Archive for the ‘DOJ’ Category

Recent DOJ Speeches

Thursday, October 9th, 2014

Speaking8Previous posts here and here highlighted recent speeches by top Department of Justice officials on topics relevant to the Foreign Corrupt Practices Act.

This post highlights additional recent speeches by Assistant Attorney General for the Criminal Division Leslie Caldwell on October 1st and by Principal Deputy Assistant Attorney General for the Criminal Division Marshall Miller on October 7th.  The speeches are near carbon-copies of each other, but both are excerpted below in one space for ease of reference.  Moreover, Caldwell’s speech further expounds on cooperation issues previously articulated in Miller’s September 17th speech.

Before excerpting the speeches, it is worth noting that the DOJ officials (as prior DOJ officials have in the past) made several important acknowledgments relevant to the difficulties of FCPA compliance and in support of the policy rationales for an FCPA compliance defense.  (See here for the article “Revisiting a Foreign Corrupt Practices Act Compliance Defense”).  In pertinent part, the DOJ officials stated:

“While the Justice Department is often the last line of defense against fraud and corruption, all of you [compliance professionals] are the first.  Criminal prosecutions can and do deter future bad behavior, but they most often serve as an after-the-fact sanction for misconduct.  Your collective work is designed to ensure corporate compliance and ethical practices from the outset.”

“[W]e recognize that even with proper support of a compliance program by management, perfect compliance in this increasingly global economy is incredibly difficult.  Compliance departments are asked to monitor business units that are spread about the globe.”

“Every company hires human beings who, when they are in a tough and maybe unfamiliar situation with no clear guidance about what is expected, will sometimes choose the wrong path.  And that becomes even harder when they are operating in countries with business cultures very different from their own.”

“Corporations do not act, but for the actions of individuals.  In all but a few cases, an individual or group of individuals is responsible for the corporation’s criminal conduct.”

“Compliance must be incentivized.”

“Although increasingly rare in this day and age – more than a decade after the passage of the Sarbanes Oxley Act – we are still encountering prominent companies with no real compliance programs. Hard to believe, but true.”

“[E]ven companies with strong compliance programs can and do detect and report criminal misconduct by employees.”

“While the Justice Department is often the last line of defense against fraud and corruption, all of you who work in compliance are the first. Criminal prosecutions can and do deter future bad behavior, but your work can prevent that conduct before it happens.”

For additional writing and videos on many of the same points discussed in the DOJ speeches see:

Assistant Attorney General Caldwell’s October 1st Speech

“While the Justice Department is often the last line of defense against fraud and corruption, all of you are the first. Criminal prosecutions can and do deter future bad behavior, but they most often serve as an after-the fact sanction for misconduct.

Your collective work is designed to ensure corporate compliance and ethical practices from the outset. The importance of your work cannot be overstated: it serves to protect the integrity of our public markets, the country’s financial systems, our intellectual property, the retirement accounts of our hardworking citizens, and our taxpayer dollars used to fund healthcare programs and government and military contracts.

A very large part of the mission of the Criminal Division is fighting major corporate fraud and corruption. Our Fraud Section employs approximately 100 prosecutors who are experienced in investigating health care fraud, defense procurement fraud, securities and financial fraud, and violations of the Foreign Corrupt Practices Act.

Our Asset Forfeiture and Money Laundering Section investigates and prosecutes international money laundering and violations of U.S. sanctions laws, and it recovers the proceeds of foreign official corruption by kleptocrats.

Unfortunately, in our fraud, corruption, money laundering, and sanctions cases, we have seen too many failures of corporate compliance.

In this day and age – more than a decade after the Sarbanes-Oxley Act – we come across very few companies that do not have any compliance program. In fact, we have seen a marked improvement in compliance programs over the years. In years past, it was not uncommon to see companies with only rudimentary compliance programs.

That situation is illustrated by a case resolved just last year, involving Weatherford International, a Swiss oil services company that trades on the New York Stock Exchange. Three subsidiaries of Weatherford International pleaded guilty to violating the anti-bribery provisions of the Foreign Corrupt Practices Act and export controls violations.

Before 2008, the company had little more than a weak paper compliance program. The subsidiaries admitted that the company did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations. Weatherford companies paid $252 million in penalties and fines.

It is increasingly rare that we encounter circumstances in which a company has such a feeble compliance program. And I doubt that anyone in this audience works for a company like that, or you probably would not be here.

More often, we encounter companies with compliance programs that are strong on paper, but much weaker in practice.”

[...]

“Now, we recognize that even with proper support of a compliance program by management, perfect compliance in this increasingly global economy is incredibly difficult. Compliance departments are asked to monitor business units that are spread about the globe.

More than the geographic divide, however, there often are cultural divides from country-to-country that you must bridge.”

[...]

“There is no doubt that monitoring compliance on a global scale is a difficult, but difficulty cannot be used as an excuse to turn a blind eye to problematic business practices. Compliance programs must be put into place and—more importantly—communicated repeatedly and enforced properly throughout the entire organization.

The emphasis on compliance must be heard not only in the executive suites at headquarters, but wherever the company operates around the globe.

