Foreign Corrupt Practices Act issues often co-exist in two parallel universes.
One universe is ruled by perceived all-powerful gods with big and sharp sticks in which subjects dare challenge the gods. Another universe consists of checks and balances in which independent actors call the balls and strikes.
The first universe refers to FCPA enforcement by the DOJ and SEC. The second universe refers to litigation of FCPA-related claims in which judges make decisions in the context of an adversarial legal system. This second universe is often referred to as the rule of law universe.
There are several examples of theories used in the first universe that do not work in the second universe.
For instance, the SEC frequently advances what seems like a woulda, coulda, shoulda approach to enforcing the FCPA’s internal controls provisions. In other words, with the perfect benefit of hindsight, the issuer woulda, coulda, shoulda done x, y or z and if only the issuer did x, y or z the alleged legal violation would have never occurred.
Lost in the analysis is that neither the FCPA, nor any implementing rule or regulation, actually requires issuers to do x, y or z. Indeed, all the law requires is that issuers “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances” that the vague standards of the provisions are met.
The theory of enforcement, as explored in several prior posts including this one, amounts to little more than ipse dixit. (Latin for He himself said it – an unsupported statement that rests solely on the authority of the individual who makes it). In other words, the failure to do x, y or z is an internal controls violations merely because the SEC says it is.
Thus, in the SEC’s $7.5 million FCPA enforcement action against Qualcomm in March 2016, an enforcement action not subjected to one ounce of judicial scrutiny, the SEC found that the company, with the perfect of hindsight, woulda, coulda, shoulda done more to ensure that various things of value were not provided to “foreign officials.”
As sure as the sun rises in the the east, plaintiff attorneys representing Qualcomm shareholders salivated and filed various civil actions against Qualcomm officers and directors for alleged breach of fiduciary duty.
Yet, these claims are actually litigated and subjected to judicial scrutiny and, as is often the case, were recently dismissed (see this recent Delaware Court of Chancery opinion authored by Vice Chancellor Tamika Montgomery-Reeves).
The opinion begins with the following summary.
“The Complaint alleges that the Qualcomm Inc. (“Qualcomm”) board’s conscious disregard for red flags resulted in violations of the Foreign Corrupt Practices Act (“FCPA”) and a March 2016 U.S. Securities and Exchange Commission (“SEC”) cease-and-desist order. Plaintiffs’ Complaint asserts claims for breach of fiduciary duty, waste, and unjust enrichment against the Qualcomm directors and former Chief Financial Officer. Defendants moved to dismiss under Court of Chancery Rule 23.1 for failure to make demand or allege demand futility and Rule 12(b)(6) for failure to state a claim. For the reasons stated herein, I grant Defendants’ Rule 23.1 motion to dismiss all counts in Plaintiffs’ Complaint.”
As to the March 2016 SEC enforcement action, the opinion states:
“On March 1, 2016, the SEC determined that between 2002 and 2012, Qualcomm violated the FCPA. The FCPA is a federal anti-bribery statute that forbids illicit payments to foreign government officials to obtain or retain business overseas. It also requires that publicly traded companies like Qualcomm establish adequate internal controls to ensure (1) that they execute only authorized transactions and (2) that all company transactions are accurately recorded. The FCPA further requires that publicly traded companies actually make and keep accurate accounting records for all transactions and dispositions of company assets.
The Red Flags
Plaintiffs allege that the Qualcomm board pursued a business expansion plan emphasizing the Asia Pacific region, particularly China, which resulted in FCPA violations. According to the Complaint, China is a country of focus for U.S. FCPA regulators because of the large number of state-owned enterprises and the culture of gift giving. As such, Plaintiffs assert that U.S. companies doing business in China are on notice of the importance of FCPA compliance.
The Complaint alleges that the Qualcomm board and its Audit Committee knew of several red flags regarding FCPA compliance in China and Korea. On April 20, 2009, the Qualcomm Audit Committee was presented with an Internal Audit Update, which showed that certain gifts were not being appropriately logged on the Qualcomm gift logs. At the Audit Committee’s July 20, 2009 meeting, committee members received reports of potential FCPA violations. And in December 2009, the Audit Committee learned of whistleblower allegations of FCPA violations. In addition, a presentation given at the January 25, 2010 Audit Committee meeting shows that “[a] large number of activities such as business meals, business entertainment, marketing and gifts with known government related entities have not been recorded in the Qualcomm China Gift logs.” A similar problem was presented with respect to Korean gift logs at the same meeting. Finally, for the audit period from January 1, 2010 through March 31, 2011, the Complaint alleges that PricewaterhouseCoopers noted that “QCA” did not have certain FCPA compliance processes in place. Defendants assert that QCA is a company that Qualcomm had recently acquired, but the Complaint does not allege what QCA is.
The SEC Cease-and-Desist Order
On March 1, 2016, the SEC determined that cease-and-desist proceedings should be instituted against Qualcomm as a result of alleged FCPA violations. In anticipation of the institution of cease-and-desist proceedings, Qualcomm reached a settlement with the SEC, which was announced simultaneously with the cease-and-desist proceedings. The SEC released the terms of the settlement in the form of a cease-and-desist order.
The cease-and-desist order shows that the SEC found that Qualcomm violated the FCPA in the following ways: (1) from 2002 until 2012, Qualcomm provided frequent meals, gifts, and entertainment to Chinese officials who were considering whether to adopt Qualcomm technology; (2) Qualcomm hired relatives of Chinese officials, including a Chinese executive’s son that Qualcomm’s human resources department originally determined was not “a skills match” and should not be hired; (3) Qualcomm’s books and records did not fairly and accurately account for the illegal gifts but rather recorded them as generic marketing or sales expenses; and (4) Qualcomm lacked adequate internal controls to provide reasonable assurances that only authorized transactions were executed and that all transactions were accurately recorded. The order required that Qualcomm pay a penalty of $7.5 million and make periodic reports to the SEC for two years.”
