Top Menu

If the SEC Was An Issuer …

The FCPA’s books and records and internal control provisions require issuers (i.e. publicly-traded companies) to: (i) “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer;” and (ii) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that (among other things) transactions are executed in accordance with management’s general or specific authorization, transactions are recorded as necessary to maintain accountability of assets, and access to assets is permitted only in accordance with management’s general or specific authorization.

The SEC enforces these provisions against issuers.

Often times, the SEC enforces these provisions against issuers aggressively (see here and here).

It seems to not matter to SEC enforcement officials whether the improper recording in the company’s books or records occurred at a far flung, fifth-tier subsidiary by a rogue employee or whether the issuer actually had knowledge that a far flung subsidiary was engaged in improper conduct.

The SEC’s position is that if the far-flung subsidiary’s financial results are consolidated with the parent company issuer’s financial results for purpose of financial reporting, then the subsidiary’s violation is the issuer’s violation.

Further, it seems to not matter to SEC enforcement officials whether the violation resulted from a rogue employee acting contrary to clearly articulated and well communicated company policies and procedures prohibiting the improper conduct because, after all, if the company’s internal controls were effective, rogue employees would not exist or, if they do exist, proper controls would be put in place to monitor their behavior before it occurred.

Every so often, it is fun to spend a few moments in “hypothetical land.”

The issue in “hypothetical land” today is – if the SEC was an issuer.

If the SEC was an issuer, it would have some serious FCPA books and records and internal control issues to deal with as a result of the Government Accountability Office’s (“GAO’s”) recent “Financial Audit – Securities and Exchange Commission’s Financial Statements for Fiscal Years 2009 and 2008” (see here).

As detailed in the audit, the GAO “identified six significant deficiencies that collectively represent a material weakness in SEC’s internal control over financial reporting.” In short, the GAO concluded that “SEC’s internal control over financial reporting was not effective as of September 30, 2009.”

Most notably, the GAO found material weaknesses that have: (i) “resulted in unsupported entries and errors in the general ledger”; (ii) “ineffective financial reporting controls and general ledger system reporting limitations”; and (iii) “ineffective processes and related documentation concerning budgetary transactions.” (p. 5).

Among other specifics, in terms of the general ledger system and the supporting processes the SEC uses to prepare its financial statements, the GAO found that:

“unauthorized personnel can view, manipulate, or destroy data” (p. 64);

SEC controls to compensate for the general ledger limitations “are cumbersome and largely detective nature, increasing the risk that errors or fraud that could result in a misstatement to the financial statements would not be prevented” (p. 65);

in connection with deposit account activity, the SEC’s processes are “labor-intensive” and that “it does not have dedicated resources assigned to address this issue” (p. 69); and

“obligations […] were not always recorded timely and were not always supported by documentation evidencing the obligation as having been approved by an authorized individual” (p. 70).

Under the FCPA, not only is it important for issuers to have effective internal controls, but issuers must also monitor those internal controls to make sure that they are effective.

The GAO was critical of the SEC on this score as well.

The report notes:

“We also identified weaknesses in SEC’s monitoring process which indicate a lack of effective oversight of controls. Management’s monitoring of controls should include whether the controls are operating as intended and include an assessing of the design and operation of controls on a timely basis and taking necessary corrective actions. As discussed previously, we found that SEC’s monitoring procedures did not address all identified risks. Further, SEC’s management oversight was not sufficient given the frequency and sensitivity of the control activity, and monitoring procedures were not always completed in accordance with SEC’s stated testing plan.” (p. 71-72).

According to the GAO – “[b]ecause of inherent limitations, [the SEC’s] internal control[s] may not prevent or detect and correct misstatements due to error or fraud, losses, or noncompliance.” (p. 8).

Because of the above identified deficiencies, if the SEC was an issuer – would: (i) the SEC’s main DC office be strictly liable for branch office deficiencies; (ii) the SEC disgorge all of its “profits” connected (no matter how remotely) to the improper recording or the deficient internal controls; and (iii) would high-level SEC officials be accountable under “control person” theories for the books and records and internal control violations?

As readers of this blog know, all of the above “theories” are straight from recent SEC enforcement actions against issuers.

So next time an FCPA practitioner and his/her corporate client representative are seated across the table from an SEC enforcement official who asks, “how could this payment have not been recorded properly in subsidiary X’s books and records, how could the issuer not put in place effective internal controls, how could those controls not be monitored and assessed, etc. etc.” the most candid response just might be “I don’t know, you tell me – such issues happen at the SEC as well.”

One more thing, when enforcing the FCPA’s books and records and internal control provisions against issuers, the SEC insists on remedial measures and wants to see evidence of those remedial measures being put into place “yesterday.” An issuer comment, such as “this takes time,” would likely fall on deaf ears.

