This week I have been exploring the General Cable Corporation (General Cable) Foreign Corrupt Practices Act (FCPA) enforcement action. It was settled with the Department of Justice (DOJ) via a Non-Prosecution Agreement (NPA) and the Securities and Exchange Commission (SEC) via a Cease and Desist Order (General Cable Order). There was also the resolution of a civil charge by the SEC against a former General Cable executive, Karl Zimmer, via a Cease and Desist Order (Zimmer Order). The fines and penalties paid by General Cable were not insignificant. The company paid a $20MM fine based upon its criminal conduct and paid another $51MM in profit disgorgement. Finally, based upon the conduct laid out by the SEC in the General Cable Order, the company was assessed another $6.5MM for violations of the FCPA’s accounting provisions. The $20MM figure reflects a 50% discount off the bottom of the US Sentencing Guidelines fine range, demonstrating that as bad as the underlying bribery and corruption may have been, the DOJ will give significant credit when the company meets the requirements under the FCPA Pilot Program.

In Part II, I considered how General Cable obtained such a positive result in the light of multiple bribery schemes in multiple jurisdictions and corporate awareness or conscious indifference to them. Today I want look at some of the lessons to be learned by the compliance practitioner.

However, before I get to the lessons to be garnered, I want to briefly discuss the SEC enforcement action against Karl Zimmer (Zimmer). Per the Zimmer Order, he was a Senior Vice President of General Cable who approved improper commission payments to a third-party Agent on sales by General Cable’s Angolan subsidiary to Angolan state-owned enterprises. At the time, Zimmer knew that policies prohibited excessive commissions to third parties on sales to state-owned enterprises. For his violations, Zimmer agreed to a $20,000 fine. The Zimmer action should stand as a stark reminder that individuals who violate the FCPA stand to lose as much or even more than corporations as it is difficult to believe any reputable company would hire someone who blatantly violated the FCPA.

The first obvious lesson is that the FCPA Pilot Program provides significant benefits for companies which meet it strictures. Even with the odious conduct of General Cable, the company made a stunning comeback. As much as the other enforcement actions announced since the implementation of the Pilot Program, this enforcement action has changed the calculus around self-disclosure. If the call is anywhere close, a company should self-disclose. Yet that is only the first step, as the other prongs must also be met to obtain the discount offered.

Regarding the second prong of significant cooperation, a couple of things stand out. The first no doubt warms the heart of Mr. Translations (Jay Rosen) by specifically stating that General Cable produced voluminous documents, including translations. Next was the manner of production, performed in way, “that did not implicate foreign data privacy laws; collecting, analyzing, and organizing voluminous evidence and information for the DOJ”. Jonathan Armstrong once said on a podcast that it was his experience there were usually numerous ways to produce documents and other evidence in a manner that did not violate certain countries’ data privacy. General Cable would seem to have found a way to do so. This may require the compliance practitioner to use some creativity or bring in experienced data privacy counsel but the clear import is the DOJ expects such efforts in document and other evidence production. Finally, was the notation that General Cable disclosed “conduct to the DOJ that was outside the scope of its initial voluntary self-disclosure.” This sets an expectation for companies to continue their investigations and turn over new or additional findings.

Next, there were several remediation areas that stood out. The first was termination of recalcitrant employees and those third-party agents and distributors who participated in the misconduct. Next a Chief Compliance Officer (CCO) was hired who reported to both the Chief Executive Officer (CEO) and the Audit Committee of the Board.

Interestingly was the requirement for operationalization of compliance into the business units of the company. The NPA stated, the company developed a “comprehensive compliance program that integrates business functions into compliance leadership roles, is designed to deliver clear and consistent communications and expectations Company-wide through policies and procedures, and includes frequent leadership communications to all employees.” This final clause speaks to the importance of not only tone at the top but continued communications from the senior management of the organization.

This operationalization also went down to the revamped third party program. The NPA specifically noted the company had built “a system for third-party due diligence that assigns ownership to business personnel to shepherd prospective third parties through a comprehensive risk assessment, review, and approval process.” This step clearly requires business unit involvement at the beginning and, indeed, all the way through the lifecycle of third party management.

Finally, remediation Step 10, which specified that the company would be “Delivering tailored face-to-face compliance training, including training on the FCPA, to the Board of Directors and senior executives, Internal Audit personnel, sales leaders, and all salaried employees.” [emphasis supplied]. The word tailored communicates the DOJ’s expectation for training far beyond the standard out of the box compliance training. It means you must put on training which is not only designed for the risk group it is being presented to but you must have some thought into the different risks for each discipline within an organization and their respective role in any compliance program.

