And it was not last week’s SEC administrative order.
As highlighted in this previous post, in March 2016 Judge Melinda Harmon (S.D.Tex.) dismissed securities fraud claims brought against Key Energy Services (See In re Key Energy Services Inc. Securities Litigation, 2016 WL 1305922 (March 31, 2016). The action touched upon, in part, the same general conduct alleged in the SEC’s order.
While there are obvious substantive and procedural differences between a securities fraud action and a finding of FCPA books and records and internal controls violations (what last week’s SEC order found), at the very least these two actions were part of the same parallel universe.
Thus, it is interesting to explore what happened in the action subjected to judicial scrutiny vs. last week’s SEC order.
In short, whereas the SEC found that Key Energy “failed to implement and maintain sufficient internal controls,” a federal court judge found (despite plaintiffs’ allegations to the contrary including statements from several confidential witnesses) that Key Energy’s “FCPA controls were adequate.” Whereas the SEC suggests, with the benefit of hindsight that there were controls that Key Energy should have had, a federal court judge found that certain of the controls Key Energy did not have were not even required for a company to have adequate internal controls.
The SEC’s order is approximately 9 pages. However, stripped of introductory language, summary paragraphs, identification of the parties, conclusory paragraphs, undertakings and other non-substantive findings such as how Key Energy cooperated and the remedial efforts the company engaged in, the SEC’s factual findings are a mere 3.5 pages.
By contrast, Judge Harmon’s opinion and order dismissing plaintiffs claims against Key Energy is over 30 pages.
The SEC’s order contains one sentence about Key Energy’s actual FCPA related policies and internal accounting controls. The sentence was as follows.
“During the relevant time period, Key Energy had various written compliance policies, including a Code of Conduct, an FCPA Compliance Manual (which included an FCPA Policy and an FCPA Procedure) and a Procurement Policy.”
Yet, invoking a standard that does not even exist in the FCPA’s internal controls provisions, the SEC found that “despite having a compliance program on paper, Key Energy failed to implement accounting controls in its Mexico subsidiary sufficient to prevent improper payments to a vendor with ties to a Pemex employee.”
Judge Harmon’s opinion contains several pages of information from the record concerning Key Energy’s FCPA compliance policies and internal controls. Specifically, the order states (internal citations omitted) as follows.
“Key’s Board of Directors adopted a Code of Business Conduct (“Code”) with an introductory letter by [Richard] Alario [at all relevant times Key’s Chairman, President and CEO] stating that all Key employees “must commit to always acting lawfully, ethically and with integrity,: and summarizes, “Do the right thing without exception.” The Code “applies to the Company and its subsidiaries and affiliates[,] … including all business units in all of our offices and locations around the world[, but] [a]ll employees and officers in the business units are expected to be familiar with the Code and apply it in the daily performance of their work-related responsibilities.” An Ethics Committee (composed of representatives from the Company’s Internal Audit, Legal, Human Resources, and Operations departments) and the Board of Directors’ Audit Committee monitor and oversee compliance with “applicable laws and regulations.” The Code especially highlights the Audit Committee’s oversight role:
The Audit Committee … shall have oversight of the administration of the Code and responsibility for the Ethics and Compliance program within the Company. Significant or material events related to the Company’s Ethics & Compliance program shall be reported immediately to the chair of the Audit Committee. At least once a year, the Ethics Committee or Director-Internal Audit shall report to the Audit Committee regarding the Company’s Ethics & Compliance program activities, and of the occurrence of all significant events relating to the Code.
The Code instructs Key employees about limitations on gifts given to governmental officials (“In the U.S., an employee may not give gifts of more than nominal value ($100.00) to an actual or prospective customer, supplier, or contractor of the Company, or any governmental official, in an attempt to establish dealings with the Company providing such gifts, without written approval of the employee’s supervisor.”), and admonishes they must “[n]ot offer bribes or accept kickbacks from our suppliers, contractors, or customers for any reason.” It also informs employees that the FCPA “prohibits payments to foreign officials for the purpose of obtaining or keeping business” and that under the FCPA “a ‘foreign official’ is any officer or employee of an instrumentality of a foreign government, including state-owned or controlled energy companies, such as Petroleos Mexicanos, SA (‘PEMEX’), as well as political officers and candidates for political office. Further description and examples, as well as instructions for proper transaction of business inside the U.S. are found on-line in the Company’s FCPA Compliance Manual.”
