Top Menu

Like A Kid In A Candy Store

Kid in Candy Store

Like every year around this time, I feel like a kid in a candy store given the number of FCPA year in reviews hitting my inbox.  This post highlights various FCPA or related publications that caught my eye.

Reading the below publications is recommended and should find their way to your reading stack.  However, be warned.  The divergent enforcement statistics contained in them (a result of various creative counting methods) are likely to make you dizzy at times and as to certain issues.

Given the increase in FCPA Inc. statistical information and the growing interest in empirical FCPA-related research, I again highlight the need for an FCPA lingua franca (see here for the prior post), including adoption of the “core” approach to FCPA enforcement statistics (see here for the prior post), an approach endorsed by even the DOJ (see here), as well as commonly used by others outside the FCPA context (see here)

Debevoise & Plimpton

The firm’s monthly FCPA Update is consistently a quality read.  The most recent issue is a year in review and the following caught my eye.

“The government’s pressure on companies to assist in investigating and prosecuting individuals raises significant challenges for in-house legal and compliance personnel as they work to navigate the potentially conflicting interests in anti-bribery compliance and internal investigations.  This pressure has produced legitimate concerns that a failure to self-report could, in and of itself, be met with, or be the cause for imposing, monetary penalties.  Although the U.S. Sentencing Guidelines provide for a reduction in fines for a heightened level of cooperation, outside of a narrow range of arenas (such as where duties to self-report are imposed on U.S. government contractors), the government generally lacks any statutory basis for imposing financial penalties against companies for the failure to self-report potential misconduct.  Since there is no legal obligation to self-report, it is our view that the government should exercise caution when discussing bases for monetary penalties and should rely solely on laws passed by Congress and the Sentencing Guidelines provisions that properly draw their authority from a duly-passed statute.  It would be a disturbing trend indeed were the government to begin to impose monetary penalties for failing to self-report where there is no legal obligation to do so.  The actions by U.S. regulators in the coming year will continue to warrant close scrutiny …”.

Gibson Dunn

The firm’s Year-End FCPA Update is a quality read year after year.  It begins as follows.

“Within the last decade, Foreign Corrupt Practices Act (“FCPA”) enforcement has become a juggernaut of U.S. enforcement agencies.  Ten years ago, we published our first report on the state-of-play in FCPA enforcement.  Although prosecutions were at the time quite modest–our first update noted only five enforcement actions in 2004–we observed an upward trend in disclosed investigations and advised our readership that enhanced government attention to the then-underutilized statute was likely.  From the elevated plateau of 2015, we stand by our prediction. In addition to the traditional calendar-year observations of our year-end updates, this tenth-anniversary edition looks back and analyzes five trends in FCPA enforcement we have observed over the last decade.”

The update flushes out the following interesting tidbit from the Bio-Rad enforcement action.

“[A noteworthy aspect] of the Bio-Rad settlement is that it is the first DOJ FCPA corporate settlement agreement to require executives to certify, prior to the end of the [post-enforcement action] reporting period, that the company has met its disclosure obligations.  As noted above in the Ten-Year Trend section, post-resolution reporting obligations, including an affirmative obligation to disclose new misconduct, have long been a common feature of FCPA resolutions.  But Bio-Rad’s is the first agreement to insert a provision requiring that prior to the conclusion of the supervisory period, the company CEO and CFO “certify to [DOJ] that the Company has met its disclosure obligations,” subject to penalties under 18 U.S.C. § 1001.”

Gibson Dunn also released (here) its always informative “Year-End Update on Corporate Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs).”  The update:  “(1) summarizes highlights from the DPAs and NPAs of 2014; (2) discusses several post settlement considerations, including protections for independent monitor work product and post settlementterm revisions; (3) analyzes a potential trend in the judicial oversight of DPAs; and(4) addresses recent developments in the United Kingdom, where the Deferred ProsecutionAgreements Code of Practice recently took effect.

According to the Update, there were 30 NPAs or DPAs entered into by the DOJ (29) or SEC (1) in 2014. (However, this figure includes two in the Alstom action and two in the HP action.  Thus, there were 27 unique instances of the DOJ using an NPA or DPA in 2014.  Of the 27 unique instances, 5 (19%) were in FCPA enforcement actions and the FCPA was the single largest source of NPAs and DPAs in 2014 in terms of specific statutory allegation.

The Gibson Dunn updates provides a thorough review of two pending cases in which federal court judges are wrestling with the issue of whether to approve of a DPA agreed to be the DOJ and a company.

Shearman & Sterling

The firm’s “Recent Trends and Patterns in Enforcement of the FCPA” is also another quality read year-after-year.

Of note from the publication:

“[W]hat may be the most interesting facet of the SEC’s current enforcement approach is the Commission’s shift in the latter half of 2014 in Timms to settle charges against individuals through administrative proceedings. This may come as no surprise, as the SEC has had difficulty successfully prosecuting individuals for violating the FCPA in previous years. Most recently, in early 2014, the SEC suffered a pair of setbacks in its enforcement actions against executives from Nobel Corp. and Magyar Telekom […] before the U.S. courts. Other cases, such as SEC v. Sharef (the SEC’s case against the Siemens executives) and SEC v. Clarke (which is currently the subject of a pending stay), have lingered in the S.D.N.Y. for significant periods of time without resolution.”

[…]

Obtain or Retain Business

Following the announcement of the SEC’s settlement with Layne Christensen over improper payments made to foreign officials in various African countries, we noted that the SEC’s approach to the “obtaining or retaining business” test in the FCPA appeared at odds with the Fifth Circuit’s 2007 opinion in United States v. Kay. Specifically, in Kay, the DOJ charged two executives of American Rice, Inc. for engaging in a scheme to pay Haitian customs officials bribes in exchange for accepting false shipping documents that under-reported the amount of rice onboard ocean-going barges. The result of the false shipping documents was to reduce the amount of customs duties and sales taxes that American Rice would have otherwise been forced to pay. While the court in Kay dismissed the defendants’ argument that the FCPA was only intended to cover bribes intended for “the award or renewal of contracts,” holding instead that the payment of bribes in exchange for reduced customs duties and sales taxes, the court added that in order to violate the FCPA, the prosecution must show that the reduced customs duties and sales taxes were in turned used “to assist in obtaining or retaining business” per the language of the FCPA. In short, the court in Kay held that while bribes paid exchange for the reduction of duties or taxes could violate the FCPA, they were not per se violations of the statue, and that the Department would have to show how the benefit derived from the reduced duties and taxes were used to obtain or retain business.

