- FCPA Professor - http://fcpaprofessor.com -

Purported BHP Billiton Whistleblower Bounty Raises Several Questions

According to this Australian Financial Review [1] report (also covered by Reuters [2]) the SEC paid approximately $3.75 million “to a former employee of Australian mining giant BHP Billiton” apparently in connection with the May 2015 Foreign Corrupt Practices Act enforcement action against the company.

As highlighted in prior posts here [3] and here [4], the $25 million SEC FCPA enforcement action involved findings that BHP Billiton violated the FCPA’s books and records and internal controls provisions in connection with a global hospitality program that the company had related to its sponsorship of the 2008 Beijing Summer Olympic Games.

According to the report, “legal sources have confirmed that the whistleblower was a BHP Billiton insider” who “provided detailed information to U.S. investigators about the mining firm’s activities overseas several years ago.”

If true (BHP Billton made the following statement to Reuters – “we are not aware of the involvement of any whistleblower as part of the SEC’s or DOJ’s investigation,”), it would represent the first publicly reported instance of a whistleblower being paid an SEC whistleblower bounty in connection with an FCPA enforcement action.

Yet, as highlighted below, if true the purported bounty raises several questions.

For starters is the timeline relevant to the BHP enforcement action.

According to the company [5], the SEC’s investigation began in 2009. The SEC’s whistleblower program was created as part of Dodd-Frank, a law that was signed by President Obama in July 2010.

Would the SEC really pay a whistleblower in connection with an inquiry it began a year prior to the whistleblower bounty provisions being enacted?

Regardless, the purported BHP Billiton whistleblower bounty raises a broader policy issue, an issue discussed in this July 2010 post [6] when Dodd-Frank was passed.

Against the backdrop of little substantive FCPA case law (indeed when it comes to the FCPA’s books and records and internal controls provisions there is no caselaw of precedent), the FCPA is enforced largely on government enforcement agency interpretations that are never subjected to meaningful judicial scrutiny.

In the SEC context, FCPA enforcement actions are routinely settled by companies via a resolution vehicle that does not require the company to admit or deny the SEC’s allegations or findings. Quite simply, a settled SEC FCPA enforcement action does not necessarily represent the triumph of the SEC’s legal position over the company’s (a dynamic even the SEC has acknowledged), but rather reflects a risk-based decision primarily grounded in issues other than facts and the law. It is simply easier and more cost-efficient for a company to settle an SEC FCPA enforcement than to participate in long, protracted litigation with its principal government regulator. Indeed, as the Second Circuit has recognized [7], SEC settlements are not about the truth, but pragmatism.

Given these dynamics, is it wise to trigger anything (let alone a multi-million payment to an individual) on a settled SEC FCPA enforcement action?

For instance, the BHP Billiton enforcement action was resolved via an SEC administrative order never subjected to any judicial scrutiny in which the company neither admitted or denied the SEC’s findings.

As to those SEC findings that BHP Billiton violated the FCPA’s books and records and internal controls provisions, this post [8] highlighted how the enforcement action generated much critical commentary.

For instance, FCPA practitioners stated:

“This settlement … represents one of the most aggressive uses by the SEC to date of its accounting, and particularly its internal controls, authorities in an FCPA context.  Instead of being predicated on specific questionable payments, the factual basis of the charges was that the company recognized the risk that improper quid pro quo arrangements could develop in connection with the hospitality program, and that such risks were not appropriately managed by the company’s program, including through the manner in which they were documented in company compliance approval tracking forms.

This settlement raises significant questions regarding the manner in which SEC enforcement of the FCPA’s accounting provisions continues to evolve.  As regular consumers of SEC FCPA enforcement actions will know, in recent years, leadership of the SEC’s FCPA Unit has consistently asserted that it views an effective FCPA compliance program as essential to satisfying the FCPA’s legal requirement to “devise and maintain a system of internal accounting controls sufficient …” to ensure that “transactions are executed in accordance with management’s general or specific authorization”, and related tracking requirements.

The charges in this settlement take that position – which has not been litigated – a step further.  They appear to raise the prospect that companies could be charged with violations of the FCPA’s accounting provisions where their compliance programs do not maintain all elements of what the SEC would deem an effective compliance program – even where no underlying bribery (or at least payment arrangements suggesting some kind of improper quid pro quo, for example), has taken place.

[…]

This settlement represents one of the most expansive assertions of the SEC’s authority under the FCPA’s accounting provisions in its enforcement practice to date.  While the elements of both books-and-records and internal control violations do not require an underlying anti-bribery provision violation, as noted above, the SEC has typically brought books-and-records and internal controls charges against companies where there has been at least some suggestion of specific improper quid pro quo arrangements in connection with the payments in question. Consequently, the second-guessing of the adequacy of the company’s compliance procedures for BHP Billiton’s hospitality program is stunning: it imposes legal liability, a $25 million civil penalty, and ongoing compliance obligations on a company simply for the failure to address and manage risks in a way the SEC deems adequate. In addition to straying even further from the text of [the FCPA’s books and records and internal controls provisions] than the SEC already had, this settlement represents some of the most prescriptive statements regarding specific compliance program practices SEC has made in the FCPA context.”

Other FCPA practitioners stated:

“[The enforcement action] is notable as a significant expansion of the SEC’s use of the FCPA’s accounting provisions in cases where the SEC believes an issuer’s compliance program creates the potential for bribery, even if bribery has not actually occurred or cannot be established. BHPB raises the very real prospect that issuers may face charges under the FCPA’s accounting provisions—even when there is no evidence of a quid pro quo, corrupt intent, or any improperly awarded business or government action—if the SEC is not satisfied that the issuer’s internal accounting controls and anti-corruption compliance program are sufficient to adequately manage corruption risks.”

[…]

[T]he SEC’s Order acknowledges that BHPB devised and maintained multiple internal controls to prevent corruption. For example, BHPB adopted a written Guide to Business Conduct; the President of each business line was given responsibility for ensuring compliance with that Guide; all business line Presidents certified annually that they had read and understood the Guide, confirmed that their direct reports did the same, and discussed compliance with their direct reports; BHPB established a Global Ethics Panel whose remit involved advising business leaders on compliance with the Guide and other business ethics issues; and BHPB’s compliance was overseen by a centralized Legal Department. In addition, BHPB instituted internal controls intended to address the particular corruption risks arising from the Olympics Hospitality Program, including creating detailed internal application forms aimed at addressing corruption risk, a senior business manager approval process, and a role for the Global Ethics Panel in assessing the invitation process that included reviewing a sample of the hospitality application forms.”