FCPA Inc. is an active group of writers.
Thus it was no surprise that the recent BHP Billiton enforcement action generated much commentary.
Prior to highlighting the commentary – much of it is consistent with my prior criticisms of the enforcement action linked above – a few observations.
While the BHP Billiton action is problematic on a number of levels, it does not dilute FCPA enforcement as much as the even more problematic 2012 Oracle enforcement action.
A general theme in much of the below commentary is that the enforcement action lacked anti-bribery charges because there was no quid pro quo relationship between the hospitality payments or offers of payments and BHP Billition’s business.
In the minds of some, this lack of quid pro quo is the reason for the lack of SEC anti-bribery charges.
For starters, as noted in certain of the commentary, the SEC did allege “payments to foreign officials to support their attendance at Olympic events at the very time BHPB had pending business before those officials or others over whom they may have had influence.”
More importantly, the lack of anti-bribery charges against BHP Billiton (a foreign issuer) would seem to be based on the fact that the required U.S. jurisdictional nexus for such charges was lacking.
Another general theme in much of the below commentary is that the BHP action is somehow unique in charging (or finding as the case may be since it was an SEC administrative action) books and records and internal controls violations in the absence of anti-bribery violations.
As will be highlighted in a future post, the enforcement approach in BHP Billiton was hardly unique. The SEC often charges or finds books and records and internal controls violations in the absence of anti-bribery charges or findings. Point taken that often the reasons are opaque, but the charges or findings in BHP are hardly unique.
To the commentary.
The always informative Debevoise & Plimpton FCPA Update stated in pertinent part:
“Although the BHPB settlement involves a smaller penalty than some other recent resolutions, it may well turn out to be one of the more notable FCPA resolutions in several years. This is because the case addresses issues of recurring concern to multinational corporations that have long been sought out as sponsors of – or, at least, purchasers of hospitality packages for – marquee sporting events.
As good corporate citizens, these firms have come to view the purchase of tickets and hospitality packages as part of the collaboration with host entities managing such events, including national governments. This is an integral element of brand management and corporate strategy. In the course of such collaboration, these companies also receive due credit for making the event a successful interlude during which governments, business, and society at large, pause to celebrate the endeavor of sport. Yet the very process of supporting such an event leads to the inevitable question of “whom may we invite?” From there, the issue of anti-bribery compliance becomes a central issue for in-house compliance personnel.
The BHPB resolution likely will lead U.S. issuers choosing to provide hospitality of this kind to expend significant additional time, resources, and money devising and maintaining controls suggested by the resolution. Even though the settlement lacks the force of law, it will no doubt raise considerable pressure on companies to exercise even greater care if inviting foreign officials to such events, and may cause some firms subject to the books and records and internal controls provisions of the FCPA, i.e., those subject to SEC jurisdiction, to reconsider altogether this practice.
The bottom line for compliance professionals and in-house counsel is that – despite statements by enforcement officials that the issues of greatest concern to them are those arising out of the “big bribe” – travel, hospitality, and entertainment remain front and center in many cases and, particularly for the SEC, can provide the basis for substantial settlements.”
As in all settled FCPA matters, the terms of the BHPB resolution are the product of negotiation designed to serve the immediate interests of the parties in resolving a pending matter, and not the broader interest in definitively clarifying the law. And, at the end of the day, and after years of investigation, this particular resolution appeared to have yielded, at most, violations of lower severity than those that have led to larger settlements. It is notable that the Cease-and-Desist Order identified only four individuals out of 176 “foreign officials” invited to the Olympics who were involved with or in a position to influence pending matters involving BHPB. Of those four, only one official attended the Olympics. In these circumstances, it is no surprise that the DOJ did not take action.
But even for one of the smaller FCPA cases on its docket, the SEC could have provided more useful guidance in a compliance area where government officials and the courts alike (the latter at least in domestic bribery cases) have long stated that companies should have substantial leeway – provided that no quid pro quo arrangements inhere. Because of the ambiguities in the BHPB settlement, issuers will now inevitably need to exercise even greater caution when inviting “foreign officials” (including employees of state-owned enterprises) to events like this one.
The Cease-and-Desist Order may not have found this practice to violate the FCPA’s anti-bribery provisions. But the SEC has set a high bar for any company extending hospitality to foreign officials in terms of necessary internal controls, requiring independent review of almost every decision, potentially exacting accuracy and specificity for documentation, special training, and other procedures.”
This Steptoe & Johnson publication is titled “Does SEC’s Enforcement Action Against BHP Billiton Take the FCPA’s Accounting Provisions To Far?” In pertinent part it states:
“This settlement … represents one of the most aggressive uses by the SEC to date of its accounting, and particularly its internal controls, authorities in an FCPA context. Instead of being predicated on specific questionable payments, the factual basis of the charges was that the company recognized the risk that improper quid pro quo arrangements could develop in connection with the hospitality program, and that such risks were not appropriately managed by the company’s program, including through the manner in which they were documented in company compliance approval tracking forms.
