsidiaries. These actions occurred from 2010 to 2015. The SEC order stated these actions were “intentional”. Further, the company also failed to conform to GAAP from 2013 to 2016 through a practice called “postponement of delivery” where “customers agreed not to take delivery and submitted a “Declaration of Postponement” form” to the company’s Chinese subsidiary. This same type of accounting fraud scheme was used again with the company’s African distributors where “Alere retained title to the product until it was paid in full by the distributor”.

The company miscalculated its taxes due and made material misstatements on its financial returns. This led to a restatement of financials. All of this led the SEC to find there was a lack of effective internal controls over financials at the company. But this lack of effective controls was not simply limited to financial internal controls, it also extended to compliance internal controls.

In Colombia, the company purchased a private distributor, BioSystems, of its products and made it a corporate subsidiary, Alere Colombia. After the purchase, Alere Colombia “made improper payments totaling approximately $275,000 to the Customer EPS Manager in order to obtain and retain business from the Customer EPS. The payments began at least six months before Alere acquired Biosystems. Biosystems disguised these improper payments as payments for purported consulting services from the Customer EPS Manager’s husband, sister-in-law, and friend. In fact, none of the recipients of these improper payments performed legitimate consulting services for Biosystems sufficient to justify the amount of payments received.”

In India, the company’s subsidiary was told by its Indian distributor that it would be required to make a 4% commission payment to government officials to win contracts. This corrupt payment was approved by the company’s Vice President (VP) of Marketing and Sales and the payment was affected. The SEC Press Release stated, “Alere subsidiaries in India and Colombia obtained or retained business by using distributors or consultants to make improper payments to officials of government agencies or entities under government control. Alere failed to maintain adequate internal controls to prevent the payments, and the company inaccurately recorded the payments in its books and records.” Most ominously, when the company discovered the illegal payments, it kept the profits it made.

There are several lessons to be garnered in the Alere FCPA enforcement action. First is the increasing interplay of revenue recognition and compliance programs. There will no doubt be more overlap under the new revenue recognition rules which become effective in December. It is unsurprising that a company which would play fast and loose with such basic revenue recognition rules as payments to distributors and hold backs by customers would also do the same around illegal bribery schemes. Further the lack of effective financial internal controls may well be some indicia of the lack of effective compliance controls. The SEC might do well to investigate such situations more often.

Also, it points up once again the need to perform thorough pre-acquisition due diligence prior to the time a company purchases an entity and then move to integrate, perform a forensic FCPA audit and remediate a target after the purchase. Once again, if a company was engaging in bribery and corruption before you purchase them and they continue to do so after you purchase them, it is now you who are engaging in bribery and corruption, not them.

The Alere FCPA enforcement action also points to an issue I have been considering for some time. It is the type of FCPA enforcement action involved in many cases. There has not yet been a resolution of the Department of Justice (DOJ) investigation into Alere so there may well be criminal charges brought or some other type of DOJ resolution. Yet when you contrast Alere with Telia one is struck by both the quantitative and qualitative difference in the enforcement actions. It is if there is almost a spectrum of FCPA enforcement actions leading down a chain. The SEC resolution with Alere could almost be seen as an administrative resolution which the SEC is well-suited to provide. Perhaps this could be a model for a more regulatory approach to FCPA enforcement going forward.

Of course, that would depend on whether a company was corrupt, literally right up to the very top as was Telia.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories, including:

  1. The DOJ announces a major criminal case which rocked the world of college athletics, involving pay for shoes scandal. See article by Michael McCann in Sports Illustrated. See article by Mark Schlabach on ESPN.com. Sam Rubenfeld looks at the corruption in college sports angle in the WSJ Risk and Compliance Journal.
  2. Consumer product sellers need to check the SDN list before a sale? Before shipping? If you are Cartier jewelers, yes, according to SEC enforcement action. See article by Dick Cassin in the FCPA Blog.
  3. Alere settles FCPA and accounting fraud SEC enforcement action. Dick Cassin reports in the FCPA Blog. See copy of SEC Cease and Desist Order.
  4. McKinsey reminds us that a promise to pay can be a FCPA violation as its imbroglio in South Africa continues. See article Tom’s article in Compliance Week.
  5. Todd Haugh, an assistant professor of business law and ethics at Indiana University, wrote in the most recent issue of the MIT Sloan Management Review that even best practices compliance program fail to take into account behavioral best practices and one important but too often overlooked key to strengthening both individual and overall corporate behavior is eliminating rationalizations. See Tom’s blog post in the FCPA Blog.
  6. Uber loses it license in London and for the first time an Uber CEO apologizes for the company’s unethical behavior. Prashant S. Rao and Amie Tsang reports in the New York Times.
  7. After the Equifax breach comes news the SEC was hacked. Joe Mont reports in Compliance Week. Matt Kelly reports on SEC Chairman Jay Clayton’s testimony before Congress on this and other subjects this week in Radical Compliance.
  8. Jose Altuve reaches 200 hits for fourth straight season, becoming on the 4th Second Baseman to do so. He has also clinched the AL top hitter for the 3rd time in four years. Is an MVP far behind. Cubs clinch and Red Sox magic number is 1, having been stomped by the Astros 12-2 last night.
  9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In October, I will consider compliance with business ventures such as in the M&A context, joint ventures, distributors, channel ops partners, teaming agreements and all other manner of business venture. The first week I take a deep dive in M&A under the FCPA. This month’s sponsor is the Volkov Law Group. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. The Jay Rosen weekend report preview.