Fast forwarding to 2014 in Layne Christensen, the Houston-based global water management, construction, and drilling company, was forced to pay over $5 million in sanctions despite the fact that the SEC’s cease-and-desist order pleaded facts inconsistent with the Fifth Circuit’s opinion in Kay. In its discussion of Layne Christensen’s alleged violation of the FCPA’s anti-bribery provisions, the SEC only alleged that the company paid bribes to foreign officials in multiple African countries “in order to, among other things, obtain favorable tax treatment, customs clearance for its equipment, and a reduction of customs duties.” The SEC’s cease-and-desist made no reference to how these reduced costs were used to obtain or retain business, rendering the SEC’s charges facially deficient.

Layne Christensen is not, however, the first time the DOJ and SEC have brought similar FCPA charges against companies without alleging how reduced taxes and customs duties were used to obtain or retain business. In the Panalpina cases from 2010, a series of enforcement actions against various international oil and gas companies, the DOJ and SEC treated the exchange of bribes for reduced taxes and customs duties as per se violations of the FCPA. Even in the 2012 FCPA Guide the enforcement agencies make clear that “bribe payments made to secure favorable tax treatment, or to reduce or eliminate customs duties . . . satisfy the business purpose test.” Whether the DOJ’s and SEC’s approach to the “obtaining or retaining business” element of the FCPA stems from a misinterpretation of Kay or is an attempt to challenge the Fifth Circuit’s opinion, remains to be seen. Nevertheless, we are troubled by the lack of clarity in the DOJ’s and SEC’s approach as it ultimately disadvantages defendants who may otherwise be pressured to settle charges over conduct which does not necessarily constitute a crime.”

Parent/Subsidiary Liability

As noted in previous Trends & Patterns, over the past several years the SEC has engaged in the disconcerting practice of charging parent companies with anti-bribery violations based on the corrupt payments of their subsidiaries. In short, the SEC has adopted the position that corporate parents are subject to strict criminal liability not only for books & records violations (since it is the parent’s books ultimately at issue) but also for bribery violations by their subsidiaries regardless of whether the parent had any involvement or even knowledge of the subsidiaries’ illegal conduct. The SEC has subsequently continued this approach in Alcoa and Bio-Rad.

According to the charging documents, officials at two Alcoa subsidiaries arranged for various bribe payments to be made to Bahraini officials through the use of a consultant. The SEC acknowledged that there were “no findings that an officer, director or employee of Alcoa knowingly engaged in the bribe scheme” but it still charged the parent company with anti-bribery violations on the grounds that the subsidiary responsible for the bribery scheme was an agent of Alcoa at the time. The Commission’s tact is curious considering that it charged Alcoa with books and records and internal controls violations as well, making anti-bribery charges seemingly unnecessary. Moreover, it is noteworthy that in the parallel criminal action, the DOJ elected to directly charge Alcoa’s subsidiary with violations of the FCPA’s anti-bribery provisions instead of Alcoa’s corporate parent.

In Bio-Rad, the SEC’s cease-and-desist order alleged that the corporate parent was liable for violations of the FCPA’s anti-bribery provisions committed by the company’s corporate subsidiary in Russia, Vietnam, and Thailand. In order to impute the alleged wrongful conduct upon the corporate parent, the SEC relied heavily upon corporate officials’ willful blindness to a number of red flags arising from the alleged schemes in Russia, Vietnam, and Thailand. Nevertheless, even if certain officials from Bio-Rad’s corporate parent were aware of the bribery scheme, the SEC’s charges ignore the black-letter rule that in order to find a corporate parent liable for the acts of a subsidiary, it must first “pierce the corporate veil,” showing that the parent operated the subsidiary as an alter ego and paid no attention to the corporate form.

It is also interesting that much like the case of Alcoa, the DOJ’s criminal charges against Bio-Rad are notably distinct from the SEC’s. Specifically, while the DOJ charged Bio-Rad’s corporate parent with violating the FCPA, the Department elected to only charge the company with violations of the FCPA’s book-and-records and internal controls provisions, not the anti-bribery provisions like the SEC.

The SEC’s charging decisions in Alcoa and Bio-Rad are even more peculiar given the fact that the SEC took an entirely different approach in HP, Bruker, and Avon, where despite alleging largely analogous fact patterns, the SEC charged the parent companies in HP, Bruker, and Avon with violations of the FCPA’s books-and-records and internal controls provisions only. Much like Alcoa and Bio-Rad, all of the relevant acts of bribery in HP, Bruker, and Avon were committed by the company’s subsidiaries in Mexico, Poland, Russia (HP), and China (Bruker and Avon). The SEC’s decisions in Alcoa, Bio-Rad, HP, Bruker, and Avon to charge parent companies involved in largely analogous fact patterns with different FCPA violations raise ongoing questions as to consistency and predictability of the SEC’s approach to parent-subsidiary liability.”

WilmerHale

The firm’s FCPA alert states regarding the travel and entertainment enforcement actions from 2014.

“While most cases involving travel and entertainment historically have involved other allegedly corrupt conduct, it was notable this year that travel and entertainment was the focus of the conduct in some cases. … [T]his suggests that travel and entertainment should continue to be a focus of corporate compliance programs. Unfortunately, the settled cases give little guidance as to some of the gray areas that challenge compliance officers, such as the appropriate dollar amounts for business meals, or how much ancillary leisure activity is acceptable in the context of a business event. Perhaps most interesting about the recent cases is that the government’s charging papers in some cases seem to lack any direct evidence that the benefits provided were provided as a quid pro quo to obtain a specific favorable decision from the official. The cases seem to simply conclude that if there were benefits provided to a government decision maker, the benefits must have been improper. Whether such allegations would be sufficient to satisfy the FCPA’s “corruptly” standard in litigation remains to be seen.”

