Scrutiny alert, some responsibility, repeat offender, proposed changes to whistleblower rules, and for the reading stack. It’s all here in the Friday roundup.
Scrutiny Alert
Glencore plc, an Anglo–Swiss mining company with headquarters in Switzerland and ADRs traded on a U.S. exchange recently announced:
This previous post highlighted the DOJ’s recent Foreign Corrupt Practices Act enforcement action against CDM Smith Inc. Pursuant to a so-called “declination” with disgorgement, CDM Smith agreed to disgorge approximately $4 million based on DOJ findings “that CDM Smith, through its employees and agents, and those of its wholly owned subsidiary in India paid approximately $1.18 million in bribes to government officials in India in exchange for highway construction supervision and design contracts and a water project contract…”.
This post highlights additional issues to consider.
In addition to teaching a Foreign Corrupt Practices Act class (one of the few specific FCPA classes taught in U.S. law schools), in my professor life I also teach a variety of corporate law classes, including Corporations in which coverage includes corporate form, the general rule of limited liability, and exceptions to that general rule based on veil piercing / alter ego theories.
The general rule is that legal liability does not ordinarily hop-skip-and-jump around a corporate organization because separate legal entities (including even those within the same corporate hierarchy) are not liable for the legal liability of other entities (whether that liability arises in tort, contract or the FCPA).
However, if one entity is merely the “alter ego” of another entity, the other entity may be exposed to legal liability based on the conduct of the “alter ego.” The picture at left can demonstrate alter ego issues, namely that one entity will be the alter ego of another if the entities share the same heart, organs, nervous system, etc.
Against this backdrop, it is interesting to see how the SEC asserted alter ego theories in two recent FCPA enforcement actions.
Like every year around this time, I feel like a kid in a candy store given the number of FCPA year in reviews hitting my inbox. This post highlights various FCPA or related publications that caught my eye.
Reading the below publications is recommended and should find their way to your reading stack. However, be warned. The divergent enforcement statistics contained in them (a result of various creative counting methods) are likely to make you dizzy at times and as to certain issues.
Given the increase in FCPA Inc. statistical information and the growing interest in empirical FCPA-related research, I again highlight the need for an FCPA lingua franca (see here for the prior post), including adoption of the “core” approach to FCPA enforcement statistics (see here for the prior post), an approach endorsed by even the DOJ (see here), as well as commonly used by others outside the FCPA context (see here)
Debevoise & Plimpton
The firm’s monthly FCPA Update is consistently a quality read. The most recent issue is a year in review and the following caught my eye.
“The government’s pressure on companies to assist in investigating and prosecuting individuals raises significant challenges for in-house legal and compliance personnel as they work to navigate the potentially conflicting interests in anti-bribery compliance and internal investigations. This pressure has produced legitimate concerns that a failure to self-report could, in and of itself, be met with, or be the cause for imposing, monetary penalties. Although the U.S. Sentencing Guidelines provide for a reduction in fines for a heightened level of cooperation, outside of a narrow range of arenas (such as where duties to self-report are imposed on U.S. government contractors), the government generally lacks any statutory basis for imposing financial penalties against companies for the failure to self-report potential misconduct. Since there is no legal obligation to self-report, it is our view that the government should exercise caution when discussing bases for monetary penalties and should rely solely on laws passed by Congress and the Sentencing Guidelines provisions that properly draw their authority from a duly-passed statute. It would be a disturbing trend indeed were the government to begin to impose monetary penalties for failing to self-report where there is no legal obligation to do so. The actions by U.S. regulators in the coming year will continue to warrant close scrutiny …”.
Gibson Dunn
The firm’s Year-End FCPA Update is a quality read year after year. It begins as follows.
“Within the last decade, Foreign Corrupt Practices Act (“FCPA”) enforcement has become a juggernaut of U.S. enforcement agencies. Ten years ago, we published our first report on the state-of-play in FCPA enforcement. Although prosecutions were at the time quite modest–our first update noted only five enforcement actions in 2004–we observed an upward trend in disclosed investigations and advised our readership that enhanced government attention to the then-underutilized statute was likely. From the elevated plateau of 2015, we stand by our prediction. In addition to the traditional calendar-year observations of our year-end updates, this tenth-anniversary edition looks back and analyzes five trends in FCPA enforcement we have observed over the last decade.”