As the final enforcement action of 2016, the General Cable matter may well be one of the most significant for the compliance practitioner as it clearly states the need to operationalize a compliance program. From the FCPA enforcement year for the record books, it could be the case which portends the most significant step in doing compliance forward. Finally when Hui Chen speaks through the vehicle of a FCPA resolution, the compliance profession should listen.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) continued their stunning run of 2016 Foreign Corrupt Practices Act (FCPA) enforcement actions right up to the end of the year with the announcement of the resolution of the General Cable Corporation (General Cable) enforcement action. It was settled with the DOJ via a Non-Prosecution Agreement (NPA) and the SEC via a Cease and Desist Order (General Cable Order). There was also the resolution of a civil charge by the SEC against a former General Cable executive, Karl Zimmer, via a Cease and Desist Order (Zimmer Order).

The fines and penalties paid by General Cable were not insignificant. The company paid a $20MM fine based upon its criminal conduct and paid another $51MM in profit disgorgement. Finally, based upon the conduct laid out by the SEC in the General Cable Order, the company was assessed another $6.5MM for violations of the FCPA’s accounting provisions. The $20MM figure reflects a 50% discount off the bottom of the US Sentencing Guidelines fine range, demonstrating that as bad as the underlying bribery and corruption may have been, the DOJ will give significant credit when the company meets the requirements under the FCPA Pilot Program. As Assistant Attorney General Leslie Caldwell stated in the DOJ Press Release, “General Cable paid bribes to officials in multiple countries in a scheme that involved a high-level executive of the company and resulted in profits of more than $50 million worldwide. But General Cable also voluntarily self-disclosed this misconduct to the government, fully cooperated and remediated. This resolution demonstrates the very real upside to coming in and cooperating with federal prosecutors and investigators. It also reflects our ongoing commitment to transparency.”

Today I will begin a multi-part exploration of the enforcement action to review the underlying facts, consider how General Cable was able to obtain such positive result and the lessons to be garnered by the compliance practitioner.

As for the illegal conduct, one can only say it was wide spread and pervasive throughout several business units in the organization. As stated in the NPA, “General Cable knowingly and willfully failed to implement and maintain an adequate system of internal accounting controls designed to detect and prevent corruption or otherwise illegal payments by its agents. In particular, and as relevant here, General Cable had deficient internal accounting controls that did not require and/or ensure, among other things (a) due diligence for the retention of third party agents and distributors; (b) proof that services had been rendered by third parties before payment could be made to them; (c) oversight of the payment process to ensure that payments were made pursuant to contractual terms or that payments were reasonable and legitimate. General Cable knowingly and willfully failed to address these known weaknesses, in relevant part, to allow the conduct to continue.” The fallout from these illegal schemes were more than $13MM in bribes paid out and $51MM in illegal profits. The bribery schemes involved multiple countries.

Angola

Here General Cable’s Angolan subsidiary made illegal payments to customers who worked for state-owned enterprises. The NPA noted, “(i) between 2003 and 2009, General Cable Celcat and General Cable Condel paid more than $450,000 directly to officials at Angolan State-Owned Enterprise 1, Angolan State-Owned Enterprise 2, and Angolan State-Owned Enterprise 3; (ii) between 2009 and 2013, General Cable Condel paid more than $8.7 million to a sales agent in Angola with knowledge that the sales agent would, and did, pass a portion of those payments to officials at Angolan State-Owned Enterprise 1, Angolan State-Owned Enterprise 2, and Angolan State-Owned Enterprise 3; and (iii) General Cable Condel paid more than $150,000 to another agent with knowledge that the payments would be passed on, in part., to two officials of a state-owned customer.”

These payments were well known within these business units as illegal bribes, with one employee writing in an email, “Everyone knew that [an Angolan State-Owned Enterprise 2 official] was being paid (if not there would be no need for the bills that come from there); when the contract was signed, this was what was agreed had to be paid.” These bribes paid in Angola were funneled through third-party agents. As early as 2012, the General Cable internal audit department picked up evidence of these illegal payments finding that “payments made to the third-party sales far exceeded the amounts required under the contract with the agent”. The NPA noted that the employees “knew” payments made to the agent would be passed on as bribes.

Bangladesh

General Cable conducted business in Bangladesh, Thailand and Indonesia through a subsidiary, Phelps Dodge International (Thailand) Ltd. (PDTL). In Bangladesh, the company paid $43,700 to an agent “with the understanding that the agent would use the money, in part, for corrupt purposes. General Cable was aware of red flags in connection with these payments and ultimately became aware of, or at the very least were willfully blind to, certain of the corrupt payments.” There was also evidence of specific knowledge in PDTL that payments to the agent were being “shared by decision makers in customer, concerned higher ups in Ministry and some top executives at bidder.”