Regarding the lack of transparency in FCPA enforcement, the alert states:

“[T]here still remains legitimate debate about whether the amount of credit that companies receive for voluntary disclosures is sufficient, especially when compared to companies that cooperate but do not self-report. One important factor that is often left out of the debate on this topic is the “credit” that is not visible in the public settlement documents but is nonetheless often informally received by companies that voluntarily disclose and/or cooperate. While the discussion above focuses on Sentencing Guidelines calculations and percentages of credit off the Sentencing Guidelines ranges, the discussion does not take into account decisions made by the government in settlement discussions that affect the ranges that are not seen in the settlement documents. For example, in settlement negotiations, the government might determine not to include certain transactions when calculating the gains obtained by the corporate defendant—perhaps because the evidence might have been weaker, or because jurisdiction might have been questionable, or because the settlement may have focused on transactions from a certain time period, or because of other factors. Thus, while the settlement documents might suggest a 20% discount from the bottom of the Sentencing Guidelines range, that range could have been higher had other transactions been included. These determinations are not transparent, but, anecdotally, there is some basis to believe that companies that voluntarily disclose and/or cooperate are more likely to get the benefit of the doubt as the sausage is being made. Given the lack of transparency in this area, the debates on this topic are likely to continue for a long time.”

Covington & Burling

The firm’s “Trends and Developments in Anti-Corruption Enforcement” is here.  Among other things, it states:

“As we have noted in the past, U.S. enforcement authorities have a taken creative and aggressive legal positions in pursuing FCPA cases. This past year saw a continuation of that trend, most notably with the SEC staking out an expansive position on the FCPA’s reach via agency theory.

Aggressive Use of Agency Theory. 2014 saw the SEC make use of a potentially far reaching agency theory to hold a parent company liable for the conduct of subsidiaries. In the Alcoa settlement, the SEC made clear that it had made “no findings that an officer, director or employee of [corporate parent Alcoa Inc.] knowingly engaged in the bribe scheme” at issue. Instead, its theory of liability was that the parent company “violated Section 30A of the Exchange Act by reason of its agents, including subsidiaries [Alcoa World Aluminum and Alcoa of Australia], indirectly paying bribes to foreign officials in Bahrain in order to obtain or retain business.” This agency theory was premised on the parent company’s alleged control over the business segment and subsidiaries where the conduct at issue allegedly occurred. Notably, the SEC did not rely on any evidence that parent-company personnel had direct involvement in or control over the alleged bribery scheme. Instead, the SEC pointed only to general indicia of corporate control that are the normal incidents of majority stock ownership (e.g., that Alcoa appointed the majority of seats on the business unit’s “Strategic Council,” transferred employees between itself and one of the relevant subsidiaries, and “set the business and financial goals” for the business segment). This is notable, in our view, because it is arguably at odds with DOJ and the SEC’s statement in the FCPA Resource Guide that they “evaluate the parent’s control — including the parent’s knowledge and direction of the subsidiary’s actions, both generally and in the context of the specific transaction — when evaluating whether a subsidiary is an agent of the parent.” (Emphasis added.) In the Alcoa matter, the SEC seemed to focus solely on “general” control; it did not allege any facts to support parent-level “knowledge and direction . . . in the context of the specific transaction.” This potentially expansive use of agency theory underscores the need for parent companies who are subject to FCPA jurisdiction to be attentive to corruption issues and compliance in all their corporate subsidiaries, even entities over which they do not exercise day-to-day managerial control.”

Miller & Chevalier

The firm’s FCPA Winter Review 2015 is here.

Among other useful information is a chart comparing the top ten FCPA enforcement actions (in terms of settlement amounts) as of 2007 compared to 2014 and a chart comparing SEC administrative proceedings and court filed complaints since 2005.

Davis Polk

The firm recently hosted a webinar titled “FCPA: 2014 Year-End Review of Trends and Global Enforcement Actions.”  The webcast and presentation slides are available here.

Jones Day

The firm’s FCPA Year in Review 2014 is here.

Other Items for the Reading Stack

From the FCPAmericas Blog – “Top FCPA Enforcement Trends to Expect in 2015.”

From the Corruption, Crime & Compliance Blog – “FCPA Year in Review 2014,” and FCPA Predictions for 2015.”

HP Enforcement Action – Where To Begin?

Where to begin?

That is the question when analyzing last week’s $108 million Foreign Corrupt Practices Act enforcement action against HP and related entities.  (See here).

Should the title of this post have been “The FCPA’s Free-For-All Continues”?

Should the title have been “HP = Hocus Pocus” (as in look what the enforcement agencies pulled out their hats this time)?

Should the title have been “Warning In-House and Compliance Professionals:  This Post Will Induce Mental Anguish”?

Unable to arrive at the best specific title for this post, I simply picked the generic “Where to Begin?”

In short, if the HP enforcement action does not leave you troubled as to various aspects of FCPA enforcement you: (i) may not be well-versed in actual FCPA legal authority; (ii) don’t care about the rule of law; or (iii) somehow derive satisfaction from government required transfers of shareholder money to the U.S. treasury regardless of theory.

Least there be any misunderstanding, let me begin this post by stating that the enforcement actions against HP Poland, HP Russia and HP Mexico allege bad conduct by certain individuals –  a “small fraction of HP’s global workforce” to use the exact words of the DOJ. As to that “small fraction,” those individuals should be held accountable for their actions by relevant law enforcement authorities.

However, as to the actual defendants charged in the enforcement actions – HP Russia, HP Poland and HP Mexico in the DOJ actions – and HP in the SEC administrative proceeding – there are actual legal elements that must be met and there is also prior enforcement agency guidance that ought to be followed.  The entire credibility and legitimacy of the DOJ and SEC’s FCPA enforcement programs depend on these two basics points.

For instance, in what is believed to be an FCPA first, the DOJ charged two non-issuers (HP-Russia and HP-Poland) with substantive violations of the FCPA’s books and records and internal controls provisions – provisions which only apply to issuers.   This is concerning in and of itself.

Yet the resulting landscape from the HP enforcement action is of more concern and it should induce mental anguish for many for the following reasons.

Issuers have an obligation under the FCPA to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that,” among other things, transactions are executed in accordance with management’s general or specific authorization.  Failure to adopt such internal controls is a violation of law.