The update flushes out the following interesting tidbit from the Bio-Rad enforcement action.
“[A noteworthy aspect] of the Bio-Rad settlement is that it is the first DOJ FCPA corporate settlement agreement to require executives to certify, prior to the end of the [post-enforcement action] reporting period, that the company has met its disclosure obligations. As noted above in the Ten-Year Trend section, post-resolution reporting obligations, including an affirmative obligation to disclose new misconduct, have long been a common feature of FCPA resolutions. But Bio-Rad’s is the first agreement to insert a provision requiring that prior to the conclusion of the supervisory period, the company CEO and CFO “certify to [DOJ] that the Company has met its disclosure obligations,” subject to penalties under 18 U.S.C. § 1001.”
Gibson Dunn also released (here) its always informative “Year-End Update on Corporate Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs).” The update: “(1) summarizes highlights from the DPAs and NPAs of 2014; (2) discusses several post settlement considerations, including protections for independent monitor work product and post settlementterm revisions; (3) analyzes a potential trend in the judicial oversight of DPAs; and(4) addresses recent developments in the United Kingdom, where the Deferred ProsecutionAgreements Code of Practice recently took effect.
According to the Update, there were 30 NPAs or DPAs entered into by the DOJ (29) or SEC (1) in 2014. (However, this figure includes two in the Alstom action and two in the HP action. Thus, there were 27 unique instances of the DOJ using an NPA or DPA in 2014. Of the 27 unique instances, 5 (19%) were in FCPA enforcement actions and the FCPA was the single largest source of NPAs and DPAs in 2014 in terms of specific statutory allegation.
The Gibson Dunn updates provides a thorough review of two pending cases in which federal court judges are wrestling with the issue of whether to approve of a DPA agreed to be the DOJ and a company.
Shearman & Sterling
The firm’s “Recent Trends and Patterns in Enforcement of the FCPA” is also another quality read year-after-year.
Of note from the publication:
“[W]hat may be the most interesting facet of the SEC’s current enforcement approach is the Commission’s shift in the latter half of 2014 in Timms to settle charges against individuals through administrative proceedings. This may come as no surprise, as the SEC has had difficulty successfully prosecuting individuals for violating the FCPA in previous years. Most recently, in early 2014, the SEC suffered a pair of setbacks in its enforcement actions against executives from Nobel Corp. and Magyar Telekom […] before the U.S. courts. Other cases, such as SEC v. Sharef (the SEC’s case against the Siemens executives) and SEC v. Clarke (which is currently the subject of a pending stay), have lingered in the S.D.N.Y. for significant periods of time without resolution.”
[…]
Obtain or Retain Business
Following the announcement of the SEC’s settlement with Layne Christensen over improper payments made to foreign officials in various African countries, we noted that the SEC’s approach to the “obtaining or retaining business” test in the FCPA appeared at odds with the Fifth Circuit’s 2007 opinion in United States v. Kay. Specifically, in Kay, the DOJ charged two executives of American Rice, Inc. for engaging in a scheme to pay Haitian customs officials bribes in exchange for accepting false shipping documents that under-reported the amount of rice onboard ocean-going barges. The result of the false shipping documents was to reduce the amount of customs duties and sales taxes that American Rice would have otherwise been forced to pay. While the court in Kay dismissed the defendants’ argument that the FCPA was only intended to cover bribes intended for “the award or renewal of contracts,” holding instead that the payment of bribes in exchange for reduced customs duties and sales taxes, the court added that in order to violate the FCPA, the prosecution must show that the reduced customs duties and sales taxes were in turned used “to assist in obtaining or retaining business” per the language of the FCPA. In short, the court in Kay held that while bribes paid exchange for the reduction of duties or taxes could violate the FCPA, they were not per se violations of the statue, and that the Department would have to show how the benefit derived from the reduced duties and taxes were used to obtain or retain business.
Fast forwarding to 2014 in Layne Christensen, the Houston-based global water management, construction, and drilling company, was forced to pay over $5 million in sanctions despite the fact that the SEC’s cease-and-desist order pleaded facts inconsistent with the Fifth Circuit’s opinion in Kay. In its discussion of Layne Christensen’s alleged violation of the FCPA’s anti-bribery provisions, the SEC only alleged that the company paid bribes to foreign officials in multiple African countries “in order to, among other things, obtain favorable tax treatment, customs clearance for its equipment, and a reduction of customs duties.” The SEC’s cease-and-desist made no reference to how these reduced costs were used to obtain or retain business, rendering the SEC’s charges facially deficient.
