Compliance professionals should develop the skill of flipping enforcement action allegations into “best practices.”
In doing so, recognize that “best practices” are not necessarily legal requirements. The Foreign Corrupt Practices Act sets forth the law (not negotiated DOJ or SEC resolution vehicles not subjected to any meaningful judicial scrutiny) and when it comes to internal controls the law states that issuers shall ” devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that” certain specified objectives are met.
Nevertheless, compliance professionals need to be cognizant of allegations in enforcement actions for the simple reason that the DOJ and the SEC hold the big sticks and will have certain expectations of companies.
In this regard and as highlighted below, several allegations in the recent Panasonic enforcement action (see here and here) can be flipped into “best practices” recognizing that it is easy to look at most enforcement actions with the benefit of hindsight. This is particularly true with a company like Panasonic which employs over 250,000 employees worldwide.
None of the below allegations “flipped” into best practices are really new, but what makes the Panasonic enforcement action notable is the presence of so many in just one enforcement action.
Don’t Provide Executives Complete Discretion Over A Budget
The most problematic allegation in the enforcement action is the budget for which a PAC executive, in the words of the DOJ, “had complete control and discretion without meaningful oversight by anyone at PAC or Panasonic.” The DOJ further alleged:
“To cover expenses incurred by at least one senior PAC executive, such as travel, corporate entertainment, and consultancy payments, PAC designated an Office of the President Budget. The Office of the President Budget was set annually by a PAC finance executive, in consultation with PAC Executive 1. The funds allocated to the Office of the President Budget were set on a yearly basis, based on the previous year’s costs and adjusted if changes in expenses were expected. The Office of the President Budget was neither reviewed nor approved by any Panasonic personnel. During the relevant period, the amount allocated to the Office of the President Budget exceeded several hundred thousand dollars per year.
Despite providing for a discretionary fund, PAC failed to maintain internal accounting controls reasonably designed to ensure that funds expended from the Office of the President Budget were used for their intended purposes, were used in accordance with the law, and were properly recorded in PAC’s, and ultimately Panasonic’s, books and records. In fact, PAC Executive 1 had complete discretion over how to spend the funds allocated in the budget without meaningful oversight by PAC Finance or any other personnel at PAC.”
The SEC further stated:
“Apart from PAC Executive One, this budget was never meaningfully reviewed or approved by any Panasonic or PAC personnel and there were no reasonable internal accounting controls in place surrounding its use.”
Everything then flowed from this budget: the “Service Provider” was paid from this budget and the “Service Provider” then retained consultants and served as a pass-through entity through use of this budget.
The take-away point from this allegation is fairly obvious: don’t provide executives complete discretion over a budget. Incidentally, this is not the first time this type of allegation has appeared in an FCPA enforcement action. (See here for the 2017 enforcement action against SQM).
Caution Needed When Hiring a “Foreign Official” or Former “Foreign Official”
There is nothing per se improper about hiring a “foreign official” or former “foreign official.” Indeed, several DOJ FCPA Opinion Procedure Releases “bless” such arrangements based on various representations and warranties by the requesting company. Nevertheless, companies need to exercise caution when doing so and PAC did not.
According to the government, a PAC sales agent and the “foreign official” “began discussing a potential consultancy position for Foreign Official with PAC, while Foreign Official was still employed by Middle East Airline and working” on an amendment to a contractual agreement. From there, PAC “ultimately [made] Foreign Official an offer of a consultant position with an annual salary of $200,000 … while Foreign Official was still employed by Middle East Airline” even though “the master agreement between Middle East Airline and PAC prohibited PAC from offering any consideration to employees of Middle East Airline.”
Another compliance take-away point that this portion of the Panasonic enforcement action demonstrates is that the FCPA prohibits not just the actual giving of “things of value” but also offering or promising things of value to “foreign official.”