When considering criminal action against a company, one factor that the Justice Department evaluates is the company’s compliance program.

Under the department’s internal guidance, the Principles of Federal Prosecution of Business Organizations, prosecutors must consider “the existence and effectiveness of the corporation’s pre-existing compliance program.”

As all of you know, the United States Sentencing Guidelines also expressly include a company’s corporate compliance program as a factor in corporate sentencing in criminal cases.

There is, of course, no “off the rack” compliance program that can be installed at every company. Effective compliance programs must be tailored to the unique needs and risks faced by each company.

But there are hallmarks of good compliance programs. The department includes many of these in our non-prosecution agreements and deferred prosecution agreements, and I’d like to discuss them with you.

1. High-level commitment. A company must ensure that its directors and senior management provide strong, explicit, and visible commitment to its corporate compliance policy. Stated differently, and again, “tone from the top.”

This means that the importance of compliance should be communicated from the very top of the company. I once heard of a large company whose prominent CEO refused to put his signature on a company-wide communication announcing the company’s new compliance program.

When asked why not, he replied: “Because we don’t hire those kinds of people.” Well, he could not have been more wrong. Every company hires “those kinds of people.”

Every company hires human beings who, when they are in a tough and maybe unfamiliar situation with no clear guidance about what is expected, will sometimes choose the wrong path. And that becomes even harder when they are operating in countries with business cultures very different from our own.

2. Written Policies. A company should have a clearly articulated and visible corporate compliance policy memorialized in a written compliance code. Again, employees need to know what to do–or not do–when faced with a tough judgment call involving business ethics. Companies need to make that as easy as possible for their employees.

3. Periodic Risk-Based Review. A company should periodically evaluate these compliance codes on the basis of a risk assessment addressing the individual circumstances of the company. Companies change over time through natural growth, mergers, and acquisitions.

Compliance policies should be live organisms that also change and grow with the company. You are only as strong as your weakest flank.

I once represented a company that had an A+ compliance program. But then they acquired a Chinese subsidiary and for several years failed to communicate to their new—and then not-so new–Chinese employees the need for FCPA compliance.

The predictable result: the Chinese employees continued doing business in the way that was familiar to them. And the US parent found itself in deep violation of the FCPA.

4. Proper Oversight and Independence. A company should assign responsibility to senior executives for the implementation and oversight of the compliance program.

Those executives should have the authority to report directly to independent monitoring bodies, including internal audit and the Board of Directors, and should have autonomy from management. Compliance programs needed to be funded; they need to have resources.

And they need to have teeth and respect within the company. For years, Wall Street banks housed their compliance programs across the Hudson River, in New Jersey. They were out of sight, out of mind. They were underpaid. And nobody paid much attention to them.

Compliance programs need to have an appropriate stature within the company, or compliance will be the last thing on the mind of an employee tempted to engage in wrongdoing.

5. Training and Guidance. A company should implement mechanisms designed to ensure that its compliance code is effectively communicated to all directors, officers, employees. This means repeated communication, frequent and effective training, and an ability to provide guidance when issues arise.

And as I said before, employees should see that the importance of compliance is being communicated from the top—whether the CEO, the Board, the General Counsel, or some other very highly respected senior-level figure within the company.

6. Internal Reporting. A company should have an effective system for confidential, internal reporting of compliance violations. I know that many companies have multiple mechanisms, which is good.

7. Investigation. A company should establish an effective process with sufficient resources for responding to, investigating, and documenting allegations of violations. What this means on the ground will depend on the company. A sophisticated multi-national corporation obviously will be expected to have more resources devoted to compliance than a small regional company.

8. Enforcement and Discipline. A company should implement mechanisms designed to enforce its compliance code, including appropriately incentivizing compliance and disciplining violations.

And the response to a violation must be even-handed. Too often, we see situations where low level employees who may have implemented the bad conduct are fired, but their boss, who saw what they were doing and did nothing—and maybe even the directed the conduct—is left in place.

This should not happen. Not only from a department perspective, but from a business perspective. Leaving in place senior managers who sanction bad behavior sends a very wrong message about the company’s true commitment to compliance and ethics.

People watch what people do much more carefully than what they say. When it comes to compliance, you must both say and do.

9. Third-Party Relationships. A company should institute compliance requirements pertaining to the oversight of all agents and business partners.

I cannot emphasize strongly enough the need to sensitize third parties, like vendors, agents, and consultants, to the importance of not compliance.

And these partners need to understand that the company really expects its partners to be compliant. This often means more than just including a boilerplate paragraph in a contract in which the partner promises to comply with the law and company policies. It means warning, and even terminating, relationships with partners who fail to behave in a compliant manner.

10. Monitoring and Testing. A company should conduct periodic reviews and testing of its compliance code to improve its effectiveness in preventing and detecting violations. Kick the tires regularly. As I said, compliance programs must evolve with changes in the law, business practices, technology and culture.

As I said, there is no “one-size fits all” compliance program. But these are guideposts that we consider important to the success of a strong program.

And as important as the compliance program itself is implementation. When we investigate a case, we look at the messages about compliance that are given to employees.