Layne Christensen is not, however, the first time the DOJ and SEC have brought similar FCPA charges against companies without alleging how reduced taxes and customs duties were used to obtain or retain business. In the Panalpina cases from 2010, a series of enforcement actions against various international oil and gas companies, the DOJ and SEC treated the exchange of bribes for reduced taxes and customs duties as per se violations of the FCPA. Even in the 2012 FCPA Guide the enforcement agencies make clear that “bribe payments made to secure favorable tax treatment, or to reduce or eliminate customs duties . . . satisfy the business purpose test.” Whether the DOJ’s and SEC’s approach to the “obtaining or retaining business” element of the FCPA stems from a misinterpretation of Kay or is an attempt to challenge the Fifth Circuit’s opinion, remains to be seen. Nevertheless, we are troubled by the lack of clarity in the DOJ’s and SEC’s approach as it ultimately disadvantages defendants who may otherwise be pressured to settle charges over conduct which does not necessarily constitute a crime.”
Parent/Subsidiary Liability
As noted in previous Trends & Patterns, over the past several years the SEC has engaged in the disconcerting practice of charging parent companies with anti-bribery violations based on the corrupt payments of their subsidiaries. In short, the SEC has adopted the position that corporate parents are subject to strict criminal liability not only for books & records violations (since it is the parent’s books ultimately at issue) but also for bribery violations by their subsidiaries regardless of whether the parent had any involvement or even knowledge of the subsidiaries’ illegal conduct. The SEC has subsequently continued this approach in Alcoa and Bio-Rad.
According to the charging documents, officials at two Alcoa subsidiaries arranged for various bribe payments to be made to Bahraini officials through the use of a consultant. The SEC acknowledged that there were “no findings that an officer, director or employee of Alcoa knowingly engaged in the bribe scheme” but it still charged the parent company with anti-bribery violations on the grounds that the subsidiary responsible for the bribery scheme was an agent of Alcoa at the time. The Commission’s tact is curious considering that it charged Alcoa with books and records and internal controls violations as well, making anti-bribery charges seemingly unnecessary. Moreover, it is noteworthy that in the parallel criminal action, the DOJ elected to directly charge Alcoa’s subsidiary with violations of the FCPA’s anti-bribery provisions instead of Alcoa’s corporate parent.
In Bio-Rad, the SEC’s cease-and-desist order alleged that the corporate parent was liable for violations of the FCPA’s anti-bribery provisions committed by the company’s corporate subsidiary in Russia, Vietnam, and Thailand. In order to impute the alleged wrongful conduct upon the corporate parent, the SEC relied heavily upon corporate officials’ willful blindness to a number of red flags arising from the alleged schemes in Russia, Vietnam, and Thailand. Nevertheless, even if certain officials from Bio-Rad’s corporate parent were aware of the bribery scheme, the SEC’s charges ignore the black-letter rule that in order to find a corporate parent liable for the acts of a subsidiary, it must first “pierce the corporate veil,” showing that the parent operated the subsidiary as an alter ego and paid no attention to the corporate form.
It is also interesting that much like the case of Alcoa, the DOJ’s criminal charges against Bio-Rad are notably distinct from the SEC’s. Specifically, while the DOJ charged Bio-Rad’s corporate parent with violating the FCPA, the Department elected to only charge the company with violations of the FCPA’s book-and-records and internal controls provisions, not the anti-bribery provisions like the SEC.
The SEC’s charging decisions in Alcoa and Bio-Rad are even more peculiar given the fact that the SEC took an entirely different approach in HP, Bruker, and Avon, where despite alleging largely analogous fact patterns, the SEC charged the parent companies in HP, Bruker, and Avon with violations of the FCPA’s books-and-records and internal controls provisions only. Much like Alcoa and Bio-Rad, all of the relevant acts of bribery in HP, Bruker, and Avon were committed by the company’s subsidiaries in Mexico, Poland, Russia (HP), and China (Bruker and Avon). The SEC’s decisions in Alcoa, Bio-Rad, HP, Bruker, and Avon to charge parent companies involved in largely analogous fact patterns with different FCPA violations raise ongoing questions as to consistency and predictability of the SEC’s approach to parent-subsidiary liability.”