Conversely, and here is where the “hocus pocus” part comes in, if an issuer does adopt such internal controls and a “small fraction” of employees at certain foreign subsidiaries engage in covert means to willfully circumvent those internal controls, well, that is a violation of law as well in the eyes of the enforcement agencies.

The DOJ’s and SEC’s own allegations paint a picture of HP establishing, particularly given the time periods relevant to the enforcement actions, a system of internal accounting controls sufficient to provide reasonable assurances as to the conduct at issue. yet being a victim of the willful and deceptive conduct of a “small fraction” of employees who designed covert means to circumvent HP’s internal controls.

For instance, as to HP Poland, the criminal information alleges, in pertinent part as to the relevant time period (2006 to 2010):

“At all times relevant to this Information, HP policies prohibited corruption, self-dealing, and other misconduct.  HP’s Standards of Business Conduct (“SBC”) in effect during the relevant time period specified company rules and regulations governing legal and ethical practices, preparation of accurate books and records, contracting, and approvals and engagements of third parties.  The SBC applied to all HP Co. business divisions and subsidiaries, including HP Poland.  HP Poland employees, including HP Poland Executive, received mandatory SBC training annually, among other training.”

“The SBC manuals specifically referenced the FCPA, and prohibited, among other items, bribes, corrupt practices, ‘side letter,’ ‘off-the-books’ arrangements,’ and ‘other express or implied agreements outside standard HP contracting processes.’  The SBC manuals in effect during this period further instructed employees of HP that they were not to ‘commit [the relevant HP business] to undertake any performance, payment or other obligation unless [the employee was] authorized under the appropriate HP [business] delegation of authority policies,’ and further required accurate accounting records and proper finance practices.”

Notwithstanding these controls, the information alleges that an HP Poland Executive caused falsification of HP’s books and records and circumvented HP existing internal controls.  Among other things, the information alleges that the gifts to the Polish Official “violated HP internal controls relating to gift-giving, and were not properly reflected in HP’s books and records.”  The information alleges that the HP Poland Executive “willfully circumvented HP’s internal controls, and falsified corporate books and records relied on by HP’s officers and external auditors to authorize transactions and prepare HP’s consolidated financial statements.”  The information alleges that HP Poland Executive devised covert means – such as communicating through anonymous e-mail accounts and prepaid mobile telephones – in connection with his bribery scheme.  The information even alleges that the HP Poland Executive and the Polish Official drove around in vehicles in “remote locations” and “would type messages in a text file, passing the computer between themselves.” According to the information, “communications were made in this fashion to avoid possible audio recording of the discussions by hidden devices, and to circumvent HP’s internal controls.”

Nevertheless, the DOJ alleges:

“Although HP had certain anti-corruption policies and controls in place during the relevant time period, those policies and controls were not adequate to prevent the conduct described herein and were insufficiently implemented at HP Poland.”

As discussed in this prior post, what is the source for this dramatic conclusory allegation?  Nothing more than ipse dixit and subjective say-so.

The same holds true for the DOJ’s allegations concerning HP Mexico.  The non-prosecution agreement contains the same two substantive allegations concerning HP’s internal controls set forth above relevant to HP Poland, plus the following as to the relevant time period (2006 to 2009):

“HP’s policies permitted legitimate commission payments to channel partners.  These policies required that the recipient of commissions enter into a written channel partner contract with an addendum permitting the payment of commissions be pre-approved, subjected to due diligence, and registered in HP’s partner system.  HP Mexico’s policy also required channel partner commissions to follow an approval matrix, with commissions exceeding a particular percentage of the transaction’s total volume regarding additional approvals.”

Notwithstanding these controls, the information alleges that certain HP Mexico sales managers on one deal deceived HP.  The NPA states:

“[The Consultant at issue] was not an approved HP Mexico channel partner and had not entered into a written channel partner agreement as required by HP’s internal controls and policies.  In circumvention of these internal controls and policies, HP Mexico executives pursuing the BTO Deal arranged for another entity (“Intermediary”), which was already an approved HP Mexico channel partner, to join in the transaction.  HP Mexico’s sales managers arranged for the Intermediary to receive commissions from HP Mexico and then pass those monies along to Consultant, after deducting a portion as a fee. Although Intermediary played no role in negotiating the BTO Deal, HP Mexico executives recorded Intermediary as the deal partner in its internal tracking system.”

“By arranging payments to be made through the Intermediary to Consultant, HP Mexico was able to circumvent HP’s policies requiring pre-approval of channel partners and written agreement for third-party payments.  HP Mexico further circumvented HP’s controls by failing to identify the role of Intermediary in the BTO Deal …  In addition, HP Mexico’s books and records falsely reflected that the Intermediary was the deal partner and principal recipient of the commission on the BTO Deal, which ultimately caused certain HP books and records to be falsified.”

Nevertheless, the DOJ alleges:

“Although HP had certain anti-corruption policies and controls in place during the relevant period, those policies and controls were not adequate to prevent the conduct described herein and were insufficiently implemented at HP Mexico.  This allowed HP Mexico to circumvent HP’s internal accounting controls and falsify its books and records as described herein.”

What is the source for this dramatic conclusory allegation?  Nothing more than ipse dixit and subjective say-so.

The same holds true for the DOJ’s allegations concerning HP Russia.  The information contains the same two substantive allegations concerning HP’s internal controls set forth above relevant to HP Poland and HP Mexico, plus the following as to the relevant time period (2000 to 2007).

“HP’s policies placed restrictions and due diligence requirements on contracts with third parties, including ‘HP customers, channel partners, suppliers, other business partners or outside parties.’  They required credit checks and approvals for certain third parties, and required the preparation of ‘Subcontractor Qualification Worksheets’ and ‘Pre-Bid Risk Identification & Assessment Questionnaires’ that related to qualifications and financial capabilities of certain third parties.  Among other due diligence requirements, the policies required telephonic interview of certain third parties regarding experience, references, checks to determine whether the third party had the capacity and geographic coverage for the project, and an overall evaluation of doubts, reservations, and ‘risks/weaknesses’ of the third party.”

