Skip to main content
Mar 05, 2014

FCPA enforcement: catch as catch can

As companies deal with crackdown by regulators, they should keep in mind that self-reporting and strong compliance programs can reduce severity of punishment

On January 3 this year, the former co-CEO of PetroTiger, Joseph Sigelman, was arrested in the Philippines. He was brought before a US magistrate judge in Guam four days later and then shipped to New Jersey for an appearance in federal court. Two of Sigelman’s colleagues from the British Virgin Islands-based oil and gas company – former co-CEO Knut Hammarskjold and former general counsel Gregory Weisman – were also arrested and charged ‘for their alleged participation in a scheme to pay bribes to foreign government officials in violation of the FCPA, defraud PetroTiger and launder proceeds of those crimes’, according to the Department of Justice (DoJ).

Three weeks later, a US district court judge gave the green light to proceed to a lawsuit by the Commodity Futures Trading Commission against former MF Global CEO Jon Corzine. That case will use the Commodities Exchange Act’s ‘control person’ provision to try to prove that Corzine either acted in bad faith or induced wrongful conduct in MF Global employees.

The two cases are stark reminders of US regulators’ ramped-up commitment to targeting individuals when enforcing anti-corruption laws such as the FCPA. In the PetroTiger case and others being pursued by the DoJ and SEC, the focus on prosecuting individuals stems from the fact that ‘the SEC – and the DoJ even more so – view corruption as an act undertaken by individuals, and if they can stop the people who are doing it they’ll better deter the conduct, at least in a pragmatic way,’ says Kevin Abikoff, who chairs law firm Hughes Hubbard & Reed’s anti-corruption and internal investigations practices group. That view, Abikoff believes, starts with the recognition that some firms charged with big fines for such conduct have suffered an adverse economic impact from penalties, while others haven’t.

Companies that have settled with US regulators have implemented good compliance programs, which have been executed effectively, sometimes under the guidance of federally appointed monitors. ‘But when they’re 5,000 miles from Washington, how do we affect the behavior of the guy sitting in the Philippines regarding whether he’s going to pay a bribe?’ Abikoff asks. Looking at the publicity given to the PetroTiger case, ‘the next guy sitting in Manila might think twice.’

The DoJ’s tactic of grandstanding for media attention by pursuing high-profile corporate leaders hasn’t succeeded in the past, but it’s likely the agency’s failure to get any convictions – and that it even had to allow defendants to withdraw their guilty pleas – after 21 industry leaders were arrested at a major firearms trade show in Las Vegas in 2010 has made it take a hard look at itself and address its weaknesses. The SHOT Show debacle was one of a series of bitter defeats for the DoJ ‘which made people think maybe this is a statute it really can’t enforce if people fight it,’ says Abikoff.

Notwithstanding those defeats, settlements by companies over FCPA-related charges continue to grow each year. Penalties imposed from January 2012 to October 2013, including fines, disgorgement and prejudgment interest, exceeded $740 million, according to Hughes Hubbard’s mammoth-sized report, ‘FCPA/anti-bribery alert winter 2013’, which details renewed efforts by governments around the world to enforce anti-bribery laws.

A report issued by Gibson Dunn & Crutcher in December says the average settlement amount for a corporate FCPA resolution, including DoJ and SEC penalties, topped $80 million in 2013, nearly a fourfold increase from 2012. A spike in the average settlement size, however, doesn’t necessarily mean enforcement is becoming more aggressive: a smaller number of cases, with more attention paid to large, headline-grabbing violations, would push the average settlement price up. And fines may not be the best measure of enforcement: where there are criminal indictments, arrests and possibly prison sentences, as with PetroTiger, but no fines, ‘is that a less significant prosecution?’ Abikoff asks. ‘I don’t think so.’

Abikoff also expects to see more cases prosecuted in 2014 than in 2013, which would cause the average settlement size to decline. There may be more cases if companies take the DoJ and SEC’s message seriously and get scared enough to do more self-reporting, he adds.

Do it yourself

Self-reporting as a trend has been steady in recent years, according to Abikoff. There’s no way of knowing the extent to which it has risen, due to the number of cases that end with declinations, which aren’t published. Abikoff suspects self-disclosure climbed dramatically between 2001 and 2002 because of the Sarbanes-Oxley Act, which was passed in 2002, but then dropped off due to ‘a perception in the business community – and in some sense the legal community – that self-disclosure wasn’t getting enough credit [for those doing it]. People weren’t seeing tangible leniency.’