WilmerHale
The firm’s FCPA alert states regarding the travel and entertainment enforcement actions from 2014.
“While most cases involving travel and entertainment historically have involved other allegedly corrupt conduct, it was notable this year that travel and entertainment was the focus of the conduct in some cases. … [T]his suggests that travel and entertainment should continue to be a focus of corporate compliance programs. Unfortunately, the settled cases give little guidance as to some of the gray areas that challenge compliance officers, such as the appropriate dollar amounts for business meals, or how much ancillary leisure activity is acceptable in the context of a business event. Perhaps most interesting about the recent cases is that the government’s charging papers in some cases seem to lack any direct evidence that the benefits provided were provided as a quid pro quo to obtain a specific favorable decision from the official. The cases seem to simply conclude that if there were benefits provided to a government decision maker, the benefits must have been improper. Whether such allegations would be sufficient to satisfy the FCPA’s “corruptly” standard in litigation remains to be seen.”
Regarding the lack of transparency in FCPA enforcement, the alert states:
“[T]here still remains legitimate debate about whether the amount of credit that companies receive for voluntary disclosures is sufficient, especially when compared to companies that cooperate but do not self-report. One important factor that is often left out of the debate on this topic is the “credit” that is not visible in the public settlement documents but is nonetheless often informally received by companies that voluntarily disclose and/or cooperate. While the discussion above focuses on Sentencing Guidelines calculations and percentages of credit off the Sentencing Guidelines ranges, the discussion does not take into account decisions made by the government in settlement discussions that affect the ranges that are not seen in the settlement documents. For example, in settlement negotiations, the government might determine not to include certain transactions when calculating the gains obtained by the corporate defendant—perhaps because the evidence might have been weaker, or because jurisdiction might have been questionable, or because the settlement may have focused on transactions from a certain time period, or because of other factors. Thus, while the settlement documents might suggest a 20% discount from the bottom of the Sentencing Guidelines range, that range could have been higher had other transactions been included. These determinations are not transparent, but, anecdotally, there is some basis to believe that companies that voluntarily disclose and/or cooperate are more likely to get the benefit of the doubt as the sausage is being made. Given the lack of transparency in this area, the debates on this topic are likely to continue for a long time.”
Covington & Burling
The firm’s “Trends and Developments in Anti-Corruption Enforcement” is here. Among other things, it states:
“As we have noted in the past, U.S. enforcement authorities have a taken creative and aggressive legal positions in pursuing FCPA cases. This past year saw a continuation of that trend, most notably with the SEC staking out an expansive position on the FCPA’s reach via agency theory.
Aggressive Use of Agency Theory. 2014 saw the SEC make use of a potentially far reaching agency theory to hold a parent company liable for the conduct of subsidiaries. In the Alcoa settlement, the SEC made clear that it had made “no findings that an officer, director or employee of [corporate parent Alcoa Inc.] knowingly engaged in the bribe scheme” at issue. Instead, its theory of liability was that the parent company “violated Section 30A of the Exchange Act by reason of its agents, including subsidiaries [Alcoa World Aluminum and Alcoa of Australia], indirectly paying bribes to foreign officials in Bahrain in order to obtain or retain business.” This agency theory was premised on the parent company’s alleged control over the business segment and subsidiaries where the conduct at issue allegedly occurred. Notably, the SEC did not rely on any evidence that parent-company personnel had direct involvement in or control over the alleged bribery scheme. Instead, the SEC pointed only to general indicia of corporate control that are the normal incidents of majority stock ownership (e.g., that Alcoa appointed the majority of seats on the business unit’s “Strategic Council,” transferred employees between itself and one of the relevant subsidiaries, and “set the business and financial goals” for the business segment). This is notable, in our view, because it is arguably at odds with DOJ and the SEC’s statement in the FCPA Resource Guide that they “evaluate the parent’s control — including the parent’s knowledge and direction of the subsidiary’s actions, both generally and in the context of the specific transaction — when evaluating whether a subsidiary is an agent of the parent.” (Emphasis added.) In the Alcoa matter, the SEC seemed to focus solely on “general” control; it did not allege any facts to support parent-level “knowledge and direction . . . in the context of the specific transaction.” This potentially expansive use of agency theory underscores the need for parent companies who are subject to FCPA jurisdiction to be attentive to corruption issues and compliance in all their corporate subsidiaries, even entities over which they do not exercise day-to-day managerial control.”