“HP’s Solution Opportunity Approval and Review (‘SOAR’) process applies to all service-related projects valued at greater than $500,000 anywhere in the world, including Russia.  Among other things, the SOAR process was designed to provide HP’s senior company management visibility into pricing, discounts, and profit margins for transactions.  It required review of relationships with third parties, including scope of work, contract terms, qualifications, and necessity of services.  Business, legal, finance, credit, tax, and other units participated in the SOAR review.  No services-related transaction greater than $500,000 could proceed without SOAR approval.”

“Pursuant to the Sarbanes-Oxley Act of 2002, HP management was required to certify the accuracy of HP’s financial statements and the adequacy of its related internal controls to develop those statements.  In supporting these certifications, HP executive management required senior and regional management of HP’s business units to sign sub-certifications certifying that HP’s financial statements were accurate and that their internal controls provided assurances that transactions were properly authorized and recorded, and assets were safeguarded from improper use.”

Notwithstanding these controls, the information alleges that five HP Russia employees deceived HP.  For instance, the information specifically alleges that the individuals created a secret slush fund and to “execute and hide the scheme … willfully circumvented existing internal controls, and falsified corporate books and records relied upon by HP officers and external auditors to authorize the transaction and prepare HP’s consolidated financial statements.”

According to the information, the slush fund “was concealed in the project’s financials” and “HP Russia maintained two sets of project pricing records:  off-the-books versions, known only to the conspirators, which identified slush fund recipients, and sanitized versions of the same documents which were provided to HP credit, finance, and legal officers outside of HP Russia.”

According to the information, “one example of an off-the-books document was an encrypted, password-protected spreadsheet” which contained different information than the “on-the-books version.”  According to the information, a Pricing Worksheet “provided to management outside of HP Russia omit[ed] all references to the slush fund payments, instead inflating hardware prices to create margin for the payments.”

In addition, the information alleges “concealment of [the] slush fund during SOAR Review.”  According to the information, “in early August 2003, HP management in Europe pressed HP Russia to begin the SOAR process for the GPO contract so that it could be executed.  In circumvention of company policy, however, HP Russia Executive 1 had already [signed the relevant contract and executed it] with no authorization and no power of attorney.”

According to the information, “the HP credit officer assigned to the SOAR review initially denied credit approval to proceed with the contract …”.  The information then alleges that the HP Russia Manager provided false information to the HP Credit Officer. The information further alleges that when the HP Credit Officer asked other questions regarding the relevant transaction, the HP Russia Manager provided other false information.

Regarding an actual SOAR meeting in 2003, the information alleges that the day before this meeting, the HP Russia Manager emailed relevant management with false information and thereafter provided additional false information to the HP Credit Officer in connection with relevant transaction.

According to the information, when it came time for the HP Russia Executive to certify the accuracy of the company’s financial statements and adequacy of internal controls pursuant to SOX, the HP Russia Executive falsely certified the requested information and that such certification was relied upon by other HP managers.

According to the information, members of the Russian conspiracy “structured bribe payments to individuals associated with [the Russian government] through a “off-the-books contract” and specifically alleges as follows:

“In circumvention of HP internal controls, including third party due diligence requirements and prohibitions against ‘side letters,’ ‘off-the-books’ arrangements, or other express or implied agreements outside standard HP contracting process,’ HP Russia never disclosed the existence of the [off-the-books contract] to internal or external auditors or management outside of HP Russia, and conduct no due diligence of [the relevant entity]”

The information alleges that the purpose of the conspiracy was to “conceal[] and disguise[] the payments by falsifying HP Russia’s and HP’s books and records; and evading and failing to implement internal controls meant to detect and deter such payments.”  Specifically, the information alleges:

“HP Russia, through its executives and employees, together with others, knowingly and deliberately failed to implement internal accounting controls and circumvented existing internal accounting controls designed to detect and prevent such improper conduct.  HP Russia entered into off-the-books contracts, maintained two sets of accounting records, failed to conduct appropriate due diligence of third parties, concealed the existence of third-party relationship from HP management, executed contracts without authorization, and made misrepresentations to HP audit, compliance, credit and legal officers.”

Among other things, the information alleges that HP Russia employees  “avoided controls over third-party vendors and off-the-books contracts,” “created and used certain mechanisms for making and concealing payments to third parties,” and “secretly executed certain contracts without proper authority.”

Nevertheless, the DOJ alleges:

“While the SBC prohibited corrupt payments, required due diligence of third-parties, and included other control requirements to maintain accountability for assets, the policies were not adequate to detect and prevent the misconduct described herein, and in practice certain HP business divisions and subsidiaries failed to implement and enforce the policies consistently, and on occasion circumvented or disregard the policies entirely.”

What is the source for this dramatic conclusory allegation?  Nothing more than ipse dixit and subjective say-so.

Unlike the DOJ enforcement actions (in which HP was not an actual defendant but merely guaranteed payment of fine and penalty amounts and had compliance obligations imposed upon it), in the SEC’s enforcement action HP is the sole defendant (technically a respondent since the enforcement action was an administrative proceeding not subjected to one ounce of judicial scrutiny).  The SEC’s action is based on the same HP Poland, HP Russia, and HP Mexico conduct alleged in the DOJ enforcement actions.

Prior to the stating the SEC’s conclusory statement as it relates to HP itself, it is useful to review the DOJ’s allegations HP-specific allegations because there is little logical consistency between those allegations and the SEC’s conclusory statement.

Again, the DOJ alleged that HP:

  • Had existing FCPA and related policies and procedures in place and that all relevant employees received training on the policies;
  • Had existing policies and procedures in place related to commission payments to channel partners, due diligence of channel partners, and other tracking policies regarding channel partners;
  • Had an existing approval process in place that applied to all service-related projects valued at greater than $500,000 anywhere in the world and as part of that process HP managers questioned relevant subsidiary employees at questionable information;
  • Had an existing SOX certification and sub-certification process in place as relevant to the referenced subsidiaries.

Yet, and here comes the “hocus pocus” moment, the SEC states against the backdrop of the same covert means, concealment, and misrepresentations and deception alleged in the DOJ actions that:

“[A]lthough HP had certain anti-corruption policies and controls in place during the relevant time period, those policies and controls were insufficiently implemented on the regional or country level.  Further, HP failed to devise and maintain an adequate system of internal accounting controls sufficient to provide reasonable assurance that (i) access to assets was permitted only in accordance with management’s authorization; (2) transactions were recorded as necessary to maintain accountability of assets; and (3) transactions were executed in accordance with management’s authorization.”