More than just reading the paper program or the code of conduct, we look at what employees are told in their day-to-day work.

We are looking at e-mails, chats, and recorded phone calls. We are talking to witnesses about the messages they received from their supervisors and management – did they receive messages about compliance, or about making money at all costs.

And we examine the incentives that a company provides to encourage compliant behavior – or not. If a company is actually encouraging compliance, if its values are to be ethical and within the law, then that message must be conveyed to employees in a meaningful way. Otherwise, the Department of Justice will not view the compliance program as credible.

And sometimes, effective implementation of a compliance program means standing apart from the other companies in your industry. We have seen significant misconduct taking place throughout an industry.

But the excuse that “everyone else is doing it” didnd’t work in grade school, and it sure won’t work when federal agents come knocking at your door.”

[...]

“Effective compliance programs must be embedded in a company’s culture. And they need to be applied even in the face of misconduct by other companies in the same industry, even if that might mean a short-term competitive disadvantage.

A company’s executives can choose to rise above the rest — or race to the bottom. I am telling you that the Criminal Division will hold responsible companies and individuals that knowingly violate the law, no matter if the excuse is that “everyone” was doing it.

Now what should you do when your robust compliance program fails? Or, when it works, allowing you to discover criminal misconduct? I encourage you to conduct a thorough investigation and to disclose potentially criminal misconduct to the Justice Department.

When criminal misconduct is discovered, a critical factor in the department’s prosecutorial decision making is the extent and nature of the company’s cooperation.

The department’s Principles of Federal Prosecution of Business Organizations provides that prosecutors should consider “the corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents.”

Now let me flesh out the often discussed, but sometimes poorly understood, concept of cooperation.

Most companies now understand the benefits of voluntarily disclosing the misconduct before we come asking, and the benefits of conducting an internal investigation and providing facts about the misconduct to the government.

But companies all too often tout what they view as strong cooperation, while ignoring that prosecutors specifically consider “the company’s willingness to cooperate in the investigation of its agents.”

Corporations do not act, but for the actions of individuals. In all but a few cases, an individual or group of individuals is responsible for the corporation’s criminal conduct. The prosecution of culpable individuals – including corporate executives – for their criminal wrongdoing continues to be a high priority for the department.

For a company to receive full cooperation credit following a self-report, it must root out the misconduct and identify the individuals responsible, even if they are senior executives.

We are not asking that you become surrogate FBI agents or prosecutors, or that you use law enforcement tactics like body wires. And we do not need to hear you say that executive A violated a particular criminal law. All we are saying is that we expect you to provide us with facts. We will take it from there.

But a company that interviews its employees in an effort to whitewash the facts or spread the company’s narrative spin risks receiving any cooperation credit.

Additionally, for a company to receive full cooperation credit, the company must provide relevant documents and evidence, and should do so in a timely fashion.

We find that global companies are increasingly hasty to invoke foreign data privacy laws to avoid providing evidence to the department. While we recognize that some of these laws pose real challenges to data access and transfer, many do not.

As a result, we are looking closely – with an ever more skeptical eye – to ensure that these claims are honest and not obstructionist. A company that reads foreign data protection laws expansively, to restrict its disclosure of documents, when it could be read more narrowly, is in dangerous territory if it wants to receive full cooperation credit.

Although the department welcomes and encourages corporate cooperation, we do not rely upon it. We conduct our own robust investigations – often alongside that of the company – to build our own criminal cases and to pressure-test corporate claims of cooperation.

Companies claiming to cooperate while conducting lackluster investigations with little results should not be surprised when they do not get credit for their supposed efforts. And they should not be surprised when they face the consequences of our own investigations.

The benefits of corporate cooperation are clear. We often explicitly describe the benefits when we reach resolutions with companies. As just one example, earlier this year, the department announced Alcoa World Alumina’s guilty plea to FCPA charges stemming from its payment of millions of dollars in bribes to officials of the Kingdom of Bahrain.

As part of the plea, Alcoa paid $223 million in criminal fines and forfeiture. The department publicly commended Alcoa for its cooperation, which included conducting an extensive internal investigation, making proffers to the government, voluntarily making current and former employees available for interviews, and providing relevant documents to the department.

Alcoa’s cooperation was mentioned specifically as a factor that lowered the size of the criminal fine. In fact, absent cooperation, Alcoa could have faced a fine of more than $1 billion. Many people, however, want concrete examples of cases where we decided not to pursue charges at all in light of a company’s cooperation. The department is not typically in a position to disclose these declinations, and indeed many companies do not want the world to know that they were under department scrutiny.”

[...]

“The Criminal Division is more committed than ever to investigating corporate fraud and corruption. We will investigate regardless whether a company choses to cooperate.

But for a company to receive credit for its compliance program, it must have demonstrated effectiveness, with messages about compliance that come from the top and echo throughout the corporate hallways.

And for a company to receive full cooperation credit, it must uncover the misconduct, identify the responsible individuals, and fully disclose the facts to the department.”