Miller & Chevalier
The firm’s FCPA Winter Review 2015 is here.
Among other useful information is a chart comparing the top ten FCPA enforcement actions (in terms of settlement amounts) as of 2007 compared to 2014 and a chart comparing SEC administrative proceedings and court filed complaints since 2005.
Davis Polk
The firm recently hosted a webinar titled “FCPA: 2014 Year-End Review of Trends and Global Enforcement Actions.” The webcast and presentation slides are available here.
Jones Day
The firm’s FCPA Year in Review 2014 is here.
Other Items for the Reading Stack
From the FCPAmericas Blog – “Top FCPA Enforcement Trends to Expect in 2015.”
From the Corruption, Crime & Compliance Blog – “FCPA Year in Review 2014,” and FCPA Predictions for 2015.”
Where to begin?
That is the question when analyzing last week’s $108 million Foreign Corrupt Practices Act enforcement action against HP and related entities. (See here).
Should the title of this post have been “The FCPA’s Free-For-All Continues”?
Should the title have been “HP = Hocus Pocus” (as in look what the enforcement agencies pulled out their hats this time)?
Should the title have been “Warning In-House and Compliance Professionals: This Post Will Induce Mental Anguish”?
Unable to arrive at the best specific title for this post, I simply picked the generic “Where to Begin?”
In short, if the HP enforcement action does not leave you troubled as to various aspects of FCPA enforcement you: (i) may not be well-versed in actual FCPA legal authority; (ii) don’t care about the rule of law; or (iii) somehow derive satisfaction from government required transfers of shareholder money to the U.S. treasury regardless of theory.
Least there be any misunderstanding, let me begin this post by stating that the enforcement actions against HP Poland, HP Russia and HP Mexico allege bad conduct by certain individuals – a “small fraction of HP’s global workforce” to use the exact words of the DOJ. As to that “small fraction,” those individuals should be held accountable for their actions by relevant law enforcement authorities.
However, as to the actual defendants charged in the enforcement actions – HP Russia, HP Poland and HP Mexico in the DOJ actions – and HP in the SEC administrative proceeding – there are actual legal elements that must be met and there is also prior enforcement agency guidance that ought to be followed. The entire credibility and legitimacy of the DOJ and SEC’s FCPA enforcement programs depend on these two basics points.
For instance, in what is believed to be an FCPA first, the DOJ charged two non-issuers (HP-Russia and HP-Poland) with substantive violations of the FCPA’s books and records and internal controls provisions – provisions which only apply to issuers. This is concerning in and of itself.
Yet the resulting landscape from the HP enforcement action is of more concern and it should induce mental anguish for many for the following reasons.
Issuers have an obligation under the FCPA to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that,” among other things, transactions are executed in accordance with management’s general or specific authorization. Failure to adopt such internal controls is a violation of law.
Conversely, and here is where the “hocus pocus” part comes in, if an issuer does adopt such internal controls and a “small fraction” of employees at certain foreign subsidiaries engage in covert means to willfully circumvent those internal controls, well, that is a violation of law as well in the eyes of the enforcement agencies.
The DOJ’s and SEC’s own allegations paint a picture of HP establishing, particularly given the time periods relevant to the enforcement actions, a system of internal accounting controls sufficient to provide reasonable assurances as to the conduct at issue. yet being a victim of the willful and deceptive conduct of a “small fraction” of employees who designed covert means to circumvent HP’s internal controls.
For instance, as to HP Poland, the criminal information alleges, in pertinent part as to the relevant time period (2006 to 2010):
“At all times relevant to this Information, HP policies prohibited corruption, self-dealing, and other misconduct. HP’s Standards of Business Conduct (“SBC”) in effect during the relevant time period specified company rules and regulations governing legal and ethical practices, preparation of accurate books and records, contracting, and approvals and engagements of third parties. The SBC applied to all HP Co. business divisions and subsidiaries, including HP Poland. HP Poland employees, including HP Poland Executive, received mandatory SBC training annually, among other training.”
