This recent post highlighted the SEC FCPA enforcement action against Mead Johnson Nutrition Company.
This post continues the analysis by highlighting various issues to consider from the enforcement action. In sum, the short enforcement action contains several troubling issues that should cause alarm.
Imagine a Foreign Corrupt Practices Act enforcement action without one single meaningful factual allegation against the corporate defendant resolving the action.
You don’t have to imagine. All you have to do is read the slim administrative cease and desist order against Mead Johnson.
The action was based on alleged conduct in China engaged in by Mead Johnson Nutrition (China) Co., Ltd. There was no finding, inference or suggestion in the SEC’s order that anyone associated with Mead Johnson, the issuer resolving the enforcement action, had knowledge of, participated in, or acquiesced in the improper conduct.
Rather, the order merely states the perfuctory finding that “Mead Johnson China’s books and records were consolidated into Mead Johnson’s books and records, thereby causing Mead Johnson’s consolidated books and records to be inaccurate” together with the conclusory legal finding that “Mead Johnson failed to devise and maintain an adequate system of internal accounting controls over Mead Johnson China’s operations sufficient to prevent and detect the improper payments that occurred over a period of years.”
Invoking a Standard That Does Not Even Exist In the FCPA
Relevant to the above conclusory legal finding, the SEC’s finding that issuers must devise and maintain internal controls “sufficient to prevent and detect” improper payments does not even exist in the FCPA.
As previously highlighted in this article ( “Why You Should Be Alarmed By the ADM FCPA Enforcement Action”) and subsequently in connection with other recent SEC enforcement actions, invocation of a ‘‘failure to prevent or detect’’ internal controls standard is alarming because such a standard does not even exist in the FCPA and is inconsistent with actual legal authority. Just as important, such a standard is inconsistent with enforcement agency guidance relevant to the internal-controls provisions.
The internal-controls provisions are specifically qualified through concepts of reasonableness and good faith. This statutory standard is consistent with congressional intent in enacting the provisions. Relevant legislative history states: ”
“While management should observe every reasonable prudence in satisfying the objectives called for [in the books-and-records and internal-controls provisions], . . . management must necessarily estimate and evaluate the cost/benefit relationships to the steps to be taken in fulfillment of its responsibilities . . . . The size of the business, diversity of operations, degree of centralization of financial and operating management, amount of contact by top management with day-to-day operations, and numerous other circumstances are factors which management must consider in establishing and maintaining an internal accounting controls system.”
As highlighted here, the only judicial decision to directly address the substance of the internal-controls provisions states, in pertinent part, as follows:
“The definition of accounting controls does comprehend reasonable, but not absolute, assurances that the objectives expressed in it will be accomplished by the system. The concept of ‘‘reasonable assurances’’ contained in [the internal control provisions] recognizes that the costs of internal controls should not exceed the benefits expected to be derived. It does not appear that either the SEC or Congress, which adopted the SEC’s recommendations, intended that the statute should require that each affected issuer install a fail-safe accounting control system at all costs. It appears that Congress was fully cognizant of the cost-effective considerations which confront companies as they consider the institution of accounting controls and of the subjective elements which may lead reasonable individuals to arrive at different conclusions. Congress has demanded only that judgment be exercised in applying the standard of reasonableness.”
In addition, various courts have held—in the context of civil derivative actions in which shareholders seek to hold company directors liable for breach of fiduciary duties due to the company’s alleged FCPA violations— that just because improper conduct allegedly occurred somewhere within a corporate hierarchy does not mean that internal controls must have been deficient.
The ‘‘failure to prevent and detect’ standard is also alarming when measured against the enforcement agencies’ own guidance concerning the internal controls provisions. As highlighted here, the SEC’s most extensive guidance on the internal controls provisions states, in pertinent part, as follows:
“The accounting provisions’ principal objective is to reaching knowing or reckless conduct.”
“Inherent in this concept [of reasonableness] is a toleration of deviations from the absolute. One measure of the reasonableness of a system relates to whether the expected benefits from improving it would be significantly greater than the anticipated costs of doing so. Thousands of dollars ordinarily should not be spent conserving hundreds. Further, not every procedure which may be individually cost-justifiable need be implemented; the Act allows a range of reasonable judgments.”