Deputy Attorney General Miller’s October 7th Speech

“I suspect that everybody in this room is familiar with the Principles of Federal Prosecution of Business Organizations, or the Filip factors, upon which we base our corporate charging and resolution decisions. One of those factors expressly directs us to consider “the existence and effectiveness of the corporation’s pre-existing compliance program” in deciding whether to charge a corporation with a crime.

In fact, one is hard-pressed to find a corporate resolution with the Justice Department that does not contain a prominent reference – positive or negative – to the corporation’s compliance program. The existence of an effective compliance program can make all the difference when a corporation is in the Justice Department’s sights.

Today, I would like to highlight a few primary strengths and weaknesses that we have observed in corporate compliance programs of late. As an overarching theme, the failure to expand compliance programs to meet the needs of growing corporations – particularly global corporations – drives many of the compliance problems we have seen. On the flip side, compliance programs that have widespread prophylactic and training mechanisms – as well as procedures designed to uncover wrongdoing and expose individuals responsible for criminal behavior – are the most effective.

A corporation’s ability to use compliance to uncover misconduct and, just as importantly, identify wrongdoers is central to the Justice Department’s evaluation of a compliance program.

As you know, there is no off-the-rack, one-size-fits-all compliance program. Companies must tailor compliance programs to manage their unique risks. There are, however, characteristics that should be present in each program.

In 2012, the Justice Department and the SEC published the Foreign Corrupt Practices Act, or FCPA, Resource Guide, which contains an entire section entitled, “Hallmarks of Effective Compliance Programs.” While the hallmarks in the FCPA Guide are focused on anti-corruption compliance programs, the principles identified apply universally.

Now, I’m not going to go through all the hallmarks with you today – but I will make a couple of overarching points. First, the Justice Department’s hallmarks are designed to encourage a ‘culture of compliance,’ which begins – but doesn’t end – with ‘a tone from the top,’ and extends to actions throughout a company’s ranks.

So hallmark # 1 is high-level commitment. When employees truly understand that a company’s leadership is committed to compliance – even when it runs up against profits – only then does a company truly have a successful compliance program. The quickest way to check on that commitment is to take a look at corporate structure. If you see compliance executives sitting in true positions of authority at a corporation, reporting directly to independent monitoring bodies, like internal audit committees or boards of directors, you likely are looking at a strong compliance program. Compliance programs also need to be resourced; they need to have teeth and respect. By contrast, for years, Wall Street banks housed their compliance programs across the Hudson River, in New Jersey. They were out of sight, out of mind. Compliance programs need to have appropriate stature within corporations.

Another key hallmark is whether the program grows with the company. Any good compliance program needs to be periodically evaluated, using risk assessment models aimed at the individual circumstances of the company. As companies change over time, so must compliance policies.

A strong compliance program must also involve enforcement and discipline. It is human nature to pay more attention to what people do than to what they say. Compliance must be incentivized; violations disciplined. And the response must be even-handed. Too often we see low-level employees who implemented bad conduct fired, but bosses, who did nothing to stop the conduct – and may even have directed it – left in place without sanction.

Although increasingly rare in this day and age – more than a decade after the passage of the Sarbanes Oxley Act – we are still encountering prominent companies with no real compliance programs. Hard to believe, but true.

Just last year, three subsidiaries of Weatherford International, a Swiss oil services company listed on the New York Stock Exchange, pleaded guilty to FCPA and export control violations. Over a period of many years, Weatherford subsidiaries in Africa, the Middle East, and Iraq paid bribes to foreign officials in exchange for lucrative contracts and inside information about competitors. Some of Weatherford’s international subsidiaries also illegally exported oil and gas drilling equipment to countries under United States sanctions – countries like Cuba, Iran, Sudan, and Syria.

But more important to this audience than Weatherford’s conduct itself may be the admissions it made regarding the state of its compliance programs. Weatherford admitted that prior to 2008, the company did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations.

The most glaring failures occurred in its overseas offices and subsidiaries. Let me give you a revealing example: Despite its global presence, Weatherford did not even bother to translate its compliance policy into languages other than English. Think about that for a second. Weatherford had subsidiaries and operations in more than 100 countries across the globe. It operated in the high-risk environment that is the oil extraction industry. And yet Weatherford didn’t even bother to make its compliance program intelligible to many of its employees – in languages they could understand.

And there’s more. Though in 2004 it began circulating an ethics questionnaire asking if employees were aware of payments to foreign officials, Weatherford had no process to investigate affirmative responses. Indeed, Weatherford did not conduct any follow-up investigation in response to allegations of corruption.

Put simply, Weatherford’s compliance policy was a program in name only. It wasn’t worth the paper it was written on. Had Weatherford employed even a basic compliance program, it may not have found itself paying over $252 million in penalties and fines.

Just last year, three subsidiaries of Weatherford International, a Swiss oil services company listed on the New York Stock Exchange, pleaded guilty to FCPA and export control violations. Over a period of many years, Weatherford subsidiaries in Africa, the Middle East, and Iraq paid bribes to foreign officials in exchange for lucrative contracts and inside information about competitors. Some of Weatherford’s international subsidiaries also illegally exported oil and gas drilling equipment to countries under United States sanctions – countries like Cuba, Iran, Sudan, and Syria.