The consensus view is that while regulators appreciated companies coming forward voluntarily, they continued to prosecute those companies that did so just as strenuously as those that didn’t. Abikoff says the DoJ disagreed with such criticism, and he believes the agency was keen to prove it was showing more leniency in self-reporting cases. That resulted in guidance the DoJ gave in November 2012, in which it outlined circumstances under which it would opt for declinations or non-prosecution agreements. This will probably restore some confidence among companies in the value of self-reporting, Abikoff notes.

The leniency that can result from self-reporting is reflected in deferred prosecution agreements, and even non-prosecution agreements the DoJ has been using for a few years and which the SEC used for the first time in settling with Ralph Lauren last year.

But, Abikoff warns, ‘if it’s serious enough and went on at a high-enough level for long enough, even in the face of a self-disclosure, the DoJ does not rule out the possibility that it’s going to demand a guilty plea. What it does tell you is that whatever the normal sanction would have been, the agency will show leniency in the face of self-disclosure.’

Ultimately, the decision to self-report is a business judgment, Abikoff says. ‘In the face of illegal conduct, you have an absolute legal obligation under every legal scheme in the world to investigate and remediate,’ he explains. ‘No one will say differently. Once you’ve remediated, whether or not you actually have to turn yourself in to the government, in very few regimes anywhere in the world – and the US isn’t one of them, absent certain specific contexts – do you have to self-disclose.

‘As with any business decision, therefore, you have to evaluate all the pros and cons and make a judgment as to whether self-disclosure is in the best overall interests of the company, shareholders and other interested parties.’

Time for change

It’s also fair to wonder whether record-high enforcement actions are leading to better governance by companies. Abikoff is certain they are. ‘The reality of conducting business through the use of incentives is as old as time,’ he says. ‘So when you’re deciding you need to change a norm as embedded and established as something like that, you really need to do a lot and do it dramatically. Conduct in the field among sales people is always going to be a lagging indicator because those are the people whose day-to-day practices have to evolve, but they’ll catch up. In the C-suite, however, you’re definitely seeing an enormous shift over the last five to eight years, where people are not only paying lip service to the fact that this can’t continue but are trying to institute practices that change it.’

To mitigate corruption, companies have begun to take actions that will potentially have a profound impact on their businesses. A French conglomerate announced in January that it will no longer work with third-party agents – a dramatic change in the way it does business and an attempt to alter the public’s perception of the company, according to Abikoff.

Whether to continue to contract with or eschew third-party agents will depend largely on the nature of a firm’s business and the kind of services such agents provide. Where corruption cases stem from direct actions by a company, they typically involve questionable uses of travel, gifts and hospitality rather than suitcases full of money handed to officials. ‘But where you get to significant cash payments, it’s almost always done through some sort of third party – whether it’s an agent, distributor or some other categorization,’ Abikoff says.

Many companies with which Abikoff works have an essential business model that depends on third parties, not to engage in corrupt acts but as an extended sales force, due either to limits of company size or geographic reach. ‘I can think of firms that work with substantial pools of agents or distributors, which are discrete categories of third parties that sometimes blend,’ he says. ‘It’s sometimes hard to tell in practice one from the other, and while there’s not an inherent evil in these third parties, there is an inherent increased risk.’

For companies with a global footprint, simply cutting out third parties may not be enough to minimize the risk of corrupt practices. The DoJ has been known to take the very aggressive view of seeing foreign subsidiaries of a US-based parent company as that company’s agents, and has settled corruption cases on that basis, says Abikoff. Usually the test is whether the parent company has been involved with, made efforts to control or turned a blind eye toward the activities of its foreign subsidiary, or has in any way participated in the wrongful conduct; but viewing a foreign subsidiary as the parent’s agent gives the DoJ more leeway for prosecution.

‘The agent view gives the DoJ greater expansion in its application of the FCPA outside the US than requiring participation in or control of the foreign subsidiary’s actions,’ Abikoff explains. ‘Almost all foreign subsidiaries are going to satisfy an agency test because they’re ultimately acting at the parent’s behest and for the financial benefit of the parent.’

He adds, however, that the actual reach of the FCPA concerning foreign subsidiaries’ activities remains unclear because most cases have resulted in settlements, with very few being litigated all the way to even an appellate court, and very few trials.