After the “Foreign Official” resigned from Middle East airline, he was formally retained as a consultant for PAC through Service Provider yet “performed minimal work in his six years of service as a consultant for PAC” and it appears that no deliverables for Foreign Official existed “because PAC had requested no services of Foreign Official [during a certain relevant time period] although PAC still paid Foreign Official’s invoices.”
And guess what? “Foreign Official’s fees were paid out of the Office of the President Budget through Service Provider.”
This again demonstrates the danger of the above-mentioned budget and how it facilitated nearly everything in the bribery scheme and prevented others at PAC and Panasonic from exercising various checks and balances regarding the above-mentioned issues: what evidence is there that a third-party is actually providing the company value-added services; and prior to paying a third-party’s invoices what evidence is there of actual deliverables and work product?
These are all questions finance and accounting personnel should ask relevant to third-parties, yet again are difficult to ask when the transactions are run through a budget in which an executive has complete discretion over.
Various Third-Party “Best Practices”
A significant portion of the PAC enforcement action concerns the company utilizing the services of several third-party sales agents in China and elsewhere in Asia to obtain and manage contracts with state-owned airlines. The resolution documents allege a variety of red flags. For instance, the DOJ alleges that:
- some of the sales agents were recommended by the state-owned airlines themselves;
- some sales agents were registered outside of the jurisdiction where they purportedly provided services;
- other sales agents were paid outside of the territory where they purportedly provided services; and
- historically PAC performed only limited, informal due diligence before retaining third-party sales agents.
Flipping these allegations into “best practices” is fairly obvious:
- Caution should be exercised when a third-party is recommended by foreign government – in this case an alleged “instrumentality”
- Caution should be exercised when a third-party is registered outside the jurisdiction where they are going to provide services; and
- Caution should be exercised when a third-party is requesting payment outside the territory where they are going to provide services.
The SEC found additional red flags relevant to PAC’s engagement of third parties. As stated in the SEC’s order:
- “The Sales Rep was engaged with the knowledge of Panasonic executives, although the Sales Rep lacked an education or background in avionics. Additionally, the company knew that the Sales Rep employed his sons to assist him, even though they had no relevant qualifications to sell IFE and GCS products.”
- “Prospective sales agents would contact PAC sales and marketing employees in the Asia and China regions and offer their services in connection with requests for proposals issued by airlines for IFE products.”
- “Vetting of the sales agents typically consisted of PAC having the agent arrange a phone call or meeting between PAC and high level executives or procurement staff of a potential customer.”
- “PAC started including audit rights in its contracts with sales agents. However, PAC did not exercise its audit rights in order to avoid upsetting relationships with the agents.”
The SEC also seems to question whether PAC even needed third parties in certain jurisdictions as it found:
“Beginning in at least 2004, PAC maintained a separate, regional office in the Middle East. The office, based in Dubai, was staffed by sales and marketing professionals and had a repair shop, field engineers, and its own finance staff. Nevertheless, PAC continued to use the Sales Rep despite concerns raised by PAC employees that the Sales Rep lacked the qualifications to negotiate technical contracts related to IFE and GCS products and other red flags regarding his conduct, such as his possession of confidential and proprietary materials of PAC’s competitors and customers. Significantly, PAC also failed to adequately address allegations from its regional employees that the Sales Rep was paying bribes to win business on PAC’s behalf.”
Flipping these allegations into “best practices” is again fairly obvious:
- What background, skills, and experience does the third party (and those involved with the third party) actually have relevant to the company’s unique industry?
- Is there even a valid business justification for engaging a third party to assist in foreign business transactions?
- Caution should be exercised when prospective third parties contact the company seeking to provide services. If there is a business justification for a third party, a company should instead pro-actively seek experienced and qualified third parties.
- The government will expect companies to have audit rights in third party contracts. Thereafter, the government will expect companies to actually exercise those audit rights.
Yet here again, the above mentioned budget and its specifics, made exercising these best practices, or asking these questions, difficult in the Panasonic enforcement action.