But more important to this audience than Weatherford’s conduct itself may be the admissions it made regarding the state of its compliance programs. Weatherford admitted that prior to 2008, the company did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations.

The most glaring failures occurred in its overseas offices and subsidiaries. Let me give you a revealing example: Despite its global presence, Weatherford did not even bother to translate its compliance policy into languages other than English. Think about that for a second. Weatherford had subsidiaries and operations in more than 100 countries across the globe. It operated in the high-risk environment that is the oil extraction industry. And yet Weatherford didn’t even bother to make its compliance program intelligible to many of its employees – in languages they could understand.

And there’s more. Though in 2004 it began circulating an ethics questionnaire asking if employees were aware of payments to foreign officials, Weatherford had no process to investigate affirmative responses. Indeed, Weatherford did not conduct any follow-up investigation in response to allegations of corruption.

Put simply, Weatherford’s compliance policy was a program in name only. It wasn’t worth the paper it was written on. Had Weatherford employed even a basic compliance program, it may not have found itself paying over $252 million in penalties and fines.”

[...]

While the Justice Department is often the last line of defense against fraud and corruption, all of you who work in compliance are the first. Criminal prosecutions can and do deter future bad behavior, but your work can prevent that conduct before it happens.”

DOJ’s Empty Rhetoric On Individual FCPA Prosecutions Continues

Wednesday, September 17th, 2014

This previous post highlighted the empty rhetoric of a former DOJ Criminal Division Chief regarding individual FCPA prosecutions.

A change in leadership at the DOJ Criminal Division has not brought about a change in the rhetoric.

As noted in this Reuters FCPA article, current Chief of the Criminal Division Leslie Caldwell stated:

“Certainly…there has been an increased emphasis on, let’s get some individuals.”

“It’s very important for us to hold accountable individuals who engage in criminal misconduct in white-collar (cases), as we do in every other kind of crime.”

Once again, the rhetoric is empty.

Sure the DOJ can point to a few core actions in which the DOJ has “clustered” multiple defendants into one action to achieve notable individual prosecution numbers.  The April 2014 action against six individuals allegedly involved in a conspiracy to obtain Indian mining licenses is a good example as was the “clustering phenomenon” in the enforcement action against five individuals associated with Direct Access Partners.   As highlighted in this previous post (with statistics calculated through the end of 2013), 53% of the individuals charged by the DOJ with FCPA criminal offenses since 2008 have been in just four cases and 75% of the individuals charged by the DOJ since 2008 have been in just nine cases.

In the vast majority of corporate FCPA enforcement actions (based presumably on the conduct of real individuals not ghosts as I indicated in my 2010 Senate FCPA testimony), the talk of individual prosecutions is nothing more than empty rhetoric.  Indeed, as highlighted in this previous post (with statistics calculated through the end of 2013) since 2008 approximately 75% of corporate FCPA enforcement have not (at least yet) resulted in any DOJ charges against company employees.

Consider the below chart with the 20 most recent corporate FCPA enforcement actions.  Only one has resulted (at least yet) in any DOJ charges against company employees.

Corporate Action

Related Prosecution of Company Employees

 

HP

No

Marubeni

No

Alcoa

No

ADM

No

Bilfinger

No

Weatherford

No

Diebold

No

Total

No

Ralph Lauren

No

Parker Drilling

No

Tyco

No

Pfizer

No

Nordam Group

No

Orthofix

No

Data Systems & Solutions

No

Biomet

No

BizJet / Lufthansa

Yes

Smith & Nephew

No

Marubeni

No

Magyar / Deutsche Telekom

No

The DOJ has long recognized that an FCPA enforcement program based solely on corporate fines is not effective and does not adequately deter future FCPA violations. For instance, in 1986 the DOJ Deputy Assistant Attorney General stated:

“If the risk of conduct in violation of the [FCPA] becomes merely monetary, the fine will simply become a cost of doing business, payable only upon being caught and in many instances, it will be only a fraction of the profit acquired from the corrupt activity. Absent the threat of incarceration, there may no longer be any compelling need to resist the urge to acquire business in any way possible.”

In 2010, the DOJ Deputy Chief of the Fraud Section likewise stated that a corporate fine-only FCPA enforcement program allows companies to calculate FCPA settlements as the cost of doing business.   In this new era, the DOJ has consistently stated that prosecution of individuals is a “cornerstone” of its FCPA enforcement strategy and in a 2012 speech the Assistant Attorney General stated: “If you look at the FCPA over the past 4 years, you’ll see we really have been vigorous about holding individuals accountable.” Add Caldwell’s recent statements to this long line of empty rhetoric.

Despite the rhetoric, the actual statistics demonstrate that FCPA enforcement is largely corporate enforcement only.

Issues To Consider From The Smith & Wesson Action

Wednesday, July 30th, 2014

This post highlights various issues to consider from this week’s Smith & Wesson Foreign Corrupt Practices Act enforcement action.

Should There Be a Difference?

If the U.S. government uses public taxpayer money to offer or pay a foreign government to induce the government to purchase military and law enforcement products, we construct programs around it and call it “Foreign Military Financing,” “Foreign Military Sales,” etc.