It is difficult to reconcile the SEC’s HP allegations against actual legal authority in that the internal-controls provisions are specifically qualified through concepts of reasonableness and good faith.  The only judicial decision to directly address the substance of the internal-controls provisions states, in pertinent part, as follows:

“It does not appear that either the SEC or Congress, which adopted the SEC’s recommendations, intended that the statute should require that each affected issuer install a fail-safe accounting control system at all costs.”

In addition, various courts have held—in the context of civil derivative actions in which shareholders seek to hold company directors liable for breach of fiduciary duties due to the company’s alleged FCPA violations— that just because improper conduct allegedly occurred somewhere within a corporate hierarchy does not mean that internal controls must have been deficient.

The SEC’s allegations against HP are further difficult to reconcile with SEC guidance concerning the internal controls provisions. This guidance states, among other things:

“Inherent in this concept [of reasonableness] is a toleration of deviations from the absolute.”

“The test of a company’s internal control system is not whether occasional failings can occur. Those will happen in the most ideally managed company.”

The critical point in assessing an issuer’s internal controls is at the time of the alleged conduct and whether – at that time – the issuer had internal controls sufficient to provide various reasonable assurances.   In other words, the critical point is not 5 or 10 years later and the issue is not – with the benefit of perfect hindsight – whether the issuer could have done more.

Further problematic in the SEC’s enforcement action against HP is that it is yet another example of “non-charged bribery disgorgment” and among the most vocal critics of this SEC theory is a former high-ranking SEC enforcement attorney (see here).

Whether the proper title should have been “The FCPA’s Free-For-All Continues,” “HP = Hocus Pocus” or how the HP enforcement action, with reason, should induce mental anguish among many, there is much to analyze and critique in the DOJ’s and SEC’s enforcement actions against HP and related entities.

The same applies to much recent FCPA enforcement activity.

To recap, since December 2013 the FCPA enforcement agencies have extracted approximately $546 million against risk averse corporations:

  • (i) based on enforcement agency allegations that the parent company issuer was a victim of deceptive conduct and actions by a “small fraction” of its global workforce;
  • (ii) based on enforcement agency allegations that the corporate entities were victims of a corrupt Ukraine government that refused to pay VAT refunds that the companies were legitimately owed (see here); and
  • (iii) in a case concerning alleged conduct (approximately 10 to 15 years ago) by a consultant who was criminally charged by another law enforcement agency, put the law enforcement agency to its burden of proof at trial, and the law enforcement agency dismissed the case because there was no ”realistic prospect of conviction” (see here).

Supreme Court Notable

Sometimes it takes the Supreme Court to remind us … well … what the law is!

Dig into certain corporate Foreign Corrupt Practices Act enforcement actions and it would appear that legal liability seems to hop, skip, and jump around a multinational company.  This of course would be inconceivable in other areas, such as contract liability, tort liability, etc. absent an “alter ego” / “piercing the veil” analysis for the simple reason that is what the black letter law commands.

Yet, as often highlighted on these pages, black letter legal principles (whether statute of limitations, jurisdiction, etc.) are seemingly ignored in certain instances of corporate FCPA enforcement because the name of the game is primarily cooperation and risk aversion.  (See here for the prior post, “Does DOJ Expect FCPA Counsel to Roll Over and Play Dead?”).

With increasing frequency, the DOJ and SEC have advanced broad “agency” theories in which the acts of a subsidiary are attributed to a parent corporation absent any allegations to support an “alter ego” or “veil piercing” exception.

One of the more forceful critics of this trending DOJ and SEC approach has been Philip Urofsky (a former high-ranking DOJ FCPA enforcement attorney) see prior posts here and here.   As Urofsky recently – and rightfully – noted:

“[just because a corporate FCPA enforcement action is resolved] “through an NPA rather than a DPA (or a guilty plea) does not excuse this approach—when the DOJ announces it will not prosecute but requires the company to admit to facts establishing a criminal violation of the law, it is stating, as a fact, that the company  committed a crime. In such case, it is obligated to demonstrate, through the  pleadings, in whatever form they are presented, that it could, in fact, prove each and every element of the offense.”

The above is all necessary background to the Supreme Court’s decision earlier this week in a non-FCPA case in which the court slammed the “agency” theory seemingly serving as the basis for several recent corporate FCPA enforcement actions.

*****

Daimler A.G. v. Bauman,  an opinion authored by Justice Ginsburg, concerned “the authority of a court in the United States to entertain a claim brought by foreign plaintiffs against a foreign defendant based on events occurring entirely outside the United States.”

The complaint “alleged that during Argentina’s 1976-1983 ‘Dirty War,’ Daimler’s Argentinian subsidiary, Mercedes-Benz Argentina (MB Argentina) collaborated with state security forces to kidnap, detain, torture, and kill certain MB Argentina workers, among them, plaintiffs or persons closely related to plaintiffs.”  Damages for the alleged human rights violations were sought from Daimler and U.S. jurisdiction “over the lawsuit was predicated on the California contacts of Mercedes-Benz USA, LLC (MBUSA), a subsidiary of Daimler incorporated in Delaware with its principal place of business in New Jersey.”

“The question presented,” as described by Justice Ginsburg, was “whether the Due Process Clause of the Fourteenth Amendment precludes the District Court from exercising jurisdiction over Daimler in this case, given the absence of any California connection to the atrocities, perpetrators, or victims described in the complaint.”

As noted by the court, the plaintiffs were seeking to hold “Daimler vicariously liable for MB Argentina’s alleged malfeasance” and it was noted that “MB Argentina was a subsidiary wholly owned by Daimler’s predecessor in interest.”

In response to Daimler’s motion to dismiss for lack of personal jurisdiction, the plaintiffs argued “that jurisdiction over Daimler could be founded on the California contacts of MBUSA, a distinct corporate entity that, according to plaintiffs, should be treated as Daimler’s agent for jurisdictional purposes.”

The district court granted Daimler’s motion to dismiss and declined, in relevant part, to “attribute MBUSA’s California contacts to Daimler on an agency theory, concluding that plaintiffs failed to demonstrate that MBUSA acted as Daimler’s agent.”  The Supreme Court opinion states:

“The Ninth Circuit at first affirmed the District Court’s judgment.  Addressing solely the question of agency, the Court of Appeals held that plaintiffs had not shown the existence of an agency relationship of the kind that might warrant attribution of MBUSA’s contacts to Daimler.”