“The test of a company’s internal control system is not whether occasional failings can occur. Those will happen in the most ideally managed company. But, an adequate system of internal controls means that, when such breaches do arise, they will be isolated rather than systemic, and they will be subject to a reasonable likelihood of being uncovered in a timely manner and then remedied promptly. Barring, of course, the participation or complicity of senior company officials in the deed, when discovery and correction expeditiously follow, no failing in the company’s internal accounting system would have existed. To the contrary, routine discovery and correction would evidence its effectiveness.”
Internal Controls – Which Is It?
Another trouble featuring of the Mead Johnson enforcement action is that the SEC makes contradictory findings regarding Mead Johnson’s internal controls.
On the one hand, the SEC finds:
“Mead Johnson has established internal policies to comport with the FCPA and local laws, and to prevent related illegal and unethical conduct. Mead Johnson’s internal policies include prohibitions against providing improper payments and gifts to HCPs that would influence their recommendation of Mead Johnson’s products.”[...]The use of the Distributor Allowance to improperly compensate HCPs was contrary to management’s authorization and Mead Johnson’s internal policies.”
Yet on the other hand, the SEC order contains the following conclusory legal finding:
“Mead Johnson failed to devise and maintain an adequate system of internal accounting controls over Mead Johnson China’s operations sufficient to prevent and detect the improper payments that occurred over a period of years.”
The Simplicity of But For
Numerous prior posts (see here along with embedded posts therein) have examined the simplicity of but for allegations or findings in FCPA enforcement actions (i.e. but for the alleged improper payments, the company would not have obtained or retained the alleged business at issue).
The Mead Johnson enforcement action contains such a simplistic finding as the SEC stated that Mead Johnson China “made improper payments to certain health care professionals (“HCPs”) at state-owned hospitals in China to recommend Mead Johnson’s nutrition products to, and provide information about, expectant and new mothers.” (emphasis added).
The but for inference is that without the alleged improper payments, the HCP’s would not have recommended Mead Johnson’s nutrition products.
Such a finding is fanciful.
Mead Johnson’s products (and those of other Western companies) are market leaders in China for the simple fact that “foreign infant formula became preferred by Chinese consumers after a milk scandal in 2008 in which domestic [Chinese] manufacturers mixed melamine with their infant formula products. Six infants died of severe kidney damage and an estimated 300,000 babies suffered painful kidney stones, causing Chinese customers to lose confidence in domestic [Chinese] infant formula products.” (See here and here).
Alarming Language from the SEC
As troubling as the above issues are, the most alarming aspect of the short Mead Johnson enforcement action is the seeming suggestion by the SEC that issuers have an obligation to self-report internal investigation results that do not find evidence of FCPA violations.
By way of background, the SEC’s order states that in 2011 “Mead Johnson received an allegation of possible violations of the FCPA in connection with the Distributor Allowance in China. In response, Mead Johnson conducted an internal investigation, but failed to find evidence that Distributor Allowance funds were being used to make improper payments to HCPs. Thereafter, Mead Johnson China discontinued Distributor Allowance funding to reduce the likelihood of improper payments to HCPs, and discontinued all practices related to compensating HCPs by 2013.” (Emphasis Added).
Even though the SEC noted that Mead Johnson’s internal investigation failed to find evidence of FCPA violations, the SEC’s order next states: “Mead Johnson did not initially self-report the 2011 allegation of potential FCPA violations and did not thereafter promptly disclose the existence of this allegation in response to the Commission’s inquiry into this matter.” Subsequently, the SEC’s order similarly states: “Despite not self-reporting the 2011 allegation of potential FCPA violations or promptly disclosing the existence of this allegation in response to the Commission’s inquiry into this matter, Mead Johnson subsequently provided extensive and thorough cooperation.”
Perhaps it was merely inartful language, but if the SEC’s position is that issuers have an obligation to self-report internal investigation results that do not find evidence of FCPA violations, then such a position is truly alarming and without any legal support.
Nevertheless, the time between public disclosure and the enforcement action was less than two years, an unusually speedy resolution given that the norm in FCPA inquiries is often 2-4 years with several examples in the 5-7 year range.