It is also worth mentioning that certain PAC executives and a third-party had too cozy of a relationship. For instance, the SEC found: “Throughout the relevant period, the Sales Rep reported directly to senior PAC executives, including a senior executive (“PAC Executive One”) to whom the Sales Rep gave cash and luxury items valued at more than $60,000.”
Do Not Allow Any Third Party to Engage a Sub Third Party In the Absence of Sufficient Controls
Another significant portion of the PAC enforcement action is that culpable actors sought to “secretly” hire agents who did not pass the company’s due diligence steps by rehiring them as “sub-agents” of another sales agent [PAC Sales Agent 2] who did pass the company’s due diligence steps.
This was done – in the words of the DOJ – “in contravention of Company policy” and as stated by the SEC: “PAC policies explicitly prohibited the use of unapproved sales agents.”
According to the DOJ:
“Through this process, PAC employees hid more than $7 million in payments to at least thirteen sub-agents, some of which had not passed due diligence checks, by improperly reporting them as legitimate commission payments to PAC Sales Agent 2 or other sales agents. Despite receiving warnings and red flags about this conduct, PAC Executive 2 and other PAC employees took no action to prevent the continued use of PAC Sales Agent 2 to funnel payments to other sales agents.”
The Importance of Competent Internal Compliance Personnel, Intellectual Curiosity and Push-Back
As stated by the SEC:
“Beginning in February 2009, PAC instituted a formal process to hire sales agents. The new procedure set out a number of different requirements, including determining the need for the agent, internal due diligence documentation, preliminary background checks, interviews, and analysis of any red flags, before requesting that the prospective sales agent undergo a third-party due diligence vetting process. In addition, PAC regional sales and marketing staff would submit a “Sales Representative Agreement Request” for review by PAC’s Legal Affairs Department. Finally, all requests were to be routed to PAC’s Internal Review Committee (the “IRC”), staffed by PAC executives, including PAC Executive One and another senior executive.
Notwithstanding the implementation of these procedures, the IRC never rejected a request for use of a sales agent. Prior to voting to approve sales agent contracts, the IRC typically received a single-page form providing cursory information regarding the agent and contract. The due diligence information and red flags identified in the third-party reports were not communicated to the IRC, and the IRC never questioned the need for the extensive use of sales agents or requested to review due diligence reports. Similarly, the IRC did not question the decrease in the number of agents after third-party due diligence requirements were instituted, or the fact that a little-known Malaysian company had the capacity to perform work for approximately fifty programs with nearly twenty airlines. Between 2008 and 2015, PAC paid over $10 million to the Malaysian sales agent for the benefit of at least thirteen different unapproved sub-agents. The IRC approved all of the contracts with the Malaysian agent after February 2009.
Moreover, PAC’s compliance personnel lacked appropriate qualifications and training, and as a result failed to act on numerous red flags in connection with the retention of sales agents. For example, they raised no questions or concerns about the retention of sales agents that internal forms clearly disclosed were hired after “being recommended by airline.” Nearly all of the airlines internally described as recommending these sales agents were state-owned airlines in the Asia and China Regions.
PAC’s compliance personnel failed to act on other red flags, including those that were specifically identified in PAC’s own policies and procedures such as: (a) payment of large commissions to sales agents in relation to services rendered; (b) payments to bank accounts in countries other than where services were being provided; (c) the retention of sales agents recommended by state-owned airlines; and (d) lack of adequate educational, business, and technical qualifications. Examples of ignored red flags include payments of approximately $4 million to a sales agent whose primary work experience was as a Hong Kong department store clerk, and nearly $10 million to an agent who had served as the head of an Asian equestrian league, but had no relevant avionics experience.”
Flipping these allegations into “best practices” is again fairly obvious:
- Internal committees or compliance personnel need to exhibit intellectual curiosity concerning various transactions, question and probe and push back as necessary. A “check” that simply rubber-stamps thing is not much of a check and indeed gives others the false sense of security.
