This post continues the analysis by highlighting additional issues to consider. As highlighted below, embedded in the approximately 175 pages of resolution documents were several notable issues.
According to Och-Ziff’s prior disclosures “beginning in 2011, and from time to time thereafter, we have received subpoenas from the SEC and requests for information from the U.S. Department of Justice (the “DOJ”) in connection with an investigation involving the FCPA and related laws.”
Thus from start to finish Och-Ziff’s FCPA scrutiny lasted approximately five years. If the DOJ/SEC want the public to view its FCPA enforcement program as legitimate, credible, and effective, it must resolve instances of FCPA scrutiny much faster.
The DOJ Is Undermining Its Own FCPA Pilot Program
As the DOJ’s resolution documents make clear, Och-Ziff did not voluntarily disclose and the DOJ was critical of certain aspects of the company’s cooperation. Specifically, the DOJ stated:
“The Company did not receive additional credit because of issues that resulted in a delay to the early stages of the investigation, including failures to produce important, responsive documents on a timely basis, and in some instances producing documents only after the Offices flagged for the Company that the documents existed and should be produced, and providing documents to other defense counsel prior to the their production to the government.”
Yet, according to the sentencing guidelines calculation set forth in the DPA, Och-Ziff received a 20% reduction from the minimum criminal fine amount suggested by the guidelines.
By offering a company that did not voluntarily disclose and did not cooperate (in part) such a significant reduction from the minimum criminal fine amount suggested by the guidelines, the DOJ is significantly diminishing the carrot being marketed to the corporate community in the form of the DOJ’s FCPA Pilot Program.
In other words, corporate managers making the business decision whether to disclose FCPA issues vs. the legal option of not disclosing yet remediation internally and enhancing compliance protocols would be rational in choosing the later mindful that the DOJ offers (and this was certainly not the first instance) significant reductions to companies that do not disclose.
For additional discussion of this dynamic, see this article  “Grading the DOJ’s FCPA Pilot Program.”
Is It Asking Too Much For The DOJ To Get The Law Right?
At the risk of being “that law guy” and believing that the DOJ has an obligation to accurately describe the law in FCPA resolution documents, the DOJ twice invokes a “detect and prevent” standard in the Och-Ziff resolution documents.
For instance, the DPA states in summary fashion: “Och-Ziff knowingly failed to implement and maintain an adequate system of internal accounting controls designed to detect and prevent the misappropriate of assets by its employees, agents, and business partners.” (emphasis added).
Elsewhere, the DPA states: “[Och-Ziff] failed to follow certain of its own internal accounting controls, failed to conduct adequate due diligence, and failed to implement other appropriate financial controls to detect or prevent the payment of bribes.” (emphasis added).
Problem is, such a standard does not even exist in the FCPA’s internal controls provisions which state in full as follows.
Every issuer shall
“devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that
(i) transactions are executed in accordance with management’s general or specific authorization;
(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;
(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and
(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.”
There is a significant difference between the statutory “sufficient to provide reasonable assurances” standard and the DOJ’s “detect or prevent” standard and the DOJ’s invocation of the later is troubling. For discussion of the SEC’s invocation of this same standard not found in the FCPA, see this article .
Expansive Interpretation of “Foreign Official”
Just when you think the enforcement agencies’ interpretation of the key “foreign official” element could not get any more expansive, along comes the following paragraph from the DOJ’s deferred prosecution agreement .
“Libyan Official 1, an individual whose identity is known to the United States and the Company, was a close relative of a high-ranking official in the Libyan government. Libyan Official 1 did not hold a formal position within the Libyan government, but possessed and used a Libyan diplomatic passport and conducted high profile foreign and domestic affairs on behalf of the Libyan government. Libyan Official 1 made administrative and investment decisions for LIA, including through proxies like Libyan Official 3 [a high-ranking official in the Libyan government] … Libyan Official 1 was a ‘foreign official’ within the meaning of the FCPA.”
In short, the DOJ alleged that an individual with no formal position with a foreign government is nevertheless a “foreign official” under the FCPA.
As highlighted in the prior posts, the SEC’s enforcement action was historic in that it included findings that Daniel Och (CEO and Chairman of Och-Ziff) was a cause of certain of the company’s FCPA books and records violations and that Joel Frank (CFO) was a cause of certain of the company’s FCPA books and records and internal controls violations. As previously stated, this represented what is believed to be the first time in FCPA history that the SEC also found the current CEO and CFO of the issuer company liable for company FCPA violations.
Against this backdrop, it was odd to see Och and Frank’s signatures in various documents included in the resolution documents.
Related Derivative Action
It is interesting to note that a week prior to the FCPA enforcement action, a New York State Court Judge dismissed a shareholder derivative action filed against Och, Frank and others alleging breaches of fiduciary duty and other misconduct based on the defendants’ alleged violations of the FCPA and disclosure laws that led to the FCPA investigation of Och-Ziff.
The judge began by her opinion  by first noting that two previous shareholder derivative actions were dismissed for failing to meet the demand futility standard relevant to derivative actions. In the instant case, the shareholder made a demand on Och-Ziff’s board to pursue the litigation “based on the individual Defendants’ knowledge of and participation in the … reckless and illegal conduct.” The Och-Ziff board unanimously voted not to pursue the demand and the shareholder then brought the action.
The judge correctly noted that a Board’s refusal of the demand is protected by the business judgment rule and to overcome the presumption of the business judgment rule that shareholder needed to plead particularized facts that the Board’s decision was made in bad faith or based on an unreasonable investigation. The judge concluded that the plaintiff had failed to do so and accordingly granted the Defendants’ motion to dismiss.