“The SBC manuals specifically referenced the FCPA, and prohibited, among other items, bribes, corrupt practices, ‘side letter,’ ‘off-the-books’ arrangements,’ and ‘other express or implied agreements outside standard HP contracting processes.’ The SBC manuals in effect during this period further instructed employees of HP that they were not to ‘commit [the relevant HP business] to undertake any performance, payment or other obligation unless [the employee was] authorized under the appropriate HP [business] delegation of authority policies,’ and further required accurate accounting records and proper finance practices.”
Notwithstanding these controls, the information alleges that an HP Poland Executive caused falsification of HP’s books and records and circumvented HP existing internal controls. Among other things, the information alleges that the gifts to the Polish Official “violated HP internal controls relating to gift-giving, and were not properly reflected in HP’s books and records.” The information alleges that the HP Poland Executive “willfully circumvented HP’s internal controls, and falsified corporate books and records relied on by HP’s officers and external auditors to authorize transactions and prepare HP’s consolidated financial statements.” The information alleges that HP Poland Executive devised covert means – such as communicating through anonymous e-mail accounts and prepaid mobile telephones – in connection with his bribery scheme. The information even alleges that the HP Poland Executive and the Polish Official drove around in vehicles in “remote locations” and “would type messages in a text file, passing the computer between themselves.” According to the information, “communications were made in this fashion to avoid possible audio recording of the discussions by hidden devices, and to circumvent HP’s internal controls.”
Nevertheless, the DOJ alleges:
“Although HP had certain anti-corruption policies and controls in place during the relevant time period, those policies and controls were not adequate to prevent the conduct described herein and were insufficiently implemented at HP Poland.”
As discussed in this prior post, what is the source for this dramatic conclusory allegation? Nothing more than ipse dixit and subjective say-so.
The same holds true for the DOJ’s allegations concerning HP Mexico. The non-prosecution agreement contains the same two substantive allegations concerning HP’s internal controls set forth above relevant to HP Poland, plus the following as to the relevant time period (2006 to 2009):
“HP’s policies permitted legitimate commission payments to channel partners. These policies required that the recipient of commissions enter into a written channel partner contract with an addendum permitting the payment of commissions be pre-approved, subjected to due diligence, and registered in HP’s partner system. HP Mexico’s policy also required channel partner commissions to follow an approval matrix, with commissions exceeding a particular percentage of the transaction’s total volume regarding additional approvals.”
Notwithstanding these controls, the information alleges that certain HP Mexico sales managers on one deal deceived HP. The NPA states:
“[The Consultant at issue] was not an approved HP Mexico channel partner and had not entered into a written channel partner agreement as required by HP’s internal controls and policies. In circumvention of these internal controls and policies, HP Mexico executives pursuing the BTO Deal arranged for another entity (“Intermediary”), which was already an approved HP Mexico channel partner, to join in the transaction. HP Mexico’s sales managers arranged for the Intermediary to receive commissions from HP Mexico and then pass those monies along to Consultant, after deducting a portion as a fee. Although Intermediary played no role in negotiating the BTO Deal, HP Mexico executives recorded Intermediary as the deal partner in its internal tracking system.”
“By arranging payments to be made through the Intermediary to Consultant, HP Mexico was able to circumvent HP’s policies requiring pre-approval of channel partners and written agreement for third-party payments. HP Mexico further circumvented HP’s controls by failing to identify the role of Intermediary in the BTO Deal … In addition, HP Mexico’s books and records falsely reflected that the Intermediary was the deal partner and principal recipient of the commission on the BTO Deal, which ultimately caused certain HP books and records to be falsified.”
Nevertheless, the DOJ alleges:
“Although HP had certain anti-corruption policies and controls in place during the relevant period, those policies and controls were not adequate to prevent the conduct described herein and were insufficiently implemented at HP Mexico. This allowed HP Mexico to circumvent HP’s internal accounting controls and falsify its books and records as described herein.”
What is the source for this dramatic conclusory allegation? Nothing more than ipse dixit and subjective say-so.
The same holds true for the DOJ’s allegations concerning HP Russia. The information contains the same two substantive allegations concerning HP’s internal controls set forth above relevant to HP Poland and HP Mexico, plus the following as to the relevant time period (2000 to 2007).