Today, lessons learned. Over the past several blog posts, I have taken a deep dive into the Telia Company AB (Telia) Foreign Corrupt Practices Act (FCPA) enforcement action. Anytime you have new No. 1 in the all-time FCPA enforcement list, it is stunning result. Both the FCPA total penalty and the amount of profit disgorgement agreed to by Telia were new records in the FCPA Blog Top 10 list. One very large kudos is due the Department of Justice (DOJ), Securities and Exchange Commission (SEC) and numerous other foreign regulators, prosecutors and investigators for putting this matter together for resolution. Today I would like to conclude this series with some of the lessons to be learned from the matter for the compliance practitioner.

There were multiple resolution documents filed or made public. The SEC settled via a Cease and Desist Order (Order). The SEC issued a Press Release. The DOJ issued an Information (Telia Information) and a Deferred Prosecution Agreement (Telia DPA), both for Telia and issued an Information and DPA for Coscom LLC (Coscom Information), a Plea Agreement and also issued a Press Release. The breadth and scope of Telia’s illegal conduct was about as far-ranging as one could imagine.

FCPA Enforcement

While certainly the lion share of the work on this case was done under the prior administration, the fact that it was not announced until some nine months into the current administration gives some clear guidance that the DOJ under Attorney General Sessions will actively and aggressively prosecute clear legal wrong doers. Frankly, you will not see a case more clearly than the Telia matter. For companies with systemic, wide-ranging corruption baked into to their business plans, the price will be stiff. Further if there is involvement with the very top management, as was demonstrated in this case, the cost will not only be high for the company but the risk for individuals for their personal freedom can also be put in jeopardy. Sweden is moving to prosecute the company’s former Chief Executive Officer (CEO), the head of the business unit where the bribery occurred and one other senior executive.

This case also puts into perspective many of the FCPA declinations and declinations with disgorgement which were announced earlier this year. When you couple both types of declinations with some of the enforcement actions from 2016, you see the continuum of enforcement strategies and how the DOJ and SEC make fines and penalty assessments. One of the goals of the FCPA Pilot Program was to provide greater transparency and clarity for companies regarding such decisions. The Telia case shows the spectrum involved and how major cases differ from more routine FCPA enforcement actions.

Bribery Schemes

There were multiple bribery schemes involved in this case. Telia used corrupt third parties to create sham consulting contracts for which no services were delivered. This gives the compliance professional an opportunity to review your third-party agent agreements to determine several factors. First, is there a business justification, questionnaire and due diligence in the file? Was the due diligence evaluated and were any red flags cleared? Was the relationship managed after the contract was signed? Were the services billed for delivered? Finally, did the third party execute annual attestations and certifications required under the compliance terms and conditions in the contract?

The highest amount of bribes were paid through the grant of an equity interest to the foreign official’s shell company in the entity doing business in Uzbekistan. Does your organization have any such arrangements, perhaps as required by local content requirements? Is the local organization meeting its contractual requirements? Finally, if there is a buy-out of the local organization from the entity, is it at a pre-negotiated price, per the contract or is there an uplift? If so, what is the business justification for the uplift?

There were a couple of ‘small’ bribes paid out in this case. One for $9.2MM and one for $2MM. Given the massive ongoing fraud, these amounts were almost lost in the shuffle. Perhaps they were simply taken out of petty cash. Whatever their source, you should use this opportunity to see who has access to petty cash in high-risk or emerging markets in your organization. Also, it would be a propitious time to check not only the spending authorization limits of such persons but also the internal controls around such authorizations.

Role of the Board

Was the Telia Board lied to throughout this multi-year bribery and corruption joy ride by Telia senior management, were they incompetent or something else? Whatever the reasons for the Board’s failure during the entire course of the bribery scheme, it provides the compliance practitioner with a teachable moment for your Board. You can educate your Board that they need to provide oversight on all the high-priority, high-risk operations, such as the company’s due diligence and monitoring program for managing third-party risks. In a high-risk area, such as Uzbekistan, the Board should inquire into the due diligence that was conducted, how any red flags were resolved, and then outline the risk mitigation strategies. Your Board needs to know about high-risk business opportunities and how the company is handling such risks.