Yet, if a company offers or pays private shareholder money to a representative of a foreign government to induce the government to purchase military and law enforcement programs, the U.S. government calls it bribery.

Should there be a difference?

Either Enforce the FCPA or Don’t

The Department of Justice should either enforce the FCPA or not enforce the FCPA.  Period.  End of story.

The current system in which the DOJ makes opaque, arbitrary, non-reviewable discretionary decisions behind closed doors is contrary to the rule of law.

In the Smith & Wesson action, the SEC alleged that FCPA “violations took place from 2007 through early 2010, when a senior employee and other employees and representatives of Smith & Wesson made, authorized, and offered to make improper payments and/or to provide gifts to foreign officials in an attempt to win contracts to sell firearm products to foreign military and law enforcement departments.”  The culpable individuals were identified as Smith & Wesson’s Vice President of International Sales and its Regional Director of International Sales and the improper conduct concerned business practices in several countries (Pakistan, Indonesia, Turkey, Nepal and Bangladesh).

It’s not every SEC FCPA enforcement action that alleges a multi-year scheme in a number of countries involving a V.P. of International Sales and a Regional Director of International Sales under circumstances in which the company did not voluntarily disclose.

Nevertheless, as previously reported in June, Smith & Wesson disclosed that “the DOJ declined to pursue any FCPA charges against us and closed its investigation.”

Why did the DOJ “decline” to pursue FCPA charges against Smith & Wesson, yet Ralph Lauren (voluntary disclosure of conduct in one country involving one employee of an indirect subsidiary in which the company cooperated) receive a NPA?

Why did the DOJ “decline” to pursue FCPA charges against Smith & Wesson, yet Data Systems & Solutions (conduct in one country involving one employee in which the company cooperated) receive a DPA?

Numerous other examples could be cited as well, but let’s call a spade a spade.  The DOJ’s FCPA enforcement program is not always based on the rule of law, but often opaque, arbitrary, non-reviewable discretionary decisions made behind closed doors.

For instance, as highlighted in this prior post, last September the-then Chief of the DOJ’s FCPA Unit stated at an ABA conference that a large company (he did not provide the company’s name – other than it would be recognizable to the audience) was a “serial reporter” of FCPA issues to the DOJ’s FCPA Unit.  The FCPA Unit Chief said that this company has a “good compliance program and system” in place and does “robust” internal investigations when issues arise.  The FCPA Unit Chief further stated that he and his unit have a “relationship of trust” with this company and its counsel and that “frankly, most of the time” the issue is “not a particularly large issue.”  According to FCPA Unit Chief, this company remediates the issue and then it “goes on its way.”

The following quote (albeit from a different era) is most appropriate:

“We [practitioners] must be able to advise our clients as to whether their conduct violates the law, not whether this year’s crop of administrators is likely to enforce a particular alleged violation.  That would produce, in effect, a government of men and women rather than a government of law.”

There are reasons why the DOJ’s FCPA enforcement program is not as credible as it could and should be and is viewed by many as arbitrary.  The circumstances surrounding Smith & Wesson contribute to these reasons.

Ripples

In my recent article, “Foreign Corrupt Practices Act Ripples,” I highlight how settlement amounts in an actual FCPA enforcement action are often only a relatively minor component of the overall financial consequences that can result from FCPA scrutiny or enforcement in this new era.

Smith & Wesson is another instructive example of this dynamic (a dynamic that escapes many who write about the FCPA and try to argue that “bribery pays” by measuring settlements amounts vs. bribe payments or business allegedly obtained or retained).

The “Ripples” article talks about the “three buckets of FCPA financial exposure” as follows.

  • Bucket #1 = pre-enforcement action professional fees and expenses
  • Bucket #2 = enforcement action settlement amount
  • Bucket #3 = post-enforcement action professional fees and expenses

In the Smith & Wesson action we know bucket #2 (approximately $2 million).

To my knowledge, Smith & Wesson (like many companies) has not disclosed bucket #1, but it is safe to assume that bucket #1 far exceeded bucket #2, likely by a ratio of at least 2-3 to 1.

As indicated in the earlier post summarizing the SEC’s enforcement action, per the SEC’s order Smith & Wesson has review and reporting obligations to the SEC for a two-year period.  Again, it is safe to assume that bucket #3 will exceed bucket #2.

And then of course there are a variety of negative business consequences that often flow from FCPA scrutiny or enforcement as highlighted in the “Ripples” article.  For instance, in the Smith & Wesson action, the SEC stated, among other things, as follows regarding the company’s “remedial measures” – the company terminated its entire international sales staff; terminated pending international sales transactions; and re-evaluated the markets in which it sought international sales.  Again, it is safe to assume that the financial costs and consequences of these measures far exceeded bucket #2.

Is The DOJ Picking on Non-U.S. Companies and Individuals?

Wednesday, June 18th, 2014

Today’s post is from David Simon (Foley & Lardner).

*****

The debate over whether the United States should impose its values on the rest of the world through enforcement of the Foreign Corrupt Practices Act (“FCPA”) is over.