This settlement raises significant questions regarding the manner in which SEC enforcement of the FCPA’s accounting provisions continues to evolve. As regular consumers of SEC FCPA enforcement actions will know, in recent years, leadership of the SEC’s FCPA Unit has consistently asserted that it views an effective FCPA compliance program as essential to satisfying the FCPA’s legal requirement to “devise and maintain a system of internal accounting controls sufficient …” to ensure that “transactions are executed in accordance with management’s general or specific authorization”, and related tracking requirements.
The charges in this settlement take that position – which has not been litigated – a step further. They appear to raise the prospect that companies could be charged with violations of the FCPA’s accounting provisions where their compliance programs do not maintain all elements of what the SEC would deem an effective compliance program – even where no underlying bribery (or at least payment arrangements suggesting some kind of improper quid pro quo, for example), has taken place.
The case also suggests that programs in the areas of hospitality and sponsorship – common and recurring areas of activity for many companies – may face enhanced scrutiny for systemic adequacy from a regulatory point of view, at least where larger amounts are involved. Such a position – if the SEC indeed intends to pursue enforcement actions on this basis as a matter of enforcement policy – would significantly expand the scope of risks facing US issuers with appreciable FCPA/anti-corruption risks to their business.
This settlement represents one of the most expansive assertions of the SEC’s authority under the FCPA’s accounting provisions in its enforcement practice to date. While the elements of both books-and-records and internal control violations do not require an underlying anti-bribery provision violation, as noted above, the SEC has typically brought books-and-records and internal controls charges against companies where there has been at least some suggestion of specific improper quid pro quo arrangements in connection with the payments in question. Consequently, the second-guessing of the adequacy of the company’s compliance procedures for BHP Billiton’s hospitality program is stunning: it imposes legal liability, a $25 million civil penalty, and ongoing compliance obligations on a company simply for the failure to address and manage risks in a way the SEC deems adequate. In addition to straying even further from the text of 15 U.S.C. 78m(b)(2)(A) and (B) than the SEC already had, this settlement represents some of the most prescriptive statements regarding specific compliance program practices SEC has made in the FCPA context.
As a result, many companies will understandably be very uneasy about the direction of the SEC’s enforcement program after this settlement and the sufficiency of their efforts to meet it. Very few companies’ compliance programs comprehensively address all anti-corruption risks that a company faces, and most companies’ programs will have process or procedure gaps of which they may or may not be aware. This settlement thus raises the question whether simply the existence of FCPA risks not effectively eliminated by a company’s compliance program – but not necessarily resulting in anti-bribery provision violations either – may nevertheless be subject to enforcement action. Specific to the sponsorship, hospitality and gifts and entertainment area, it also raises the question of whether business entertainment for the purposes of relationship building – a necessary activity in most, if not all businesses – will raise enforcement risks when it nevertheless does not rise to the level of a specific, prohibited quid pro quo arrangement and is not undertaken in connection with other business activities. Companies that engage in event sponsorships for other than purely altruistic reasons may be particularly challenged to manage these “group events” – even those that treat state enterprises and government officials on the same footing as private customers – in a way that meets enforcement expectations. But if significant benefits are involved, then the message from this settlement is clearly that such differential risk management is expected.
As with many SEC resolutions, the settlement documents provide no insight into how the fine was calculated. The settlement also continues a recent trend of the SEC to require post-settlement compliance reporting on the part of the company.
Whether this settlement represents the beginning of a trend, or an isolated occurrence representing a negotiated resolution in connection with difficult facts, remains to be seen. This settlement highlights in particular, however, that companies should consider whether their compliance programs effectively address their most significant risks and review their associated processes and procedures accordingly.”
This Paul Weiss alert states in pertinent part:
“In addition to the record-setting civil fine, BHPB is notable as a significant expansion of the SEC’s use of the FCPA’s accounting provisions in cases where the SEC believes an issuer’s compliance program creates the potential for bribery, even if bribery has not actually occurred or cannot be established. BHPB raises the very real prospect that issuers may face charges under the FCPA’s accounting provisions—even when there is no evidence of a quid pro quo, corrupt intent, or any improperly awarded business or government action—if the SEC is not satisfied that the issuer’s internal accounting controls and anti-corruption compliance program are sufficient to adequately manage corruption risks.”
“The SEC’s enforcement action against BHPB is significant for at least four reasons.
First, this settlement represents a rare example of the SEC bringing internal accounting controls and books and records charges in a case where it neither alleges actual bribery of a foreign official, nor suggests that such bribery took place but could not be charged for jurisdictional or other reasons.
Historically, the SEC has tended to charge issuers with violating the accounting provisions of the FCPA as a supplement to—rather than a substitute for—a bribery charge. In the exceptional cases where the accounting provisions alone have been charged, there is ordinarily some indication that improper payments were offered in exchange for a business benefit—in other words, that bribery had in fact occurred even if not charged. SEC precedent for bringing charges under the accounting provisions without an indication of actual underlying bribery seems to have its roots in a 2012 settled enforcement action against Oracle Corporation (“Oracle”). In Oracle, the SEC alleged that employees of an Oracle subsidiary in India secretly “parked” proceeds from sales to the Indian government for potential future use. The SEC did not claim that the Oracle subsidiary made corrupt payments to government officials, but did allege that the parked proceeds created “the potential for bribery or embezzlement,” and that Oracle lacked proper internal controls in light of that potential.