However, the Ninth Circuit granted plaintiffs’ petition for rehearing, the panel withdrew its initial opinion, and replaced it with one which concluded that the agency test was satisfied.  Daimler petitioned for rehearing, but the Ninth Circuit denied Daimler’s petition.

The Supreme Court’s decision is heavy on jurisdiction issues – including much discussion of general jurisdiction and specific jurisdiction.

Turning to the agency issues, the opinion states “while plaintiffs ultimately persuaded the Ninth Circuit to impute MBUSA’s California contacts to Daimler on an agency theory, at no point, have they maintained that MBUSA is an alter ego of Daimler.”

Next, the opinion states (internal citations omitted) as follows.

“In sustaining the exercise of general jurisdiction over Daimler, the Ninth Circuit relied on an agency theory, determining that MBUSA acted as Daimler’s agent for jurisdictional purposes and then attributing MBUSA’s California contacts to Daimler. The Ninth Circuit’s agency analysis derived from Circuit precedent considering principally whether the subsidiary “performs services that are sufficiently important to the foreign corporation that if it did not have a representative to perform them, the substantially similar services.”

“This Court has not yet addressed whether a foreign corporation may be subjected to a court’s general jurisdiction based on the contacts of its in-state subsidiary. Daimler argues, and several Courts of Appeals have held, that a subsidiary’s jurisdictional contacts can be imputed to its parent only when the former is so dominated by the latter as to be its alter ego. The Ninth Circuit adopted a less rigorous test based on what it described as an “agency” relationship. Agencies, we note, come in many sizes and shapes: “One may be an agent for some business purposes and not others so that the fact that one may be an agent for one purpose does not make him or her an agent for every purpose.”  A subsidiary, for example, might be its parent’s agent for claims arising in the place where the subsidiary operates, yet not its agent regarding claims arising elsewhere. The Court of Appeals did not advert to that prospect. But we need not pass judgment on invocation of an agency theory in the context of general jurisdiction, for in no event can the appeals court’s analysis be sustained.”

“The Ninth Circuit’s agency finding rested primarily on its observation that MBUSA’s services were “important” to Daimler, as gauged by Daimler’s hypothetical readiness to perform those services itself if MBUSA did not exist.  Formulated this way, the inquiry into importance stacks the deck, for it will always yield a pro-jurisdiction answer: “Anything a corporation does through an independent contractor, subsidiary, or distributor is presumably something that the corporation would do ‘by other means’ if the independent contractor, subsidiary, or distributor did not exist.” The Ninth Circuit’s agency theory thus appears to subject foreign corporations to general jurisdiction whenever they have an in-state subsidiary or affiliate, an outcome that would sweep beyond even the “sprawling view of general jurisdiction” we rejected in Goodyear.”

[…]

It was therefore error for the Ninth Circuit to conclude that Daimler, even with MBUSA’s contacts attributed to it, was at home in California, and hence subject to suit there on claims by foreign plaintiffs having nothing to do with anything that occurred or had its principal impact in California.”

Applying this Supreme Court’s conclusion to the FCPA context, the notion that because a subsidiary’s services are important to a parent corporation – and thus the subsidiary is an agent of the parent corporation for purposes of imputing liability – stacks the deck, for it will always yield a pro-agency answer.

The Supreme Court’s decision is Daimler is also notable for another reason.

As highlighted in this April 2013 post concerning the Supreme Court’s notable Kiobel decision (a non-FCPA case, but a case in which the logic and rationale of many justices has direct bearing on certain aspects of FCPA enforcement, and indeed can be viewed as Supreme Court disapproval of certain aspects of FCPA enforcement), the Supreme Court was concerned about the “delicate foreign policy consequences” of expansive U.S. jurisdiction over foreign actors.

Continuing with this concern, in the Daimler case, the court stated:

“Finally, the transnational context of this dispute bears attention. The Court of Appeals emphasized, as supportive of the exercise of general jurisdiction, plaintiffs’ assertion of claims under the Alien Tort Statute (ATS) and the Torture Victim Protection Act of 1991 (TVPA).  Recent decisions of this Court, however, have rendered plaintiffs’ ATS and TVPA claims infirm.

The Ninth Circuit, moreover, paid little heed to the risks to international comity its expansive view of general jurisdiction posed. Other nations do not share the uninhibited approach to personal jurisdiction advanced by the Court of Appeals in this case.

[…]

The Solicitor General informs us, in this regard, that “foreign governments’ objections to some domestic courts’ expansive views of general jurisdiction have in the past impeded negotiations of international agreements on the reciprocal recognition and enforcement of judgments.”  […] See also U. S. Brief 2 (expressing concern that unpredictable applications of general jurisdiction based on activities of U. S.-based subsidiaries could discourage foreign investors); Brief for Respondents 35 (acknowledging that “doing business” basis for general jurisdiction has led to “international friction”). Considerations of international rapport thus reinforce our determination that subjecting Daimler to the general jurisdiction of courts in California would not accord with the “fair play and substantial justice” due process demands.”

It is nothing short of remarkable that the U.S. government urged restraint of expansive jurisdictional theories in Daimler because such “unpredictable applications” of expansive jurisdiction “could discourage foreign investors” and result in other foreign policy difficulties, yet at the same time the U.S. government advances unpredictable, creative, and dubious jurisdictional theories against foreign actors in FCPA enforcement actions.

A SEC Blast From The Past

This recent post highlighted 1979 comments from the DOJ’s Assistant Attorney General regarding the DOJ’s FCPA enforcement priorities.  Today’s post is an SEC blast from the past.

The year was also 1979 and Wallace Timmeny (SEC Deputy Director, Division of Enforcement) authored an article titled “SEC Enforcement of the Foreign Corrupt Practices Act” in the Loyola of Los Angeles International and Comparative Law Review.  The purpose of the article was to “discuss legal issues arising from the enforcement” of the FCPA in actions brought by the SEC.  The article is an informative read as to the SEC’s early FCPA enforcement actions.