When Issues Are Flagged, Make Sure They Are Addressed And Problematic Conduct Is Stopped
As stated by the DOJ:
“In 2010, PAC Executive 3 requested that PAC’s Internal Audit Department conduct an audit of PAC’s “vendor selection, payment processing and contract execution.” At the conclusion of the audit, PAC’s Internal Audit Department issued a report (the “Selected Vendor Audit Report”) that identified a number of compliance risks associated with PAC’s use of Service Provider to retain and pay consultants, including the lack of supervision over certain consultants and a lack of deliverables provided to PAC from both Service Provider and the consultants themselves.
Specifically, the Selected Vendor Audit Report identified as a “critical risk” that PAC continued to pay consultants through Service Provider even though PAC’s agreement with Service Provider had expired in May 2009. In addition, the report identified as a “high risk” the fact that payments were made to multiple consultants in the absence of any deliverables provided to PAC. The report also noted that PAC’s procurement department was “not involved in hiring these consultants” and that the “visibility of the contract process needs to be enhanced.” An initial version of the report, drafted in September 2010, concluded with a recommendation that “[Service Provider] consultant payments should be carefully reviewed in light of FCPA regulation [sic] due to lack of clarity in deliverables.” PAC Executive 3 received this version of the Selected Vendor Audit Report in March 2011 and other senior PAC executives received this report in May 2012.
In December of 2010, an abbreviated version of the Selected Vendor Audit Report was circulated among other PAC employees, including PAC Executive 2 and PAC Executive 3. PAC Executive 4 received this version of the report in November 2012. Although this version of the Selected Vendor Audit Report still identified the risks associated with the payments made through Service Provider and the lack of deliverables for certain consultants, it omitted the final concluding recommendation mentioning the FCPA and certain other observations and recommendations, including the recommendation that “[p]rocurement should be consulted prior to hiring any consultant or vendors.” No explanation was provided for omitting these additional comments from the Selected Vendor Audit Report.
Despite the repeated distribution of these two versions of the Selected Vendor Audit Report between 2010 and 2012 among several PAC employees, including PAC Executive 2, PAC Executive 3, and PAC Executive 4, PAC failed to conduct any significant follow up to address the issues raised by the report. Although, in response to a request from PAC, Service Provider began to seek activity reports from consultants as to the work they provided on behalf of PAC, such reports and other deliverables were provided only on an intermittent basis and typically provided very little detail as to the nature of the work performed.”
As stated by the SEC:
“PAC’s internal audit group ultimately identified the payments to the Government Official as high risk, but nevertheless PAC continued to pay him. In or about December 2010, senior PAC executives received a report from the Internal Audit group, which stated that no services were requested from the Government Official and that no deliverables were provided to PAC by the Government Official, but that invoices continued to be paid through the Vendor. The report identified such payments as high risk, stating: “Based on the information provided, [Vendor] consultant payment should be carefully reviewed in light of FCPA regulation due to lack of clarity in deliverables.” Notwithstanding this report, PAC continued to make payments to the Government Official through the Vendor.
Similarly, PAC continued to engage and pay the Sales Rep until 2016, despite learning in 2015 that he had destroyed electronic data on devices provided to him by PAC, including devices used for internal PAC communications and negotiations with the Government Airline and the Government Official, after he learned of an investigative subpoena issued by SEC staff.”
Flipping these allegations into “best practices” is again fairly obvious. As stated in the DOJ’s Evaluation of Corporate Compliance Programs:
- Prior Indications – Were there prior opportunities to detect the misconduct in question, such as audit reports identifying relevant control failures or allegations, complaints, or investigations involving similar issues? What is the company’s analysis of why such opportunities were missed?
- Internal Audit – What types of audits would have identified issues relevant to the misconduct? Did those audits occur and what were the findings? What types of relevant audit findings and remediation progress have been reported to management and the board on a regular basis? How have management and the board followed up? How often has internal audit generally conducted assessments in high-risk areas?
FCPA Institute - Phoenix (January 17-18, 2019)
A unique two-day learning experience ideal for a diverse group of professionals seeking to elevate their FCPA knowledge and practical skills through active learing. Learn more, spend less. CLE credit is available.