Key’s Foreign Corrupt Practices Act Compliance Manual (“FCPA Compliance Manual”), effective June 6, 2008, also contains an introductory letter signed by Alario:
It is our policy that the Company, as well as each person or entity acting as a representative or advisor to the Company, shall fully comply with all applicable provisions of the FCPA. Employees, officer, directors, agents, and representative who transact business for the Company internationally are expected to understand and comply with the provisions in this Compliance Manual, to avoid inadvertent violations, and to recognize potential issues in time for them to be appropriately addressed.
The Manual is divided into two parts: “FCPA Policy” and “FCPA Procedures.
The policy of Key and its subsidiaries and affiliates is that “the Company and each person or entity acting as a representative or advisor to the Company shall fully comply with all applicable provisions of the [FCPA]” and prohibits “use of Company funds or assets for any unlawful, improper or unethical purpose,” noting that any “[i]mproper gifts, payments or offerings of anything of value to foreign officials could jeopardize the growth and reputation of the Company, and will not be tolerated.” The FCPA Compliance Manual governs “all financial record-keeping activities to which Key is subject by virtue of the federal and state securities laws, including the U.S. Securities and [sic] Exchange Act of 1934.”
The FCPA describes the responsibilities of different parties as follows:
Employees. All Company employees who are involved in any way in transactions in foreign countries, or who work temporarily outside the United States, as well as all employees located in the corporate offices in Midland and Houston, Texas, are required to read and comply with the FCPA Compliance Manual. All international employees who are authorized to expend funds on behalf of the Company (not assigned in field positions) are required to read and comply with the FCPA Compliance Manual.
Third Parties. Agents and representatives of the Company who are involved in any way in transactions in foreign countries, or who work outside the United States are required to read and comply with the FCPA Compliance Manual.
Accounting Department. The Accounting Department shall maintain accounting procedures to ensure that no false or misleading entry is made in the Company’s books and records for any reason. The Accounting Department should also maintain financial reporting and controls to prevent FCPA violations.
Audit Department. The Internal Audit Department, in conjunction with the FCPA Compliance Officer, will develop an annual FCPA plan, as approved by the Audit Committee. Internal Audit will implement the audit plan and also perform other random compliance audits as may be requested from time to time by management, the Audit Committee or the FCPA Compliance Officer.
FCPA Compliance Officer. Appointed by the Company’s General Counsel, the FCPA Compliance Officer will be responsible for the FCPA Compliance Manual, implementing and monitoring the Company’s FCPA compliance program, including compliance certifications, and providing training to employees and third parties concerning the FCPA. The FCPA Compliance officer [sic] shall also investigate and approve the employment of all foreign agents, any gifts or entertainment with foreign officials, and the commencement of significant business operations outside the United States. The FCPA Compliance Officer shall also investigate any allegations of misconduct.
Key’s FCPA Policy emphasized, “If the situation warrants a token gift of other than nominal value, the employee must consult with the FCPA Compliance Officer prior to offering such a gift. The approval of the FCPA Compliance Officer is required to ensure that the gift is consistent with the FCPA, and that the gift is lawful, customary, and necessary to the conduct of business in the country where it is made…. Employment of a foreign agent, commencement of significant business operations outside the United States, gifts, or entertainment of a foreign official must all be approved in advance by the FCPA Compliance officer.”
Last of all, the FCPA Policy “recognizes and emphasizes the importance of anti-corruption training as an essential component of an FCPA compliance program. To that end, Key will provide FCPA Anti-corruption training, both in person and through web-based programs, periodically at times to be determined by the Company’s General Counsel.” Any employee who violates the FCPA or the Company’s FCPA Policy “will be disciplined and may be terminated. Intentional violations of the FCPA will result in termination.”
In the second half of the FCPA Compliance Manual regarding procedures, the broad definitions of “foreign official” and “anything of value,” including with respect to third parties, as well as the need for due diligence and investigation of the “reputation, beneficial ownership, professional capability and experience, financial standing and credibility” and history of compliance of any prospective Representative and any acquisitions and joint ventures, are set out. The procedures require Key’s Accounting Department to be responsible for maintaining and enforcing Key’s accounting and record keeping policies and Key’s Internal Audit Department with auditing Key’s compliance with policies state in the Compliance Manual and related policies and procedures constituting its internal control system. The procedures require Key to “maintain a system of internal account controls sufficient to provide reasonable assurances” that
a.transactions are executed in accordance with management’s general or specific authorization; b. transactions are recorded as necessary: (i) to permit preparation of financial statements in conformity with generally accepted accounting principles (“GAAP”) or any other criteria applicable to such statements; and (ii) to maintain accountability for assets; c. transactions are recorded in the books in accordance and compliance with GAAP, as well as applicable laws and regulations; d. access to Key assets is permitted only in accordance with management’s general or specific authorization; and e. the recorded accountability for corporate assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.
