This recent post highlighted the SEC FCPA enforcement action against FLIR Systems.
This post continues the analysis by highlighting various issues to consider associated with the enforcement action.
Was the Enforcement Action “Just”
In the minds of some, “rogue employees” are mere figments in the imagination of corporate apologists.
Yet, the FLIR Systems enforcement action was based on the conduct of two individuals: Stephen Timms (Head of FLIR’s Middle East Office) and Yasser Ramahi who reported to Timms.
What did these two individuals do?
In the words of the SEC, the individuals “concealed” the extent and nature of the travel and gifts to “foreign officials” which gave rise to the enforcement action.
In the words of the SEC, after Timms’ manager asked certain questions about the travel, “Ramahi and Timms later claimed that the … ‘world tour’ had been a mistake” and that the foreign officials “used FLIR’s travel agent in Dubai to book their own travel and that it had been mistakenly charged to FLIR. They then used FLIR’s third-party agent to give the appearance that the MOI paid for their travel. Timms also oversaw the preparation of false and misleading documentation of the MOI travel expenses that was submitted to FLIR finance as the ‘correct’ travel document.”
Was the conduct of the two individuals, who concealed and lied, inconsistent with FLIR’s existing FCPA-related policies and internal controls?
In the words of the SEC:
“During the relevant time, FLIR had a code of conduct, as well as a specific anti-bribery policy, which prohibited FLIR employees from violating the FCPA. FLIR’s policies required employees to record information “accurately and honestly” in FLIR’s books and records, with “no materiality requirement or threshold for a violation.” FLIR employees, including Timms and Ramahi, received training on their obligations under the FCPA and FLIR’s policy, although the company did not ensure that all employees, including Ramahi, completed the required training.”
Against this backdrop of SEC allegations, was it truly “just” for the SEC to find that FLIR Systems violated the FCPA’s anti-bribery provisions?
The same question can even apply to the SEC’s finding that FLIR Systems also violated the FCPA’s books and records and internal controls provisions.
In the words of the SEC:
“FLIR had few internal controls over travel in its foreign sales offices at the time. Although FLIR had policies and procedures over travel for its domestic operations, there were no controls or policies in place governing the use of foreign travel agencies. Instead, FLIR foreign sales employees worked directly with FLIR’s foreign travel agencies to arrange travel for themselves and others. Sales managers, such as Timms, were solely responsible for expense approvals for their sales staff. Timms’ manager was responsible for approving travel-related expenses for all non-U.S.-based senior sales employees (such as Timms) and approving the payment of large invoices to the foreign travel agencies.
FLIR also had few controls over the giving of gifts to customers, including foreign government officials. Sales staff and managers were responsible for all expense approvals for gifts and accounts payable was not trained to flag expenses that were potentially problematic.”
As a matter of law, the FCPA’s internal control provisions do not specify which type of internal controls provisions an issuer must have. Rather, the law states than issuer must have internal controls sufficient to provide reasonable assurances as to four general categories. The FCPA specifically defines “reasonable assurances” and “reasonable detail” as follows: a “level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.”
The only substantive judicial decision on the internal controls provisions states:
“The concept of ‘‘reasonable assurances’’ contained in [the internal control provisions] recognizes that the costs of internal controls should not exceed the benefits expected to be derived. It does not appear that either the SEC or Congress, which adopted the SEC’s recommendations, intended that the statute should require that each affected issuer install a fail-safe accounting control system at all costs.”
The SEC’s most extensive guidance on the internal controls provisions states, in pertinent part, as follows:
“The Act does not mandate any particular kind of internal controls system. The test is whether a system, taken as a whole, reasonably meets the statute’s specified objectives. ‘‘Reasonableness,’’ a familiar legal concept, depends on an evaluation of all the facts and circumstances.
Private sector decisions implementing these statutory objectives are business decisions. And, reasonable business decisions should be afforded deference. This means that the issuer need not always select the best or the most effective control measure.”
Against this backdrop, it would seem relevant to the SEC’s internal controls finding regarding foreign travel that during the time period relevant to the enforcement action FLIR had approximately 2,100 employees, with approximately 1,400 located in the U.S.
Are the Post-Enforcement Action Reporting Obligations “Just”?
Against the backdrop of the SEC’s allegations, as well as the fact that FLIR Systems voluntarily disclosed and cooperated in the SEC’s investigation and undertook “significant remedial efforts,” was it “just” that the SEC required FLIR Systems, for a two year period, to report “periodically, at no less than nine months intervals” concerning the “status of its compliance review of its overseas operations and the status of its remediation and implementation of compliance measures?”
Or was the SEC’s condition of settlement yet another example of a government required transfer of shareholder wealth to FCPA Inc. (See here  for the prior post).
Is the Disgorgement “Just”?
The bulk of the $9.5 million settlement ($8.5 million to exact) consisted of disgorgement and prejudgment interest.
The simplistic position that the SEC took (and often takes in FCPA enforcement actions) is that FLIR Systems would not have secured the business at issue with the Saudi Arabia Ministry of Interior (“MOI”) but for the alleged travel (which the SEC did acknowledge contained a core, legitimate business but morphed) and wrist-watches provided to the “foreign officials”.
Because FLIR System did obtain or retain such business, the theory goes, FLIR Systems was unjustly enriched and thus should disgorge its profits from the sales to the MOI.
For instance, FLIR’s major customer base is governments around the world – including the U.S. government. Indeed, as noted in its most recent annual report :
“We derive significant revenue from contracts or subcontracts funded by United States government agencies. A significant reduction in the purchase of our products by these agencies or contractors for these agencies would have an adverse effect on our business. For the fiscal years ended December 31, 2014, 2013 and 2012 approximately 20 percent, 24 percent and 27 percent, respectively, of our revenues were derived directly or indirectly from sales to the United States government and its agencies.”
Yet, in the SEC’s mind, FLIR was unjustly enriched when the Saudi MOI purchased its products because a few of its officials happened to go to, among other places, New York City in connection with a legitimate factory inspection tour or were provided with wrist-watches.
The Foolish of Obey the Law Injunctions
As noted in the SEC’s administrative order resolving the FCPA enforcement:
“On September 30, 2002, in connection with a settled accounting fraud case, the Commission ordered FLIR to cease and desist from violations of the anti-fraud and related provisions of the federal securities laws.”
As highlighted in the SEC’s order , the 2002 action focused on general revenue recognition and financial reporting issues. Yet, given the generic nature of the FCPA’s books and records and internal controls provisions, the SEC did find violations of those provisions in the 2002.
This is another reminder of the foolishness of the SEC’s so-called “obey the law injunctions” – which as explored in this  guest post – have been found invalid because the injunction is so broad as to mean next to nothing.
The vast majority of issuers under FCPA scrutiny disclose the scrutiny in SEC filings, notwithstanding the fact that in most instances there is no legal obligation to do so.
FLIR Systems was a unique example of a company not disclosing its FCPA scrutiny. The first the public learned about FLIR’s scrutiny was logically when the SEC brought the related enforcement against the former employees in November 2014.