Yet, here is what SEC Chairman Mary Schapiro had to say about the GAO report and its findings of various deficiencies: “some deficiencies are likely to be resolved during the first half of FY 2010, while others – which have been the result of long-term and growing constraints affecting our information technology and human resources – will take longer to fully resolve.” (p. 29). This statement was also repeated by Kristine Chadwick, SEC CFO and Associate Executive Director (p. 33).

Alas, time to come back to reality, the SEC is not an issuer, but a couple minutes in “hypothetical land” does provide some useful perspectives as to the SEC’s enforcement of the FCPA’s books and records and internal control provisions.

Turkey and the FCPA

The following FCPA enforcement actions have involved (in whole or in part) business conduct in Turkey.

York International Corp. (Oct. 2007)

In October 2007, York International Corporation (York), a global provider of heating, ventilation, air conditioning, and refrigeration products and services, agreed to pay approximately $22 million in combined fines and penalties to settle DOJ and SEC enforcement actions principally relating to improper payments made by various subsidiaries to the Iraqi government under the United Nations Oil-for-Food Program. The enforcement action also involved certain other improper payments made in connection with government projects in Bahrain, Egypt, India, Turkey and the United Arab Emirates. (see here).

Delta & Pine Land Co. (July 2007)

In July 2007, the SEC announced a settled FCPA enforcement action against Delta & Pine Land Company, a Mississippi-based cottonseed company, and its subsidiary, Turk Deltapine, Inc. According to the SEC, between 2001 – 2006, Turk Deltapine made payments of approximately $43,000 to officials of the Turkish Ministry of Agricultural and Rural Affairs in order to obtain various governmental reports and certifications that were necessary for Turk Deltapine to obtain, retain and operate its business in Turkey. Per the complaint, the improper payments were discovered by Delta & Pine, but instead of halting the payments, the payments continued via a third party supplier and pursuant to an inflated invoice scheme. Based on the above conduct, Delta & Pine and Turk Deltapine jointly agreed to pay a $300,000 civil penalty and engage an independent compliance consultant. (see here and here).

Micrus Corp. (March 2005)

In March 2005, Micrus Corporation, a privately-held California medical device manufacturer, agreed to a two year non-prosecution agreement with the DOJ to resolve its FCPA liability in connection with over $100,000 in payments (disguised in the company’s books and records as stock options, honorariums and commissions) to physicians employed at publicly owned and operated hospitals in France, Turkey, Spain, and Germany.(see here) and here)

*****

Thanks for reading, safe travels, and may your turkey be golden brown!

A Bribery Scheme Hatched at the “Eggs Benedict Place”

The DOJ announced today (see here) that John Joseph O’Shea was recently arrested for his alleged role in a conspiracy to bribe Mexican foreign officials to secure contracts with the Comision Federal de Electridad (“CFE”), an apparent Mexican state-owned utility company (see here). In addition to charging conspiracy to violate the FCPA, the indictment contains twelve substantive FCPA charges (among other charges).

According to the unsealed indictment (see here), O’Shea was the General Manager of Texas Business A, a business that provides products and services to electrical utilities in a number of foreign markets. According to the indictment, one of O’Shea’s responsibilities was approving payments to sales representatives.

According to the indictment, Texas Business A is a business unit of Subsidiary A (a company with its principal place of business in Sugar Land, Texas) and Subsidiary A, in turn, is a subsidiary of Corporation A (a company headquartered and incorporated in Switzerland with publicly-traded American Depositary Shares on the NYSE).

In other words, both Subsidiary A and Corporation A are subject to the FCPA and may be the focus of a forthcoming enforcement action. Also of note is that Mexican Company X, Intermediary Company O (a company incorporated in and headquartered in Mexico) and Intermediary Company S (a company incorporated in Panama and headquartered in Mexico) are all alleged to be “an agent of a domestic concern” under 78dd-2(h)(1). DOJ recently noted (see here) that it is willing to go after agents and intermediaries which facilitate bribe payments and the “agent of a domestic concern” designation would seem to be setting the table for a possible enforcement action against such companies as well.

According to the indictment, one customer Texas Business A did business with is CFE and officials N,J,C and G at CFE had influence over decisions concerning Texas Business A’s contracts with CFE

(Sorry for the alphabet soup, but this is how the indictment reads).

According to the indictment, Texas Business A obtained multiple contracts with CFE while using Mexican Company X (including its principal, Fernando Maya Basurto) as its sales representative under several commission-based agreements.

The indictment alleges that O’Shea conspired and agreed with Basurto, Subsidiary A, Texas Business A, and the intermediary companies and others to make improper payments to Mexican “foreign officials” to obtain or retain business for Subsidiary A and Texas Business A in violation of the FCPA and that O’Shea did indeed offer, authorize, or make the improper payments indirectly through others to the CFE officials in violation of the FCPA.

According to the indictment, the payments assisted Texas Business A secure two contracts with CFE worth approximately $81 million in revenue.