The article is also an interesting reading concerning the author’s description of “vicarious liability under the FCPA” and it states, in pertinent part, as follows.

“The liability of issuers for the acts or failures of foreign or domestic subsidiaries is not clearly specified in section 30A and section 13(b). Section 30A covers the conduct of registered and reporting companies and the conduct of any officer, director, employee, or agent of any such company or any stockholder of such company acting on behalf of the company. Thus, by its terms, section 30A does not refer to subsidiaries whose securities are not registered or which are not required to file reports pursuant to section 15(d). The legislative history of section 30A indicates that the section was not intended to cover the activities of foreign subsidiaries where there was no jurisdictional nexus with the United States and where the issuer of a reporting company had no knowledge of the payment.”

The article concludes as follows.

“As a nation we understand the implications of corrupt practices. Improper or questionable payments undermine our foreign policy and, in fact, place control of foreign policy in the hands of private individuals or companies who do not respond to the electorate. Corrupt practices can topple friendly governments, increase hostility to the United States, and provide ammunition to those who would topple our own system. Shoddy accounting practices foster those problems and result in significant detriment to individual investors, and to the marketplace in general, by undermining investor confidence. The problems leading to the passage of the FCPA have been more than sufficiently illumined in legislative history and in enforcement actions brought by government agencies. Against this background, it is unlikely that the courts will interpret the FCPA narrowly.”

Like the recent post regarding the DOJ blast from the past, Timmeny’s article also recognizes that the primary motivation of Congress in passing the FCPA was foreign policy related.  (For more see my article “The Story of the Foreign Corrupt Practices Act“).  In this prior post, also regarding the 1979 speech by the DOJ official, I asked as follows.

“Most enforcement actions in this new era involve alleged payments to state-owned or state-controlled enterprises with many attributes of private commercial enterprises, employees of various foreign health care systems such as physicians, or actions based on payments to ministerial or clerical officials concerning mundane foreign licenses, permits or customs issues. Can it truly be said that these enforcement actions concern payments that could lead to the downfall of foreign governments or payments that have significant foreign policy and national security implications?”

Timmeny’s article also predicted that it was “unlikely that the courts will interpret the FCPA narrowly.”

It is believed that the  SEC has been put to its ultimate burden of proof in a core FCPA case only four times.

The SEC lost two cases.  In SEC v. Eric Mattson and James Harris the court granted the defendants’ motion to dismiss and rejected the SEC “obtain or retain business” enforcement theory.  In SEC v. Herbert Steffen, the court granted the defendants’ motion to dismiss and rejected the SEC’s jurisdictional theories.

Two cases remain pending.  In SEC v Elek Straub et al. defendants’ pre-trial motion to dismiss was denied.  In SEC v. Mark Jackson and James Ruehlen, the court granted defendants’ motion to dismiss the SEC’s claims that sought monetary  damages while denying the motion to dismiss as to claims seeking injunctive relief.  The dismissal was without prejudice and the SEC has filed amended complaints that have significantly narrowed the case.

Former DOJ FCPA Enforcement Attorney Blasts Ralph Lauren Enforcement Action

This prior post summarizing the recent Ralph Lauren enforcement action noted that there was no allegation or suggestion that Ralph Lauren Corporation (RLC”)  was aware of, or participated in, the alleged improper conduct.  The same could be said of many FCPA enforcement actions against a parent company – resolved via a non-prosecution and deferred prosecution agreement – based on foreign subsidiary conduct.

Respondeat superior corporate criminal liability is broad, but not this broad.  Absent an “alter ego” / “piercing the veil” analysis, legal liability of any kind does not ordinary hop, skip, and jump around a multinational enterprise as the DOJ or SEC see fit.

In this prior post, I collected RLC enforcement action commentary hits and misses.  Contrary to many, I found nothing to trumpet in the RLC enforcement action, but much to lament.

There has been another “hit” when it comes to RLC enforcement action commentary, and this one is a home run.

It comes from former DOJ Assistant Chief of the Fraud Section Philip Urofsky (currently a partner at Shearman & Sterling).  Urofksy has always been one of the best, most insightful, FCPA commentators.  His writings were cited in my article the “Facade of FCPA Enforcement,” his critiques of DOJ enforcement theories (such as jurisdictional issues and obtain or retain business) have frequently been highlighted on these pages – see here for instance.

In short, when Urofsky writes, given his prior experience and insight, we really ought to read and take notice.

His latest is “The Ralph Lauren FCPA Case:  Are There Any Limits to Parent Corporation Liability?” recently published in Bloomberg BNA’s Securities Law Daily.

Urofsky and his co-author state, in pertinent part, as follows.

“The facts of the case … point to the steady entrenchment of a more ominous prosecution theory:  an approach that appears to approximate strict criminal and civil liability of parent corporations for their subsidiaries’ corrupt acts.  Although this disregard of corporate structures has been hinted at in previous SEC matters – and the theoretical underpinnings discussed in last year’s DOJ/SEC Resource Guide – the RLC case puts both agencies firmly in the camp of this aggressive and unprecedented expansion of corporate liability.”

“This approach, however, fails to honor the corporate form and the black-letter rule that to ‘pierce the corporate veil’ the government and other litigants must show that the parent operated the subsidiary as an alter ego, and itself paid no attention to the corporate form.  Moreover, it is contrary to the language of the [FCPA’s] original history.”

In conclusion, the article states as follows.

“It is disquieting [that in the RLC case] the DOJ appears to have jumped on the charge-the-parent bandwagon, bringing a bribery case against a parent without alleging any involvement by the parent in those violations.  One can only speculate that it did so because it had no jurisdiction over the foreign subsidiary itself, given that it also did not allege any act by the subsidiary in U.S. territory.  However, as always, the maxim that bad facts make bad law applies, and evidentiary weaknesses cannot excuse the distortion of the statute’s previously clear and reasonable allocation of responsibility.”

I can write about the “facade of FCPA enforcement,” legislative history, how many FCPA enforcement actions seemingly violate basic black-letter principles and the like until the cows come home.

But hopefully more people will finally pay attention to this new era of FCPA enforcement when someone like Urofsky uses terms like “disquieting” “jump on the bandwagon” and “distortion of the statute.”

Powered by WordPress. Designed by WooThemes