Almost everyone now rejects the cultural relativist argument—that there are different business cultures in different parts of the world, and that the United States should respect those differences and refrain from imposing our standards of doing business on U.S. companies operating abroad.  Rather, the rise of anti-corruption legislation, the proliferation of OECD standards, and increased enforcement—not only by the United States, but by many countries enforcing their own anticorruption laws—all show an emerging consensus that corruption of this nature is objectively bad.  The United States should be commended for leading the way on this.

Yet the recent enforcement activity of the Department of Justice[i] (“DOJ”) raises questions as to whether it is enforcing the FCPA in a manner consistent with the statute’s purpose (and the overarching purpose of domestic criminal law).  According to Deputy Assistant Attorney General James Cole, whose remarks are available here, that purpose is U.S.-centric:

“In enacting the FCPA … Congress recognized that foreign bribery had tarnished the image of U.S. businesses, impaired public confidence in the financial integrity of U.S. companies, and had hampered the functioning of markets, resulting in market inefficiencies, market instability, sub-standard products and services, and an unfair playing field.”

True enough, but it is hard to dispute that the focus of FCPA enforcement has to some extent shifted away from U.S. businesses and citizens.  As noted on FCPA Professor, eight of the top ten corporate FCPA settlements have involved non-U.S. businesses.

Likewise, the number of individual FCPA prosecutions against non-U.S. citizens has been increasing.  In recent years, individual criminal prosecutions have been brought against citizens of the Ukraine, Hungary, Slovakia, Switzerland, Venezuela, and Sri Lanka—and some involve very tenuous connections to the United States.

For example, as previously highlighted on this blog, in December 2011 the DOJ charged, among others, former Siemens executive and German national Stephan Signer under the FCPA based on conduct concerning the Argentine prong of the 2008 Siemens enforcement action.  The jurisdictional allegation against Signer was that he caused Siemens to transfer two wires to bank accounts in the United States in furtherance of a scheme to bribe Argentine government officials.[ii]

I do not argue that the FCPA does not permit the DOJ to charge non-U.S. citizens or companies.  Indeed, the 1998 amendments make it clear that Congress intended to give the DOJ that power, providing it with jurisdiction over several categories of non-U.S. entities and individuals.  It should be noted, however, that the DOJ has adopted a markedly broad interpretation of the FCPA’s territorial jurisdiction provisions, resulting in increasingly attenuated connections between the United States and individual defendants like Mr. Signer.  These connections may include merely “placing a telephone call or sending an e-mail, text message, or fax from, to, or through the United States.”[iii]  The legal significance of these increasingly tenuous jurisdictional justifications, previously referred to on FCPA Professor as “de facto extraterritorial jurisdiction,” remains a contentious, and related, issue.

The question I raise here is not whether the DOJ’s policy of enforcement is legal, but whether such a focus (or, at least, the perception of such a focus) on non-U.S. persons and companies is prudent and appropriate.  In describing the principles underlying the jurisdiction to prescribe, the American Law Institute (“ALI”) notes that the United States has “generally refrained from exercising jurisdiction where it would be unreasonable to do so.”[iv]  But “[a]ttempts by some states—notably the United States, to apply their law on the basis of very broad conceptions of territoriality or nationality [has bred] resentment and brought forth conflicting assertions of the rules of international law.”[v]  Indeed.

The concerns I have about this are not confined to FCPA enforcement.  The same trend is apparent in other areas of the law, such as economic sanctions and export controls.  The pattern of enforcement being concentrated against non-U.S. companies is shown just as sharply under those laws, with the recent economic sanctions against such firms as ING Bank ($619 million against Netherlands financial institution), Royal Bank of Scotland ($100 million against UK financial institution), and Credit Suisse ($536 million against Swiss financial institution).  With the U.S. Government reportedly considering the first $10 billion penalty for violations of U.S. economic sanctions laws against BNP Paribas (a French financial institution), French President Francois Hollande reportedly has personally lobbied against what is perceived as an unfair singling out of an EU financial institution for payment of such a large fine.  To the French Government, at least, the inequity of the U.S. Government assessing a fine that surpasses the entire yearly profits of one of the largest French financial institutions is plain.

The pattern of enforcement described above, should it be allowed to continue, sends a message to the rest of the world that the DOJ is mostly interested in big dollar settlements and soft foreign targets.  Is this the message we wish to send to our foreign allies in the fight against corruption?

Although the DOJ’s application of the FCPA (and other laws governing international business conduct)  to prosecute increasing numbers of foreign persons may be legal, and technically “reasonable” at international law, that does not necessarily make it appropriate or advisable.  Rather, these attempts to apply a broad conception of territoriality in pursuit of greater numbers of prosecutions and larger settlements may be more damaging than DOJ perceives.  This has the potential to undermine the U.S. position that anti-corruption is a global issue, and counteracts the progress the U.S. has made in altering its image from that of an overreaching imperialist power to a competent and moderate leader in the creation and enforcement of global anti-corruption norms.

*****

This article in today’s New York Times DealBook discusses many of the same issues highlighted in the above post.


