This previous post  went in-depth on the recent Foreign Corrupt Practices Act enforcement action against Nordion (Canada, Inc.).
This post continues the analysis by highlighting various issues to consider.
A future post will explore how the seemingly minor enforcement action (the settlement amount was a mere $375,000) should leave anyone who cares about FCPA enforcement speechless. An additional future post will pose the question of why did Nordion voluntarily disclose while also highlighting that its FCPA scrutiny cost the company in excess of $20 million in pre-enforcement action professional fees and expenses (a shocking 50:1 ratio compared to the settlement amount).
As highlighted in this prior post , Nordion disclosed its FCPA scrutiny in the summer of 2012. Thus, from start to finish, the FCPA scrutiny lasted approximately 3.5 years.
If the SEC wants the public to have confidence in its FCPA enforcement program, it must resolve instances of FCPA scrutiny much quicker.
The Nordion enforcement action is believed to be the first FCPA enforcement action against a Canadian company.
While Nordion (Canada) is a private company and resolved the enforcement action based on a successor liability theory (see below), as highlighted in this prior post  in any given year approximately 30-35% of foreign issuers subject to the FCPA are Canadian companies.
Thus, it is a bit surprising that Nordion is believed to be first FCPA enforcement action against a Canadian company.
In the 2012 FCPA Guidance , the enforcement agencies state that “successor liability does not … create liability where none existed before.” As highlighted in this prior post , this statement was among the ten most relevant statements in the Guidance and provided a useful measuring stick to judge future FCPA enforcement activity.
When using this statement as a measuring stick, the enforcement action against Nordion (Canada) fails. As highlighted in this initial post  about the enforcement action, Nordion Inc. was indeed once subject to the FCPA’s books and records and internal controls provisions because it was an issuer.
However, in August 2014, Nordion was acquired  by an affiliate of Sterigenics International LLC and does business as Nordion (Canada) Inc., a privately held company.
The SEC’s order finds that Nordion (not the actual Respondent in the action – that was Nordion (Canada) Inc.) violated the FCPA’s books and records and internal controls provisions and Nordion (Canada) Inc. agreed, without admitting or denying the SEC’s findings, to pay $375,000.
In short, and to borrow from the verbiage of the FCPA Guidance, a private company’s acquisition of an issuer does not create liability where none existed before, but that is the theory upon which the Nordion (Canada) Inc. enforcement action was based.
Once again, this free-for-all, anything goes nature of FCPA enforcement is troubling.
A Relevant Reminder
Based on the same conduct at issue in the Nordion enforcement action, the SEC also charged Mikhail Gourevitch (the former Nordion engineer who hide from Nordion his payment scheme and also self-profited from it) with, among other charges, violations of the FCPA’s anti-bribery provisions.
The Gourevitch enforcement action – premised on payments to secure a foreign license, permit, certification and the like – certainly did not break any new ground as several prior enforcement actions have been based on the same enforcement theory. (For lack of a better term, let’s call these non-foreign government procurement enforcement actions).
However, it is a relevant reminder that the FCPA enforcement agencies have an overall losing record when put to its burden of proof in non-foreign government procurement FCPA enforcement actions. (To learn more about these four instances of judicial scrutiny, see this article ).
Did The SEC Re-Write The FCPA?
Perhaps it was merely a typo, but did you notice the language the SEC used in the administrative order? In pertinent part, the order  states:
“Nordion also failed to devise and maintain adequate internal accounting controls to provide sufficient reassurances that Nordion funds were used as authorized, that third-party agents were appropriately vetted, and that Nordion adequately trained its employees to conduct business in countries with significant corruption risks.”
The FCPA’s internal control provisions do not use the word “reassurances” but rather “assurances” – as in an issuer has an obligation to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that …”.
While the difference between “assurances” and “reassurances” may seem minor, it is not. Rather it is significant. If the SEC’s use of the term “reassurances” was a typo – fine – typos happen.
However, it is was intentional it is troubling as the SEC is invoking a term not even used in the FCPA statute.
But then again, this would not be the first time the SEC has attempted to re-write the FCPA. (See here  for the article “Why You Should be Alarmed by the ADM Enforcement Action” for discussion of this issue).