 

The 10 Hallmarks of an Effective Corporate Compliance Program

The following is an excerpt from Hughes Hubbard’s FCPA/ anti-bribery alert winter 2013.

The Department of Justice (DoJ) and the SEC reinforce the requirement that an effective compliance program must be tailored to the company’s specific business and its associated risks, and must be constantly improved and adapted to corporate changes. Although companies are not expected to prevent all criminal activity and FCPA violations, having a program that is well designed and implemented in good faith may not only affect the outcome of an investigation (the authorities take it into account when deciding whether to take action, to sign a deferred prosecution agreement or non-prosecution agreement, or to impose corporate probation), but also influence the penalty amount and the imposition of a monitor or self-reporting obligations.

With the caveat that compliance needs and challenges vary for every individual company and that there is no ‘one size fits all’ formula, the DoJ and the SEC (in their November 2012 joint publication, A Resource Guide to the US Foreign Corrupt Practices Act) identified the following 10 ‘hallmarks of effective compliance programs’ that they consider (among other things) when determining whether a compliance program is ‘effective’.

1. Tone at the top. There should be a ‘culture of compliance’, adopted and adhered to by all high-level executives, that is implemented by middle managers and clearly communicated to and reinforced for all employees. The Resource Guide points out that the DoJ and the SEC will ‘evaluate whether senior management has clearly articulated company standards, communicated them in unambiguous terms, adhered to them scrupulously, and disseminated them throughout the organization.’

2. Code of conduct and compliance policies and procedures. Effective codes of conduct are ‘clear, concise and accessible to all employees and to those conducting business on the company’s behalf.’ They should be available in the local language for subsidiaries and third parties, and should also be reviewed periodically to remain current.

With respect to their content, the DoJ and the SEC value policies that ‘outline responsibilities for compliance within the company, detail proper internal controls, auditing practices and documentation policies, and set forth disciplinary procedures.’

3. Oversight, autonomy and resources. Companies should assign responsibility for overseeing and implementing their compliance programs to one or more specific senior executives. Such executives must have appropriate authority within the company – as well as adequate autonomy from management – and sufficient resources to ensure effective implementation. In addition, companies should apply staffing and resources to the program in proportion to the size and risks of the business.

4. Risk assessment. It is recommended that companies develop a comprehensive and risk-based compliance program. Due diligence procedures should be fact-specific and vary according to the risks presented by ‘the country and industry sector, the business opportunity, potential business partners, level of involvement with governments, amount of government regulation and oversight, and exposure to customs and immigration in conducting business affairs.’

5. Training and continuing advice. Companies should provide periodic training for all directors, officers, relevant employees and, where appropriate, agents and business partners. The training should be adapted to each audience, which includes conducting it in local languages. Additionally, where appropriate and feasible, companies should provide continued guidance and advice on compliance, including establishing a means for the provision of advice in urgent situations.

6. Incentives and disciplinary measures. To be effective, a compliance program must be enforced, and ‘should apply from the boardroom to the supply room.’ The DoJ and the SEC assess whether a company has clear disciplinary procedures and whether those are consistently and promptly applied. The DoJ and the SEC suggest publicizing disciplinary measures where possible, and remind companies that providing incentives for compliant behavior (as opposed to only punishing non-compliant behavior), such as promotions and rewards, can also be effective. The agencies stress that ‘no executive should be above compliance, no employee below compliance, and no person within an organization deemed too valuable to be disciplined, if warranted.’

7. Third-party due diligence and payments. As discussed above, the DoJ and the SEC strongly encourage the implementation of risk-based due diligence, particularly with respect to third-party relationships.

8. Confidential reporting and internal investigation. Companies should provide a mechanism for employees and others to report misconduct or violations of the company’s policies on a confidential basis and without fear of retaliation, such as anonymous hotlines (where permitted under local law) or ombudsmen. In addition, they should implement an efficient, reliable and properly funded process for investigating alleged violations and documenting the company’s response, including any improvements or revisions to their internal controls or compliance programs.

9. Continuous improvement. Companies should review and improve their compliance programs regularly in order to keep them current and effective, especially considering changes in operations, compliance weaknesses revealed through the company’s experience, and enforcement actions brought against other companies.

10. Pre-acquisition due diligence and post-acquisition integration. As discussed above, the DoJ and the SEC emphasize the importance of effective anti- corruption due diligence in the merger and acquisition context, and identify this as another element typically present in an effective compliance program.

David Bogoslaw

Associate Editor and Online features producer for Corporate Secretary