[i] I focus here principally on the DOJ, not the SEC.  The DOJ, of course, is a law enforcement agency charged with enforcing criminal laws.  The SEC is a regulatory agency, and the companies and individuals subject to its jurisdiction essentially opt in by taking advantage of the U.S.’s financial markets.

[ii] Indictment at 40, United States v. Uriel Sharef, et. al., 11CR-1-56 (S.D.N.Y 2011), available at http://www.justice.gov/criminal/fraud/fcpa/cases/sharef-uriel/2011-12-12-siemens-ndictment.pdf.

[iii] See U.S. Dep’t of Justice & U.S. Sec. Exch. Comm’n, A Resource Guide to the U.S. Foreign Corrupt Practices Act, 11 (Nov. 14, 2012), available at http://www.justice.gov/criminal/fraud/fcpa/guide.pdf.

[iv] Restatement (Third) of the Foreign Relations Law of the United States, § 403 cmt. a. (1986).

[v] Id. at Chapter One: Jurisdiction to Prescribe, Subchapter A.: Principles of Jurisdiction to Prescribe, Introductory Note.

Calls For Action Regarding How DOJ Resolves Alleged Instances Of Corporate Crime

Wednesday, May 7th, 2014

Deferred prosecution and non-prosecution agreements of course are not unique to Foreign Corrupt Practices Act enforcement. However, year-after-year the most prominent use of NPAs and DPAs tends to be in connection with FCPA enforcement.  (See here for Gibson Dunn’s useful summary of NPAs and DPAs).

Thus, last week’s introduction of H.R. 4540 “Accountability in Deferred Prosecution Act of 2014″ by Representative Bill Pascrell (D-NJ) is relevant to FCPA enforcement.

In short, the bill provides, among other things, as follows.

“In order to promote uniformity and to assist prosecutors and organizations as they negotiate and implement deferred prosecution agreements and nonprosecution agreements, the Attorney General shall, not later than 90 days after the date of the enactment of this Act, issue public written guidelines [concerning a variety of issues] for deferred prosecution agreements and nonprosecution agreements.”

I have long called for NPAs and DPAs to be abolished in the FCPA context so long as such reform is coupled with a compliance defense.  (See here and here).  Thus, I do not believe that H.R. 4540 goes far enough in reining in the alternate world that the DOJ has created and championed through frequent use of NPAs and DPAs.  However, H.R. 4540 highlights that Congress need not be a “potted plant” when it comes to how DOJ resolves alleged instances of corporate crime.

H.R. 4540 is not the first time that Representative Pascrell has introduced the “Accountability in Deferred Prosecution Act.”  See here for a similar bill introduced in 2009.

*****

Last week, Ralph Nader, Public Citizen and the Center for Corporate Policy sent this letter to Attorney General Eric Holder urging the Justice Department to prepare an annual report and public database on corporate crime.  The letter states:

“Currently, the DOJ does not compile comprehensive data on corporate crime.  This is a notable oversight.  It is as if the Department of Education had no measures for how well our children learn, or if the U.S. Department of Agriculture had no idea of how much wheat or corn our farmers grew.  The failure to measure can lead to sloppy thinking, bad decisions and entrenched neglect.  We urge the DOJ to equip itself with the power afforded by measurement and data analysis.”

The letter further states:

“The DOJ should also issue an annual report on corporate crime.  At a minimum, the report should provide an estimate of the total annual cost of corporate crime in the United States. It should include not only costs of crimes committed by individuals against businesses and investors (white collar crime), but also the costs that corporate crime imposes on the rest of society, such as the trillions of dollars lost, and millions of Americans who lost their jobs, due to the mortgage fraud-induced financial crisis of 2008-9.  The report should present an analysis of trends in corporate crime and an explanation of the relative effectiveness of different sanctions. While the UCR [Uniform Crime Reporting Program] does measure certain forms of white collar crime, it is far from a thorough treatment of corporate crime. The DOJ’s annual corporate crime report should also tally data about prosecutions. This should include the number of cases referred to U.S. attorneys for prosecution each year by the FBI or other federal and state agencies, as well as the status and ultimate disposition (i.e. how many referrals were prosecuted; how many prosecuted were found guilty; how many settled with deferred and non prosecution agreements; the magnitude and kind of penalties involved; how many cases settled).”

Readers likely know that the DOJ and SEC have FCPA specific websites (here and here); however both websites are incomplete in certain respects.  For instance, the DOJ website does not contain several FCPA enforcement actions (I recently requested information from the DOJ concerning the following FCPA enforcement actions:  U.S. v. UNC/Lear Services and U.S. v. Litton Applied Technology Division).

As relevant to the above letter to Attorney General Holder and as this previous post highlighted, the DOJ does not even know whether NPAs and DPAs deter future conduct in the FCPA context.  In response to an OECD question concerning deterrence, the DOJ merely stated:

“Scholars have recognized that quantifying deterrence is extremely difficult. This is equally true for the deterrent effect of DPAs and NPAs. Thus, as discussed at the time this recommendation was made, measuring ‘the impact of NPAs and DPAs in deterring the bribery of foreign public officials’ would be a difficult task, save providing certain anecdotal and other circumstantial evidence.”