Issues To Consider From The Stericycle Enforcement Action

This previous post ^[1] highlighted the recent net $59 million Foreign Corrupt Practices Act enforcement action against Stericycle (an Illinois based medical waste disposal company) for conduct in Brazil, Mexico, and Argentina.

Portions of the alleged conduct were egregious in that an executive of the company’s Latin America division orchestrated the bribery schemes and others associated with the company used “spreadsheets to track the bribe payments.”

Nevertheless, there are several legal and policy issues to consider from the enforcement action.

Timeline

As highlighted in this post ^[2], Stericycle disclosed its FCPA scrutiny in mid-2017.

Thus, from start to finish, the company’s scrutiny lasted approximately five years. I’ve said it many times, and will continue saying it until the cows come home, if the DOJ/SEC want their FCPA enforcement programs to be viewed as more credible and more effective the enforcement agencies must resolve instances of FCPA scrutiny much quicker. Indeed, who can forget a high-ranking DOJ official stating – around the same time that Stericycle initially disclosed its scrutiny – that FCPA investigations should be “measured in months, not years ^[3].”

This is particularly true in the Stericycle matter given the following language from the enforcement agencies.

DOJ

“[T]he Company received full credit for its cooperation with the Fraud Section’s investigation, including: proactively disclosing certain evidence of which the United States was previously unaware; providing information obtained through its internal investigation, which allowed the government to preserve and obtain evidence as part of its own independent investigation; making detailed factual presentations to the Fraud Section; voluntarily facilitating interviews in the United States of foreign-based employees; and collecting and producing voluminous relevant documents to the Fraud Section, including documents located outside the United States, accompanied by translations of documents;

[T]he Company provided to the Fraud Section all relevant facts known to it, including information about all of the individuals involved in the conduct [at issue].”

SEC

“Stericycle’s cooperation included sharing facts developed in the course of its own internal investigations and forensic accounting reviews, translating key documents and making employees available for interviews, including voluntarily facilitating interviews in the United States of foreign-based employees.”

Obtain or Retain Business?

The enforcement contained rather straight-forward allegations concerning the FCPA’s obtain or retain business element, but also contained more dubious allegations.

Specifically, in connection with the Brazil, Mexico, and Argentina conduct the government also alleged that certain bribe payments were made “to obtain authorization for priority release of payments owed under contracts with government agencies.”

This is certainly not the first time the FCPA enforcement agencies have alleged that payments in connection with obtaining something a company was legally owed is a violation of the FCPA’s anti-bribery provisions. (See prior posts here ^[4] and here ^[5] for a collection of various enforcement actions).

Nevertheless, it is very much an open legal question how such conduct could satisfy the “obtain or retain business” element, let alone the corrupt intent element, let alone square with the FCPA’s facilitation payments exception.

No Internal Controls Charges By the DOJ

The FCPA’s books and records and internal controls provisions are often charged together (both civilly and criminally in egregious situations).

However, the Stericycle enforcement action was unusual in that the DOJ “only” charged conspiracy to violate (1) the FCPA’s anti-bribery provisions, and (2) the FCPA’s books and records provision.

As is the norm, the SEC found that Stericycle violated the FCPA’s anti-bribery provisions as well as the books and records and internal controls provisions.

^[6]

Healthcare Workers As Foreign Officials

The Stericycle enforcement action alleged a variety of recipients of the bribe payments such as individuals “employed by at least 25 local and regional government agencies and instrumentalities” in Brazil; and individuals “employed by state-owned and state-controlled hospitals and other government entities” in Mexico.

Since first being used in an FCPA enforcement in 2002, the government has alleged in approximately 35 corporate enforcement actions that individuals employed by healthcare entities are “foreign officials” under the FCPA. (See here ^[7]).

Monitor

As highlighted in this prior post ^[8], in October 2021 Deputy Attorney General Lisa Monaco stated as follows regarding a purported change in DOJ policy regarding monitors.

“The final change I am announcing today deals with the use of corporate monitors. Stepping back, any resolution with a company involves a significant amount of trust on the part of the government. Trust that a corporation will commit itself to improvement, change its corporate culture, and self-police its activities. But where the basis for that trust is limited or called into question, we have other options. Independent monitors have long been a tool to encourage and verify compliance.

In recent years, some have suggested that monitors would be the exception and not the rule. To the extent that prior Justice Department guidance suggested that monitorships are disfavored or are the exception, I am rescinding that guidance. Instead, I am making clear that the department is free to require the imposition of independent monitors whenever it is appropriate to do so in order to satisfy our prosecutors that a company is living up to its compliance and disclosure obligations under the DPA or NPA.

Of course, the decision to use monitors must also include consideration of how the monitorship is administered and the standards by which monitors are expected to do their work. And the selection of monitors will continue to be accomplished in a fashion that eliminates even the perception of favoritism. The department will study how we select corporate monitors, including whether to standardize our selection process across the divisions and offices.”

Monaco was referring to the October 2018 so-called Benczkowski Memo ^[9] on the “Selection of Monitors in Criminal Division Matters.” However, that Memo (contrary to Monaco’s suggestion) never suggested that monitorships are disfavored or are the exception. The Memo specifically stated:

“In general, the Criminal Division should favor the imposition of a monitor only where there is a demonstrated need for, and clear benefit to be derived from, a monitorship relative to the projected costs and burdens. Where a corporation’s compliance program and controls are demonstrated to be effective and appropriately resourced at the time of resolution, a monitor will likely not be necessary.”