“HP’s policies placed restrictions and due diligence requirements on contracts with third parties, including ‘HP customers, channel partners, suppliers, other business partners or outside parties.’ They required credit checks and approvals for certain third parties, and required the preparation of ‘Subcontractor Qualification Worksheets’ and ‘Pre-Bid Risk Identification & Assessment Questionnaires’ that related to qualifications and financial capabilities of certain third parties. Among other due diligence requirements, the policies required telephonic interview of certain third parties regarding experience, references, checks to determine whether the third party had the capacity and geographic coverage for the project, and an overall evaluation of doubts, reservations, and ‘risks/weaknesses’ of the third party.”
“HP’s Solution Opportunity Approval and Review (‘SOAR’) process applies to all service-related projects valued at greater than $500,000 anywhere in the world, including Russia. Among other things, the SOAR process was designed to provide HP’s senior company management visibility into pricing, discounts, and profit margins for transactions. It required review of relationships with third parties, including scope of work, contract terms, qualifications, and necessity of services. Business, legal, finance, credit, tax, and other units participated in the SOAR review. No services-related transaction greater than $500,000 could proceed without SOAR approval.”
“Pursuant to the Sarbanes-Oxley Act of 2002, HP management was required to certify the accuracy of HP’s financial statements and the adequacy of its related internal controls to develop those statements. In supporting these certifications, HP executive management required senior and regional management of HP’s business units to sign sub-certifications certifying that HP’s financial statements were accurate and that their internal controls provided assurances that transactions were properly authorized and recorded, and assets were safeguarded from improper use.”
Notwithstanding these controls, the information alleges that five HP Russia employees deceived HP. For instance, the information specifically alleges that the individuals created a secret slush fund and to “execute and hide the scheme … willfully circumvented existing internal controls, and falsified corporate books and records relied upon by HP officers and external auditors to authorize the transaction and prepare HP’s consolidated financial statements.”
According to the information, the slush fund “was concealed in the project’s financials” and “HP Russia maintained two sets of project pricing records: off-the-books versions, known only to the conspirators, which identified slush fund recipients, and sanitized versions of the same documents which were provided to HP credit, finance, and legal officers outside of HP Russia.”
According to the information, “one example of an off-the-books document was an encrypted, password-protected spreadsheet” which contained different information than the “on-the-books version.” According to the information, a Pricing Worksheet “provided to management outside of HP Russia omit[ed] all references to the slush fund payments, instead inflating hardware prices to create margin for the payments.”
In addition, the information alleges “concealment of [the] slush fund during SOAR Review.” According to the information, “in early August 2003, HP management in Europe pressed HP Russia to begin the SOAR process for the GPO contract so that it could be executed. In circumvention of company policy, however, HP Russia Executive 1 had already [signed the relevant contract and executed it] with no authorization and no power of attorney.”
According to the information, “the HP credit officer assigned to the SOAR review initially denied credit approval to proceed with the contract …”. The information then alleges that the HP Russia Manager provided false information to the HP Credit Officer. The information further alleges that when the HP Credit Officer asked other questions regarding the relevant transaction, the HP Russia Manager provided other false information.
Regarding an actual SOAR meeting in 2003, the information alleges that the day before this meeting, the HP Russia Manager emailed relevant management with false information and thereafter provided additional false information to the HP Credit Officer in connection with relevant transaction.
According to the information, when it came time for the HP Russia Executive to certify the accuracy of the company’s financial statements and adequacy of internal controls pursuant to SOX, the HP Russia Executive falsely certified the requested information and that such certification was relied upon by other HP managers.
According to the information, members of the Russian conspiracy “structured bribe payments to individuals associated with [the Russian government] through a “off-the-books contract” and specifically alleges as follows:
“In circumvention of HP internal controls, including third party due diligence requirements and prohibitions against ‘side letters,’ ‘off-the-books’ arrangements, or other express or implied agreements outside standard HP contracting process,’ HP Russia never disclosed the existence of the [off-the-books contract] to internal or external auditors or management outside of HP Russia, and conduct no due diligence of [the relevant entity]”
The information alleges that the purpose of the conspiracy was to “conceal[] and disguise[] the payments by falsifying HP Russia’s and HP’s books and records; and evading and failing to implement internal controls meant to detect and deter such payments.” Specifically, the information alleges:
“HP Russia, through its executives and employees, together with others, knowingly and deliberately failed to implement internal accounting controls and circumvented existing internal accounting controls designed to detect and prevent such improper conduct. HP Russia entered into off-the-books contracts, maintained two sets of accounting records, failed to conduct appropriate due diligence of third parties, concealed the existence of third-party relationship from HP management, executed contracts without authorization, and made misrepresentations to HP audit, compliance, credit and legal officers.”