Here, it appears that the SEC was unable to show that BHPB’s business hospitality entertainment program was accompanied by any corrupt motive or involved a quid pro quo. This outcome is consistent with the proposition—well established in the domestic bribery context—that giving things of value to government officials for the purpose of building relationships or buying generalized goodwill is permissible. The BHPB enforcement action thus suggests that the Oracle case may not be an outlier in charging FCPA violations in the absence of an allegation of actual bribery, as some expert commentators have suggested, but perhaps the beginning of a new frontier in FCPA enforcement.
Second, even if it is tenable as a general legal matter to charge a standalone internal accounting controls violation based solely on the SEC’s subjective assessment of the adequacy of an issuer’s anti-corruption compliance program, the BHPB settlement represents an expansive application of the accounting provisions.6 Indeed, the SEC’s Order acknowledges that BHPB devised and maintained multiple internal controls to prevent corruption. For example, BHPB adopted a written Guide to Business Conduct; the President of each business line was given responsibility for ensuring compliance with that Guide; all business line Presidents certified annually that they had read and understood the Guide, confirmed that their direct reports did the same, and discussed compliance with their direct reports; BHPB established a Global Ethics Panel whose remit involved advising business leaders on compliance with the Guide and other business ethics issues; and BHPB’s compliance was overseen by a centralized Legal Department. In addition, BHPB instituted internal controls intended to address the particular corruption risks arising from the Olympics Hospitality Program, including creating detailed internal application forms aimed at addressing corruption risk, a senior business manager approval process, and a role for the Global Ethics Panel in assessing the invitation process that included reviewing a sample of the hospitality application forms.
To be sure, the SEC’s Order notes the absence of a centralized compliance group, and BHPB confirmed that it had “no independent compliance function” in its release announcing the end of the U.S. government investigations. However, more than any objective deficiency with BHPB’s compliance structure, the SEC’s internal accounting controls charge appears to rest on highly specific criticisms of the internal forms used to evaluate individual hospitality applications and the related compliance process. While giving things of value for purposes of relationship building is permissible and does not constitute bribery, it appears that the SEC may intend to use the FCPA’s internal accounting controls provisions to penalize any perceived shortcomings in companies’ efforts to scrutinize such activities.
Third, the SEC’s books and records charge reflects an aggressive, but not necessarily new, interpretation of Section 13(b)(2)(A), which requires issuers to make and keep books and records that “accurately and fairly reflect the transactions and dispositions of the assets of the issuer.” The SEC’s position raises important questions of statutory interpretation and public policy. There is nothing in the language of the books and records provision to suggest that it encompasses purely internal application forms completed for the purpose of approving gifts and entertainment expenditures. If the SEC can charge a books and records violation for any alleged inaccuracy in any internal paperwork, it will impose an enormous compliance burden that even the most sophisticated and well-resourced companies may struggle to satisfy.
Finally, the imposition of a $25 million civil fine and year of compliance reporting to the SEC is remarkable for a case in which there was no actual bribery, much less a bribery charge, no allegation of any quid pro quo or improper business benefit, and complete cooperation and full remediation. It is also noteworthy that the SEC has consistently reaffirmed its authority to seek disgorgement in enforcement actions brought under the internal controls or books and records provisions, but did not seek any disgorgement here. And despite the record-setting fine against BHPB, the SEC’s Order sheds no light on how such a fine was calculated. Moreover, although the SEC’s press release acknowledged the assistance of the Department of Justice’s Fraud Section, the Federal Bureau of Investigation, and the Australian Federal Police, no criminal charges to date have been brought.”
This Willkie Farr alert states in pertinent part:
“The BHPB settlement represents an aggressive stance by U.S. regulators with regard to providing entertainment and hospitality to government officials. As part of BHPB’s 2008 Summer Olympic Games sponsorship activities, the company invited people from all around the world. BHPB recognized the anticorruption risks potentially associated with such entertainment and tried to take precautions in advance of inviting government officials to the Summer Games by using a specifically designed “Olympic-specific internal approval process” to vet the company’s invitations. However, the SEC determined BHPB’s efforts fell short. In particular, the SEC noted that (1) BHPB did not require an independent legal or compliance review of hospitality applications; (2) some hospitality applications were not accurate or complete; (3) although BHPB had an annual Guide to Business Conduct review and certification process, as well as general compliance training, it did not have specific training on how to fill out the hospitality forms for the Olympic entertainment or evaluate applications under the company’s existing policies; (4) BHPB did not institute a process to update or reassess the appropriateness of invitations if conditions changed; and (5) the review process did not coordinate or assess whether an invitee from one CSG was involved in the business dealings of other CSGs. The SEC order does not allege that BHBP provided entertainment as part of a quid pro quo arrangement or allege a violation of the FCPA’s antibribery provisions. The order does not state how the SEC arrived at the civil monetary penalty of $25 million, a seemingly harsh penalty based on the facts alleged in the order.”