According to the indictment, the improper payments were concealed through a series of financial transactions, first to U.S. bank accounts in the name of Basurto and certain of his family members, then through false invoices received from Basurto in the names of the intermediary companies, and then to the “foreign officials.”

According to the indictment, after O’Shea was terminated from Texas Business A, he, Basurto, and others tried to cover up their conduct after learning that Corporation A had disclosed the suspected payments to the DOJ, SEC and Mexican authorities.

In describing O’Shea’s cover up, the indictment states, “On or about April 27, 2005, O’Shea sent Basurto an e-mail that read, in part, “It seems my lawyer thinks it is OK to use a private e-mail such as yahoo, as it would seem much more difficult for anyone to get the exchanges – if it is a company email it belongs to them. I believe [sic] we should alter opur [sic] normal routine; meaning not meet at the ‘eggs benedict’ place.”

Consistent with DOJ’s recent statements on this issue, the indictment seeks from O’Shea forfeiture of approximately $3 million in proceeds derived from his improper conduct.

As noted in the DOJ’s release, Basurto recently pleaded guilty to a one-count criminal information (see here) charging him with conspiracy to violate the FCPA. The DOJ news release also notes that a Mexican citizen had pleaded guilty for his role in the bribery scheme.

The Compendium

Earlier this week, Trace International Inc. (a leading non-profit membership association focused on anti-bribery compliance) released its Compendium – a fully searchable (and free) online data-base of all FCPA enforcement actions – as well as anti-bribery enforcement actions and investigations in other signatory countries to the OECD anti-bribery convention. (see here).

As noted in the past, there is little substantive FCPA case law.

Thus FCPA enforcement actions serve (unfortunately) as de facto case law and FCPA practitioners are often left to read the “tea leaves” from the enforcement actions (at the urging the enforcement agencies) as to legal theories, etc.

As they say, “it is what it is.”

In any event, after spending some time “in” the Compendium, I have that “kid in the candy store” type of feeling.

Interested in 2008 enforcement actions, brought by the DOJ, involving Chinese officials, that resulted in a deferred prosecution agreement? The answer requires only a few clicks.

Interested in 2007 enforcement actions, brought by the SEC, charging books and records violations, resulting in disgorgement? The answer requires only a few clicks.

Interested in all enforcement actions concerning business conduct in Burkina Faso … well, there is no such an action, but you can bet that if there is, it will be in the Compendium.

The Compendium is a treasure trove of information and will be of great use to FCPA practitioners and scholars (both academics and law students) and any one else interested in FCPA developments.

I have read just about every piece of FCPA scholarship published and one thing continually amazes me. That is the frequency in which an author states a position without ever discussing or even footnoting an enforcement action that is seemingly in direct conflict with the position stated. Granted there is little FCPA case law, but those writing in the FCPA area should be aware of how, and under what circumstances, the statute is actually enforced even if such enforcement do not result in case law. The end result is that many FCPA articles have the “authority of scholarship,” yet contain some rather basic errors as to how the FCPA is enforced, against whom it is enforced, and under what factual circumstances it is enforced.

The enforcement actions have never been hard to find (they are on the DOJ and SEC website, there is the Shearman & Sterling FCPA Digest (see here) and Foley & Lardner’s FCPA website (see here) among other sources).

And now there is the grand-daddy of them all – the fully searchable Compendium.

Happy searching.

Statoil Charges Dismissed

In October 2006, Statoil ASA (a Norwegian company with shares traded on a U.S. exchange – and thus an “issuer” under the FCPA) settled an FCPA enforcement action by agreeing to pay $21 million in combined DOJ and SEC fines and penalties for improper payments that assisted the company in securing contracts for the South Pars field in Iran.

The DOJ action was settled through a three-year deferred prosecution agreement (see here).

Under a deferred prosecution agreement, criminal charges against the company are filed with a court, but prosecution of the charges is deferred if the company adheres to the requirements of the agreement (such as acknowledging and accepting responsibility for the alleged conduct, cooperating with the DOJ’s continued investigation, engaging a compliance monitor, and implementing more stringent FCPA policies and procedures, etc.) throughout the term of the agreement.

At the end of the term, usually 2-3 years, and if the company has complied with its obligations, DOJ agrees that it will seek dismissal of the charges.

Deferred prosecution agreements and non-prosecution agreements have become the most common method of resolving corporate FCPA enforcement actions.

The Statoil prosecution was precedent setting at the time as it was the first time the DOJ brought criminal FCPA charges against a non-U.S. company.

The DOJ announced today (see here) that Statoil satisfied its obligations under the deferred prosecution agreement and that a court has formally dismissed the charges.

In this respect, Statoil may again be precedent setting as I am not aware of any other instance in which the DOJ has issued a press release announcing the end of a deferred prosecution agreement (even though it would seem that several others have ended).

If my recollection is correct and if this perhaps is a change in DOJ policy, “hear-hear” as it increases transparency.

Other posts which have mentioned Statoil can be found here and here.

Powered by WordPress. Designed by WooThemes