International Cooperation and One Pie

This case continues the trend of literally world-wide cooperation around anti-corruption investigation. The following countries were noted in both the DOJ and SEC Press Releases for aiding the US enforcement effort: Sweden, Norway, Switzerland, the UK, Austria, Belgium, Cyprus, France, Ireland, the Isle of Man, Latvia, Luxembourg, Norway, Cyprus, British Virgin Islands, the Cayman Islands and Bermuda. Truly world-wide cooperation.

This cooperation has significant implications for any company which may find itself with potential FCPA, UK Bribery Act or similar legal violations. You will need to consider a simultaneous self-disclosure since there is such robust cooperation now. It will mean cooperation with a variety of law enforcement organizations literally across the globe. Also, this leads to the next point on the one pie concept.

As noted in the DOJ Press Release, the one pie concept of penalties also came into play again, as “In related proceedings, Telia reached a settlement with the U.S. Securities and Exchange Commission (“SEC”) and the Public Prosecution Service of the Netherlands (“PPS”). Under the terms of its civil resolution with the SEC, Telia agreed to pay $457,169,977 in disgorgement of profits and prejudgment interest. Finally, Telia agreed to pay the PPS a criminal penalty of $274 million, which, together with the criminal penalty paid to the United States, yields total criminal penalties of $548,603,972.”

While the conduct of Telia was obviously as egregious as it gets, the company has not been whip sawed by multiple national prosecutors. Indeed, as noted in the citation above, there has been cooperation between countries on the penalty phase, with the US giving credit for penalties available under the US Sentencing Guidelines to payments to other countries. However, to garner this one pie, the company must fully cooperate with all involved, which Telia apparently did.

Finally, this case demonstrates the DOJ and SEC at their finest when combatting the global scourge of bribery and corruption. Naysayers claim the US has no interest in such prosecutions and the Telia case shows not only the need for vigorous US prosecution of bribery and corruption but also how such professionalism promotes US business interests, both inside and outside the US. All-in-all a stunning result for all the prosecutors involved.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

In this episode, Matt Kelly and I take a deep dive into the Telia FCPA enforcement action. It is the largest FCPA fine ever, coming in at $965MM. The breadth and scope of Telia’s illegal conduct was about as far-ranging as one could imagine. The fines and penalties certain bore this out. The bribes were specifically approved by the highest level of Telia, including senior executives and the Board of Directors. There was an explicit awareness that the bribery scheme would violate the FCPA, so the company tried to navigate its way out of potential FCPA liability. Clearly those efforts were lacking.

We discuss the blatant nature of the bribery scheme, the international investigation and enforcement effort involved, how this enforcement actions differs from other types of enforcement actions and lessons to be learned from the matter. We also consider that the company did not self-disclose but did cooperate in the investigation and provided extensive remediation. This netted the company a 25% discount off the minimum penalty as calculated under the US Sentencing Guidelines.

The resolution documents include the SEC Cease and Desist Order, the DOJ issued an Information and a Deferred Prosecution Agreement, Telia. The DOJ also issued an Information and DPA for Coscom LLC, the Telia subsidiary through which the bribery occurred and a Plea Agreement.

In a separate Press Release, Telia said in part, “The information being reported by media about the terms of the resolution is not complete. Telia Company has already announced that it has taken a provision with respect to the expected financial sanctions. It is correct that we are very close to a final resolution with all authorities (SEC, DOJ and the Dutch prosecutor), but cannot comment further at this time.” Cassin reported, “The company said in April it had adjusted its “estimate of the most likely outcome of the ongoing investigations into the company’s market entry and operations in Uzbekistan to $1 billion from $1.45 billion.””

The bribery scheme involved the company illegally buying its way into the Uzbekistan telecom market through its bribery of Gulnara Karimova, the eldest daughter of the late Uzbek President Islam Karimov. Karimova was also the bribery conduit in the VimpleCom matter, resolved in February 2016. In the Telia case Karimova parlayed her providing telecom licenses and upgrades into bribe payments of over $330MM to shell companies which she controlled.

In the DOJ Press Release, Acting US Attorney Joon H. Kim stated “Telia, whose securities traded publicly in New York, corruptly built a lucrative telecommunications business in Uzbekistan, using bribe payments wired around the world through accounts here in New York City. If your securities trade on our exchanges and you use our banks to move ill-gotten money, then you have to abide by our country’s laws. Telia and Coscom refused to do so, and they have been held accountable in Manhattan federal court today.”

The SEC Press Release stated, “Telia entered the Uzbek telecommunications market by offering and paying at least $330 million in bribes to a shell company under the guise of payments for lobbying and consulting services that never actually occurred. The shell company was controlled by an Uzbek government official who was a family member of the President of Uzbekistan and able to exert significant influence over other Uzbek officials, causing them to take official actions to benefit Telia’s business in Uzbekistan.”

For more on the Telia enforcement action, see Tom’s blog posts:

Part I-Background;

Part II-the Bribery Schemes; and

Part III-the Individuals involved

 

Compliance into the Weeds is a part of the Compliance Podcast Network