Earlier this month, Assistant Attorney General Kenneth Polite Jr. stated ^[10]:

“As the Deputy Attorney General discussed last October, we can expect to see the Department imposing independent corporate monitors whenever it is appropriate in order to satisfy our prosecutors that a company is living up to its compliance and disclosure obligations under a non-trial resolution.

[…]

Monitors, of course, are not appropriate in every case. For example where a company: has invested—not just from a financial perspective, but from a concerted commitment from the top down—in implementing a strong compliance program; has been able to test its controls and demonstrate they are effective; has made relevant updates to its program to adapt to changing risks; and has cultivated a strong culture of compliance and ethical values, our prosecutors may decide not to impose a monitor.”

As a condition of the DOJ resolution, Stericycle was required to engage a monitor for a two year period. In the words of the DOJ:

“[T]he Company has enhanced and has committed to continuing to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in Attachment C to this Agreement (Corporate Compliance Program) but, despite its extensive remedial measures described above, the Company to date has not fully implemented or tested its enhanced compliance program, and thus the imposition of an independent compliance monitor for a term of two years … is necessary to prevent the recurrence of misconduct.”

From where is the requirement to test a compliance program derived from? The answer is no where.

Elsewhere, the DOJ or SEC stated as follows regarding Stericycle’s remedial measures and compliance improvements.

DOJ

“[T]he Company engaged in extensive remedial measures, including: (i) commencing remedial measures based on internal investigations of the misconduct prior to the commencement of the Government’s investigation; (ii) strengthening its corporate governance by appointing numerous new individuals to senior management and Board of Directors positions and establishing a Safety, Operations, and Environmental Committee to enhance Board oversight; (iii) strengthening its compliance organization by hiring additional compliance personnel, including an experienced new Chief Ethics and Compliance Officer who reports directly to Stericycle’s Chief Executive Officer and Chair of the Audit Committee of the Board of Directors; (iv) updating its code of conduct, policies, procedures and internal controls relating to, among other things, anti-corruption, retention and management of commercial agents and other third parties, and gifts, travel and entertainment; (v) enhancing its internal reporting, investigations and risk assessment processes; (vi) overhauling its compliance training and communications; (vii) disciplining certain employees involved in the relevant conduct, including terminating certain employees including senior managers; and (viii) divesting its subsidiaries in Mexico and Argentina and taking steps to address its risks in Brazil.”

SEC

“Stericycle’s remediation included the termination of employees and third parties responsible for the misconduct and enhancements to its internal accounting controls. Stericycle created a compliance organization, including hiring an experienced Chief Ethics and Compliance Officer as well as local compliance staff, enhanced its policies and procedures and compliance communications, and introduced training of employees on anti-bribery issues.”

Pursuant to the DOJ DPA, prior to Stericycle issuing a press release regarding the enforcement action the company had to consult with the DOJ so that it could determine “whether the text of the release or proposed statements at the press conference are true and accurate with respect to matters between the Fraud Section and the Company; and (b) whether the Fraud Section has any objection to the release.”

In connection with the enforcement action, Stericycle issued a release which stated as follows regarding remedial measures:

“Under the direction of the board’s audit committee, Stericycle conducted its own thorough internal investigation, cooperated fully with the DOJ, SEC and Brazilian authorities, and took extensive steps to establish a strong global anti-corruption compliance program by enhancing its compliance policies, procedures and internal controls in every country in which it operates. Stericycle’s remedial actions were acknowledged by the DOJ, the SEC and the Brazilian authorities in the settlements.

Since 2017, Stericycle has transformed its board of directors and leadership team. The company has named multiple new members to its board of directors and added new, experienced executives to its leadership team, including Cindy J. Miller, who was named president and chief operating officer in 2018 and chief executive officer in 2019. The company also created a new Operations, Safety and Environmental Committee to enhance board oversight and hired compliance personnel including an experienced chief ethics and compliance officer reporting directly to Miller and the chair of the audit committee.

Building a Culture of Compliance—Remedial Measures and Global Enhancements

U.S. authorities credited Stericycle for its cooperation in the investigation and for steps the company’s new leadership has taken to enhance and ensure compliance and internal controls. As detailed in Stericycle’s deferred prosecution agreement, these steps have included: strengthening its corporate governance by appointing new executive leadership and board members; strengthening its compliance function by hiring additional personnel, including an experienced chief ethics and compliance officer; updating its code of conduct and internal controls relating to anti-corruption, retention and management of commercial agents and other third parties, and gifts, travel and entertainment; enhancing its internal reporting, investigations and risk assessment processes; overhauling its compliance training and communications; terminating employees involved in the relevant conduct; and divesting its subsidiaries in Argentina and Mexico.”

Against this backdrop, is a compliance monitor truly necessary or just an example of a government required transfer of shareholder wealth to FCPA Inc. (See here ^[11]).

Country Exit

One of the remedial measures highlighted by the DOJ was that Stericycle “divest[ed] its subsidiaries in Mexico and Argentina …”.

As highlighted in this previous post ^[12], a troubling aspect of the current FCPA enforcement climate is that the enforcement agencies seem to view retreat from a foreign country that presents FCPA risk as a good thing – indeed a “remedial measure.”