The procedures require “[m]onitoring and auditing systems” in place to detect policy violations and review personnel records of those who deal with governmental officials or who submit financial data that affect Key’s financial statements or reports. Similarly Key’s Audit Department must conduct FCPA audits based on an annual FCPA audit plant and must “interview persons responsible for administering, implementing and monitoring Key’s compliance program.”
Notwithstanding the above, the plaintiffs in the civil action alleged that “although Key had compliance programs that looked strong on paper, in actuality Key did not have an effective compliance or training program in effect and therefore ‘created an atmosphere in which violations of laws and regulations and the Company’s own internal policies were ignored’ and there were ‘rampant FCPA violations.””
In support, and as noted in Judge Harmon’s decision, plaintiffs’ complaint contained statements from six unidentified confidential witnesses who supposedly came forward “to testify against Key with regard to its illusory compliance program and its actual FCPA violations.”
Judge Harmon’s decision summarizes these allegations, but found that the “sum of their allegations is that Key’s FCPA controls were adequate.” Regarding one of the confidential witness statements (“I don’t think internal audit [at Key] ever audited internationally”), Judge Harmon stated:
“[T]there is no allegation that international audits are a requirement or that they are required for a company to have adequate internal controls over financial reporting. Key does file audited consolidated financial statements, and its auditors not only found that Key did not have a material weakness in internal controls for the year ending December 31, 2012, but its independent auditors confirmed that for that year “the Company maintained, in all material respects, effective internal control over financial reporting.” The complaint does not point to any misstatement in Key’s financial reporting that would have been discovered had an internal audit of international operations been done.”
Notwithstanding the above, and notwithstanding the SEC’s own key finding that certain employees at Key Mexico “abuse their privileges, approving suspect arrangements with and payments to consultants and gifts to Mexican government officials at Pemex, and concealing these arrangements and payments from Key Energy,” the SEC found that Key Energy violated the FCPA’s internal controls provisions.
Invoking the benefit of perfect hindsight it typically invokes in FCPA enforcement actions, focusing in one third party relationship (among the numerous third party relationships a company has), and advancing a “would have, should have, could have” enforcement theory, the SEC states that Key Energy’s internal accounting controls were “lax” because the problematic consulting arrangement was “entered into without pre-approval from Key Energy legal, because no due diligence had been conducted on the Consulting Firm and because no written contract had been entered into with the firm.”
The SEC further found that Key Energy’s internal controls were lax “by failing to respond effectively to signs indicating that gifts provided by Key Mexico to Pemex officials were being given as rewards for providing Key Energy with increased business.” This notwithstanding the SEC’s other finding that the relevant Key Mexico employees did not disclose certain relevant information to Key Energy and otherwise concealed certain arrangements and payments from Key Energy.
The SEC further found that Key Energy’s internal controls were lax because “Key Mexcio had no independent compliance staff or internal audit function that had authority to intervene into management decisions and, if appropriate, take remedial actions.” The problem with this finding – similar to Judge Harmon’s conclusion regarding international audits – is there is no actual legal requirement that issuers have independent compliance staff at each of its foreign subsidiaries. Rather, as if often the case, the SEC finds this problematic based on ipse dixit (an unsupported statement that rests solely on the authority of the individual who makes it) (See here for the prior post).
In short and as demonstrated by the Key Energy matters, FCPA issues often occupy parallel universes.
One universe is ruled by all-powerful gods with big and sharp sticks in which subjects dare challenge the gods. Another universe consists of checks and balances in which independent actors call the balls and strikes.
The first universe refers to FCPA enforcement by the DOJ and SEC. The second universe refers to litigation of FCPA-related claims in which judges make decisions in the context of an adversarial legal system. This second universe is often referred to as the rule of law universe.
This post highlights a unique example of where there is a public record of the universes colliding and the collision resulted in outcomes that were materially different.