Applying the relevant legal standard to the plaintiffs’c civil claims, the opinion states:
“Count I of the Complaint alleges a breach of fiduciary duty claim for improper oversight, also known as a Caremark claim. The Delaware Supreme Court in Stone v. Ritter reiterated the two bases on which directors may be held liable on a Caremark claim as: “(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” Where, as here, plaintiffs rely on the second basis for a Caremark claim, a complaint must allege “(1) that the directors knew or should have known that the corporation was violating the law, (2) that the directors acted in bad faith by failing to prevent or remedy those violations, and (3) that such failure resulted in damage to the corporation.”
Plaintiffs generally “attempt to satisfy the elements of a Caremark claim by pleading that the board had knowledge of certain ‘red flags’ indicating corporate misconduct and acted in bad faith by consciously disregarding its duty to address that misconduct.” Additionally, a plaintiff may adequately plead bad faith by alleging that the board intentionally directed the corporation to violate the law. “Under Delaware law, a fiduciary may not choose to manage an entity in an illegal fashion, even if the fiduciary believes that the illegal activity will result in profits for the entity.” “Delaware law does not charter law breakers,” and “a fiduciary of a Delaware corporation cannot be loyal to a Delaware corporation by knowingly causing it to seek profit by violating the law.”
Here, Plaintiffs do not argue that the Qualcomm board intentionally caused Qualcomm to violate the law. As such, to adequately plead bad faith, “Plaintiff[s] must plead particularized facts from which it is reasonably inferable that the [b]oard consciously disregarded its duties by ‘intentionally fail[ing] to act in the face of a known duty to act.’” “Conscious disregard involves an intentional dereliction of duty which is more culpable than simple inattention or failure to be informed of all facts material to the decision.” Further, “[s]imply alleging that a board incorrectly exercised its business judgment and made a ‘wrong’ decision in response to red flags . . . is insufficient to plead bad faith.”
The Complaint in this case fails to allege particularized facts giving rise to an inference that a majority of the board faces a substantial likelihood of liability on the Caremark claim alleged. As in Melbourne, I need not address whether the alleged red flags actually constitute red flags or whether the board’s response to the alleged red flags caused damage to Qualcomm because the Complaint fails to plead facts giving rise to an inference that the board acted in bad faith.
Assuming for purposes of this analysis that the various reports to the Audit Committee and the board constituted red flags, the Complaint does not allege that the board consciously disregarded the red flags. Many of the documents the Complaint cites as red flags also include planned remedial actions. For example, Plaintiffs cite the April 20, 2009 presentation to the Audit Committee, which states that “2 of the FCPA related events tested were not recorded on the gift log of the respective office.” But the next line on that page provides recommendations to address the issue. It states that “the listing of departments and individuals that receive the annual FCPA certification should be formally reviewed on an annual basis” and the Senior Vice President of Government Affairs “should re-iterate to all employees assigned to the Government Affairs department the requirement to record all FCPA related activities in the gift log.” Further, Plaintiffs cite a January 25, 2010 Audit Committee presentation where the committee was informed that “[a] large number of activities such as business meals, business entertainment, marketing and gifts with known government related entities have not been recorded in the Qualcomm China Gift logs.” But the same page states corrective actions that the company will take, including that the Executive Vice President for the Asia Pacific, the Middle East, and Africa “will hold an all-hands meeting with the employees of QC China to explain the approval, expense tracking and record keeping requirements of the Corporate FCPA policy and to emphasize the significance of employee compliance.” It also states that “[k]ey individuals, which meet with government officials, should be required to submit the completed FCPA log with their expense report for reimbursement. The QC China Director of Finance should review these expense reports to verify the accuracy and completeness of the Gift logs.”
These responses to the red flags show that the board did not act in bad faith. There is no indication that the board believed Qualcomm could continue to violate the FCPA without consequences. And no allegations suggest that the Qualcomm board consciously disregarded the red flags. The allegations in the Complaint do not adequately plead “an intentional dereliction of duty” after the board was aware of the risk of future FCPA violations through the red flags. In fact, Plaintiffs point to only two factual allegations as evidence of a failure to respond to the red flags: a December 31, 2013 target date for the translation of its FCPA compliance materials into Chinese (which Plaintiffs allege was too late) and the company’s plan to formulate a long-range FCPA plan (which Plaintiffs again contend was too late because it remained outstanding as of January 27, 2014). These board decisions do not rise to the level of bad faith. Instead, Plaintiffs here simply seek to second-guess the timing and manner of the board’s response to the red flags, which fails to state a Caremark claim.”
Plaintiffs also argue that the FCPA establishes a statutory floor for adequate internal controls, and because the Qualcomm cease-and-desist order describes internal control violations of the FCPA, the Complaint necessarily states a claim. But that argument is misplaced here. A corporation’s violation of the FCPA alone is not enough for director liability under Caremark. “Delaware courts routinely reject the conclusory allegation that because illegal behavior occurred, internal controls must have been deficient, and the board must have known so.” Delaware law, not the FCPA, establishes the standard for director liability, and under Delaware law, Plaintiffs’ Complaint does not allege bad faith.”
For more on the recent Qualcomm decision, see here from the always informative D&O Diary.
Save Money With FCPA Connect
Keep it simple. Not all FCPA issues warrant a team of lawyers or other professional advisers. Achieve client and business objectives in a more efficient manner through FCPA Connect. Candid, Comprehensive, and Cost-Effective.Connect