 Indonesia

In Indonesia, PDTL paid “more than $2 million to two freight forwarders in Indonesia with the understanding-that the freight forwarders would use the money, in part, for corrupt purposes.” Once again, “General Cable was aware of red flags in connection with these payments and ultimately became aware of, or at the very least were willfully blind to, certain of the corrupt payments.” Indeed, there were emails cited which demonstrated the bribery scheme was well-known within the business unit, when an “employee wrote an e-mail describing the services of a principal of the two freight forwarders in Indonesia, stating “Mike I mention it before, my agent doesn’t ask for any money upfront. He can afford to pay his way in and out of PLN [Perusahaan Listrik Negara, the Indonesia-state-owned electricity company].””

Thailand

In Thailand the illegal bribe payments were made through a distributor who received excessive rebates which were then used to facilitate the corrupt payments. The NPA stated, “more than $1.5 million in rebates to a distributor in Thailand with the understanding that the distributor would use the money, in part, for corrupt purposes in association with PDTL’s sales to state-owned customers in Thailand, including sales to: (i) the Provincial Electricity Authority, a state-owned electricity supplier in Thailand; (ii) the Metropolitan Electricity Authority, a state-owned electricity supplier in Thailand; and (iii) TOT Public Company Limited, a state-owned telecommunications company.”

All this was in the face of clear red flags being raised regarding the distributor. In one reported instance, “In or about 2011, Executive A met with a high-level executive at General Cable with responsibility for overseeing international operations and expressed concerns that payments to the distributor in Thailand were being used for corrupt purposes. Despite this conversation, the corrupt payments did not stop, nor was an investigation conducted.” Even more troubling were the findings made during a tax review in Thailand, which noted “”potential applicability of the US Foreign Corrupt Practices Act (‘FCPA’) for commissions paid to Thai governmental authorities.” Another email from a General Cable employee with responsibility for corporate taxes stated: “[s]ince this is a legal matter rather than tax, no need to do anything further for me. I will leave it up to you as to whether you want to look into any further.” General Cable took no further action and did not take any steps to implement adequate internal accounting controls. The corrupt payments made through intermediary companies in Thailand” continued.

All of this led the DOJ to note wryly in the NPA, “Thus, even if senior employees of General Cable were unaware initially that the payments to the distributor were being used for illegal purposes, employees at PDTL (Phelps Dodge) and General Cable, including Executive A, came to the understanding that money being paid to the distributor was being used for illegal purposes, and closed their eyes to it being used for bribery.”

China

In China the bribery scheme was once again funneled through corrupt distributors. The China business unit, “paid more than $500,000 to China-based agents and distributors, typically in the form of rebates, special discounts, and technical service fees.” Once again, “General Cable China knew that the third-party agents and distributors would use the money, in part, for corrupt purposes.” Emails presented in the NPA noted, “The General Cable China employee emailed the supervisor and justified the corrupt payment, stating that “a few key players at [the state-owned customer] are our internal contacts and charge a certain amount of fees. If we are looking to have long-term cooperation with them, charges for this is rather inevitable.””

The various bribery schemes are summarized in the Bribery Box Score

Country Bribery Scheme Employed

 

Amount of Corrupt Payments Made Actual Knowledge of Scheme
Angola Sales Agents $9.3MM yes
Bangladesh Sales Agent $34,7000 yes
Indonesia Freight Forwarders $2MM Yes
Thailand Distributor $1.5MM yes
China Distributors $500,000 yes

I have laid out these bribery schemes in some detail as they continue to provide significant information to the compliance practitioner about the different ways to fund bribery schemes and how routine oversight can detect them. (Hint – follow the money.) Of course, even if you detect such illegal schemes, there must be a corporate will to stop the illegal conduct and then remediate the conduct. Apparently for some significant period of time, such was not the case at General Cable. Yet as noted early in this blog post, the company made a stunning comeback and actually received a 50% discount off the low range of the suggested penalty under the US Sentencing Guidelines. Tomorrow I will consider what the company did to obtain such a result.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

To read more, check out my blog post series on Hallmark 7.

For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.

Roman Numbers 1-10.2There are five steps in the life cycle of third party management.

  1. Business Justification and Business Sponsor;
  2. Questionnaire to Third Party;
  3. Due Diligence on Third Party;
  4. Compliance Terms and Conditions, including payment terms; and
  5. Management and Oversight of Third Parties After Contract Signing.

If you cannot fully accomplish each step, that puts more pressure on the other steps. So if you are in country which limits your ability to look into the background of beneficial owners of corporations, you still may be able to move forward but you must perform additional monitoring or have other risk management protections going forward.

Step 1 – Business Justification

This concept is enshrined in the FCPA Guidance, which says “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the ser­vices to be performed.” The first step breaks down into two parts:

  1. Business Sponsor – Initially identify a business sponsor or primary contact for the third party within your company. This requires not only business unit buy-in but business unit accountability for the business relationship.
  2. Business Justification – The business unit must articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner or will they be involved in a one-off only transaction?

The purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed.

Step 2 – Questionnaire

The term ‘questionnaire’ is mentioned several times in the FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. I believe that this requirement is not only a key step but also a mandatory step for any third party that desires to do work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk but run away from doing business with such a party.

Below are some of the areas which I think you should inquire into from a proposed third party, they include the following:

  • Ownership Structure: Describe whether the proposed third party is a government or state-owned entity, and the nature of its relationship(s) with local, regional and governmental bodies. Are there any members of the business partner related, by blood, to governmental officials or are they Politically Exposed Persons (PEPs)? It is imperative that you obtain the identity of the Ultimate Beneficial Owner (UBO).
  • Financial Qualifications: Describe the financial stability of, and all capital to be provided by, the proposed third party. You should obtain financial records, audited for 3 to 5 years, if available. Obtain the name and contact information for their banking relationship.
  • Personnel: Determine whether the proposed agent will be providing personnel, particularly whether any of the employees are government officials. Make sure that you obtain the names and titles of those who will provide services to your company.
  • Physical Facilities: Describe what physical facilities that will be used by the third party for your work. Be sure and obtain their physical address.
  • References: Obtain names and contact information for at least three business references that can provide information on the business ethics and commercial reliability of the proposed third party.
  • FCPA or Compliance Regime: Does the proposed third party have an anti-corruption/anti-bribery program in place? Do they have a Code of Conduct? Obtain copies of all relevant documents and training materials. Has the proposed third party received FCPA training?

One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.

Step 3 – Due Diligence

Most compliance practitioners understand the need for a robust due diligence program to investigate third parties, but have struggled with how to create an inventory to define the basis of risk of each foreign business partner and thereby perform the requisite due diligence required under the FCPA. Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner. However, the information that you should have developed during the Business Justification and Questionnaire phase of the life cycle of third party management should provide you with the initial information to consider the level of due diligence that you should perform on third parties, which leads to Step 3 – due diligence.

Jay Martin, Chief Compliance Officer (CCO) at BakerHughes Inc. (BHI), often emphasizes that a company needs to evaluate and address its risks regarding third parties when he speaks on the topic. This means that an appropriate level of due diligence may vary depending on the risks arising from the particular relationship. So, for example, the appropriate level of due diligence required by a company when contracting for the performance of Information Technology services may be low, to reflect low risks of bribery on its behalf. Conversely, a business entering into the international energy market and selecting an intermediary to assist in establishing a business in such markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf.

Our British compliance cousins of course are subject to the UK Bribery Act. In its Six Principles of an Adequate Procedures compliance program, the UK Ministry of Justice (MOJ) stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of this principle is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique. The MOJ said that due diligence is so important that “the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right.”

Step 4 – The Contract

You must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the DOJ and SEC continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise.

After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 – the contract. In the area of compliance terms and conditions, the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.

I have found that while it may not be easy, it is relatively simple to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the DOJ will require the minimum terms and conditions that it has suggested in the various Attachment Cs to the Deferred Prosecution Agreements (DPAs) through the life cycle management of a third party. 

Step 5 – Management of the Relationship

I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins here in Step 5 – the management of the relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go downhill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. Here we will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.

While the FCPA Guidance itself only provides that “companies should undertake some form of ongoing monitoring of third-party relationships”. Diana Lutz, writing in the White Paper by The Steele Foundation entitled “Global anti-corruption and anti-bribery program best practices”, said, “As an additional means of prevention and detection of wrongdoing, an experienced compliance and audit team must be actively engaged in home office and field activities to ensure that financial controls and policy provisions are routinely complied with and that remedial measures for violations or gaps are tracked, implemented and rechecked.”

Another noted commentator has discussed techniques to provide this management and oversight to any third party relationship. Carole Switzer, writing in the Compliance Week magazine, set out a five-step process for managing corruption risks for third parties.

  1. Screen – Monitor third party records against trusted data sources for red flags.
  2. Identify – Establish helplines and other open channels for reporting of issues and asking compliance related questions by third parties.
  3. Investigate – Use appropriately qualified investigative teams to obtain and assess information about suspected violations.
  4. Analyze – Evaluate data to determine “concerns and potential problems” by using data analytics, tools and reporting.
  5. Audit – Finally, your company should have regular internal audit reviews and inspections of the third party’s anti-corruption program; including testing and assessment of internal controls to determine if enhancement or modification is necessary.

Final Thoughts

I continually give my Mantra of FCPA compliance, which is Document, Document and Document. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program. As you sit at your desk pondering whether this assignment given to you by the CCO is a career-ending dead-end; you should take heart because there is clear and substantive guidance out there which you can draw upon.

For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016