Among other things, the information alleges that HP Russia employees “avoided controls over third-party vendors and off-the-books contracts,” “created and used certain mechanisms for making and concealing payments to third parties,” and “secretly executed certain contracts without proper authority.”
Nevertheless, the DOJ alleges:
“While the SBC prohibited corrupt payments, required due diligence of third-parties, and included other control requirements to maintain accountability for assets, the policies were not adequate to detect and prevent the misconduct described herein, and in practice certain HP business divisions and subsidiaries failed to implement and enforce the policies consistently, and on occasion circumvented or disregard the policies entirely.”
What is the source for this dramatic conclusory allegation? Nothing more than ipse dixit and subjective say-so.
Unlike the DOJ enforcement actions (in which HP was not an actual defendant but merely guaranteed payment of fine and penalty amounts and had compliance obligations imposed upon it), in the SEC’s enforcement action HP is the sole defendant (technically a respondent since the enforcement action was an administrative proceeding not subjected to one ounce of judicial scrutiny). The SEC’s action is based on the same HP Poland, HP Russia, and HP Mexico conduct alleged in the DOJ enforcement actions.
Prior to the stating the SEC’s conclusory statement as it relates to HP itself, it is useful to review the DOJ’s allegations HP-specific allegations because there is little logical consistency between those allegations and the SEC’s conclusory statement.
Again, the DOJ alleged that HP:
Yet, and here comes the “hocus pocus” moment, the SEC states against the backdrop of the same covert means, concealment, and misrepresentations and deception alleged in the DOJ actions that:
“[A]lthough HP had certain anti-corruption policies and controls in place during the relevant time period, those policies and controls were insufficiently implemented on the regional or country level. Further, HP failed to devise and maintain an adequate system of internal accounting controls sufficient to provide reasonable assurance that (i) access to assets was permitted only in accordance with management’s authorization; (2) transactions were recorded as necessary to maintain accountability of assets; and (3) transactions were executed in accordance with management’s authorization.”
It is difficult to reconcile the SEC’s HP allegations against actual legal authority in that the internal-controls provisions are specifically qualified through concepts of reasonableness and good faith. The only judicial decision to directly address the substance of the internal-controls provisions states, in pertinent part, as follows:
“It does not appear that either the SEC or Congress, which adopted the SEC’s recommendations, intended that the statute should require that each affected issuer install a fail-safe accounting control system at all costs.”
In addition, various courts have held—in the context of civil derivative actions in which shareholders seek to hold company directors liable for breach of fiduciary duties due to the company’s alleged FCPA violations— that just because improper conduct allegedly occurred somewhere within a corporate hierarchy does not mean that internal controls must have been deficient.
The SEC’s allegations against HP are further difficult to reconcile with SEC guidance concerning the internal controls provisions. This guidance states, among other things:
“Inherent in this concept [of reasonableness] is a toleration of deviations from the absolute.”
“The test of a company’s internal control system is not whether occasional failings can occur. Those will happen in the most ideally managed company.”
The critical point in assessing an issuer’s internal controls is at the time of the alleged conduct and whether – at that time – the issuer had internal controls sufficient to provide various reasonable assurances. In other words, the critical point is not 5 or 10 years later and the issue is not – with the benefit of perfect hindsight – whether the issuer could have done more.
Further problematic in the SEC’s enforcement action against HP is that it is yet another example of “non-charged bribery disgorgment” and among the most vocal critics of this SEC theory is a former high-ranking SEC enforcement attorney (see here).
Whether the proper title should have been “The FCPA’s Free-For-All Continues,” “HP = Hocus Pocus” or how the HP enforcement action, with reason, should induce mental anguish among many, there is much to analyze and critique in the DOJ’s and SEC’s enforcement actions against HP and related entities.
The same applies to much recent FCPA enforcement activity.
To recap, since December 2013 the FCPA enforcement agencies have extracted approximately $546 million against risk averse corporations:
