These citations are not inaccurate, but nor do they tell the whole story of World-Wide Coin’s holding.

So what does World-Wide Coin really say about the FCPA’s books and records and internal control provisions?

For starters, World-Wide Coin, amazingly  given the generic nature of the FCPA books and records and internal controls provisions, appears to be the only judicial decision that directly addresses the substance of these provisions.  [If anyone is familiar with another such case, please let me know].  Yes, there are hundreds of cases if you run a search that include passing reference to the FCPA’s books and records and internal control provisions, but the decisions are generally void of substantive analysis.

The pertinent holding of World-Wide Coin, in the words of Judge Robert Vining, is as follows.

“The definition of accounting controls does comprehend reasonable, but not absolute, assurances that the objectives expressed in it will be accomplished by the system. The concept of “reasonable assurances” contained in [internal control provisions] recognizes that the costs of internal controls should not exceed the benefits expected to be derived. It does not appear that either the SEC or Congress, which adopted the SEC’s recommendations, intended that the statute should require that each affected issuer install a fail-safe accounting control system at all costs. It appears that Congress was fully cognizant of the cost-effective considerations which confront companies as they consider the institution of accounting controls and of the subjective elements which may lead reasonable individuals to arrive at different conclusions. Congress has demanded only that judgment be exercised in applying the standard of reasonableness. [...] It is also true that the internal accounting controls provisions contemplate the financial principle of proportionality—what is material to a small company is not necessarily material to a large company.”

That remainder of this post summarizes the facts and holding of World-Wide Coin.

Factually, World-Wide Coin was an egregious case and the FCPA issues addressed were not very difficult for Judge Vining in ruling on the SEC’s request for a permanent injunction.  The case involved a wide-ranging securities fraud action involving World-Wide Coin, a business engaged primarily in the wholesale and retail sale of rare coins, precious metals, gold and silver coins, and bullion.  Its stock was registered with the SEC and listed on the Boston Stock Exchange.  Joseph Hale was the company’s controlling shareholder, chairman of the board, chief executive officer and president and Floyd Seibert was a member of the board and served as the company’s one-man audit committee.

In the words of Judge Vining:

“The deterioration of World-Wide’s internal controls and accounting procedures constituted the primary thrust of the SEC’s complaint.  The SEC contended that the combination of late filings, lack of internal controls, transactions unsupported by adequate documentation, and a total disregard for proper accounting procedures resulted in the precarious position of the company.  [...] The company’s accounting books were virtually ignored.  General ledgers and general journals were not kept, and the checks written on World-Wide’s five checking accounts were not reconciled.”

Judge Vining described a bookkeeper hired by the company as follows.  “[She] was not a high school graduate; her only experience for this position consisted of five months of vocational school training and seven years of bookkeeping for a privately held lumber company.”

Judge Vinings findings of fact also highlights how the accounting firm Kanes, Benator & Co., retained by the company as an independent auditor, wrote a letter to the company “expressing grave concern over certain accounting procedures and lack of internal controls that [it] considered to be detrimental to the company. […] This letter [notified] World-Wide of its deficiencies in its internal accounting controls …”  Yet, “even with this official notice that improvements were needed, Hale and Seibert did nothing to remedy the situation, and the criticisms of [it] were virtually ignored.”

With respect to a 10K report, the individuals “prepared it themselves without the assistance of counsel and it contained” numerous misrepresentations.  “The company’s problems increased […] mostly resulting from its chaotic bookkeeping practices and total disregard for an adequate internal control system.”   The decision goes into great detail concerning the “problems that occurred at the company with respect to internal controls and accounting procedures” such as “(1) inventory problems, (2) problems with separation of duties and the lack of documentation of transactions, and (3) problems with the books, records, and accounting procedures of the company.”

As to the defendants’ position, the decision states as follows.

“With respect to the SEC’s allegations of violations of the [FCPA], the defendants presented a cost/benefit argument, contending that a company the size of World-Wide should not be subjected to overly burdensome internal controls systems requirements, and accounting procedures, since compliance with such requirements would, as a practical matter, put small companies such as World-Wide out of business.”

Judge Vining called the FCPA’s provisions on accounting controls “short and deceptively straight-forward.”   He stated as follows.

“The only express congressional requirement for accuracy is the phrase ‘in reasonable detail.’  Although [the books and records provisions] expects management to see that the corporation’s recordkeeping system is adequate and effectively implemented, how the issuer goes about this task is up to management; the FCPA provides no guidance, and this court cannot issue any kind of advisory opinion.  Just as the degree of error is not relevant to an issuer’s responsibility for any inaccuracies, the motivations of those who erred are not relevant.  There are no words in [the books and record provisions] indicating that Congress intended to impose a scienter requirement …”.

Judge Vining continued as follows.

“Like the recordkeeping provisions of the Act, the internal controls provision is not limited to material transactions or to those above a specific dollar amount.  While this requirement is supportive of accuracy and reliability in the auditor’s review and financial disclosure process, this provision should not be analyzed solely from that point of view.  The internal controls requirement is primarily designed to give statutory content to an aspect of management stewardship responsibility, that of providing shareholders with reasonable assurances that the business is adequately controlled.”

“Internal accounting control is, generally speaking, only one aspect of a company’s total control system; in order to maintain accountability for the disposition of its assets, a business must attempt to make it difficult for its assets to be misappropriated. The internal accounting controls element of a company’s control system is that which is specifically designed to provide reasonable, cost-effective safeguards against the unauthorized use or disposition of company assets and reasonable assurances that financial records and accounts are sufficiently reliable for purposes of external reporting.  [...] Internal accounting controls must be distinguished from the accounting system typically found in a company. Accounting systems process transactions and recognize, calculate, classify, post, summarize, and report transactions. Internal controls safeguard assets and assure the reliability of financial records, one of their main jobs being to prevent and detect errors and irregularities that arise in the accounting systems of the company. Internal accounting controls are basic indicators of the reliability of the financial statements and the accounting system and records from which financial statements are prepared.”

Among the factors that determine the internal accounting control environment of a company are its organizational structure, including the competence of personnel, the degree and manner of delegation and responsibility, the quality of internal budgets and financial reports, and the checks and balances that separate incompatible activities. The efficiency of the internal control system of a company cannot be evaluated without considering the company’s organizational structure, the caliber of its employees, the strength of its audit committee, the effectiveness of its internal audit operation, and a host of other factors which, while not part of the internal control system itself, have an impact on the function of the system.”

“Although not specifically delineated in the Act itself, the following directives can be inferred from the internal controls provisions: (1) Every company should have reliable personnel, which may require that some be bonded, and all should be supervised. (2) Account functions should be segregated and procedures designed to prevent errors or irregularities. The major functions of recordkeeping, custodianship, authorization, and operation should be performed by different people to avoid the temptation for abuse of these incompatible functions. (3) Reasonable assurances should be maintained that transactions are executed as authorized. (4) Transactions should be properly recorded in the firm’s accounting records to facilitate control, which would also require standardized procedures for making accounting entries. Exceptional entries should be investigated regularly. (5) Access to assets of the company should be limited to authorized personnel. (6) At reasonable intervals, there should be a comparison of the accounting records with the actual inventory of assets, which would usually involve the physical taking of inventory, the counting of cash, and the reconciliation of accounting records with the actual physical assets. Frequency of these comparisons will usually depend on the cost of the process and upon the materiality of the assets involved.”

Judge Vining then stated as follows.

“The main problem with the internal accounting controls provision of the FCPA is that there are no specific standards by which to evaluate the sufficiency of controls; any evaluation is inevitably a highly subjective process in which knowledgable individuals can arrive at totally different conclusions. Any ruling by a court with respect to the applicability of both the accounting provisions and the internal accounting control provisions should be strictly limited to the facts of each case.”

Judge Vining then summarized the defendants’ arguments as follows.

“The defendants in the instant case contend that the SEC has misconstrued the provisions of the FCPA relating to a knowledge requirement, contending that the SEC must show scienter. The defendants further state that the SEC does not allege a knowing attempt to circumvent for an improper purpose an internal control system required by law and that the complaint ignores all considerations of the costs and benefits of internal accounting controls and seeks to require World-Wide to maintain a system of controls that would destroy the company.”

Judge Vining then stated as follows.

“The definition of accounting controls does comprehend reasonable, but not absolute, assurances that the objectives expressed in it will be accomplished by the system. The concept of “reasonable assurances” contained in section 13(b)(2)(B) recognizes that the costs of internal controls should not exceed the benefits expected to be derived. It does not appear that either the SEC or Congress, which adopted the SEC’s recommendations, intended that the statute should require that each affected issuer install a fail-safe accounting control system at all costs. It appears that Congress was fully cognizant of the cost-effective considerations which confront companies as they consider the institution of accounting controls and of the subjective elements which may lead reasonable individuals to arrive at different conclusions. Congress has demanded only that judgment be exercised in applying the standard of reasonableness. The size of the business, diversity of operations, degree of centralization of financial and operating management, amount of contact by top management with day-to-day operations, and numerous other circumstances are factors which management must consider in establishing and maintaining an internal accounting controls system. However, an issuer would probably not be successful in arguing a cost-benefit defense in circumstances where the management, despite warnings by its auditors or significant weaknesses of its accounting control system, had decided, after a cost benefit analysis, not to strengthen them, and then the internal accounting controls proved to be so inadequate that the company was virtually destroyed.  It is also true that the internal accounting controls provisions contemplate the financial principle or proportionality—what is material to a small company is not necessarily material to a large company.”

Judge Vining concluded his decision as follows.

“This court has already declined to adopt the defense offered by the defendants that the accounting controls provisions of the FCPA require a scienter requirement. The remainder of World-Wide’s defense appears to be that such a small operation should not be required to maintain an elaborate and sophisticated internal control system, since the costs of implementing and maintaining it would financially destroy the company. It is true that a cost/benefit analysis is particularly relevant here, but it remains undisputed that it was the lack of any control over the inventory and inadequate accounting procedures that primarily contributed to World-Wide’s demise. No organization, no matter how small, should ignore the provisions of the FCPA completely, as World-Wide did. Furthermore, common sense dictates the need for such internal controls and procedures in a business with an inventory as liquid as coins, medals, and bullion.”

“The evidence in this case reveals that World-Wide, aided and abetted by Hale and Seibert, violated the provisions of section 13(b)(2)(B) of the FCPA.  As set forth in the factual background portion of this order, the internal recordkeeping and accounting controls of World-Wide has been sheer chaos since Hale took over control of the company. For example, there has been no procedure implemented with respect to writing checks: employees have had access to presigned checks; source documents were not required to be prepared when a check was drawn; employees have not been required to obtain approval before writing a check; and, even when a check was drawn to cash, supporting documentation was usually not prepared to explain the purpose for which the check was drawn. In addition to extremely lax security measures such as leaving the vault unguarded, there has been no separation of duties in the areas of purchase and sales transactions, and valuation procedures for ending inventory. Furthermore, no promissory notes or other supporting documentation has been prepared to evidence purported loans to World-Wide by Hale or by his affiliate companies.”

“Since Hale obtained control of World-Wide, employees have not been required to write source documents relating to the purchase and sale of coins, bullion, or other inventory. Because of this total lack of an audit trail with respect to these transactions and the disposition of World-Wide’s assets, it has been virtually impossible to determine if an item has been sold at a profit or at a loss. Furthermore, there are more than $1,700,000 worth of checks drawn to Hale or to Hale’s affiliates, or to cash, for which no adequate source documentation exists. Furthermore, Hale and Seibert knew that the medallions that were sold to World-Wide by Hale in 1979 were overvalued and unmarketable. Even so, they allowed the incorrect value of the medallions to be entered on the books of World-Wide. They also knew that the company’s books and records were neither accurate nor complete. Pursuant to their directives, source documents were not prepared with respect to the transfer of funds; additionally, no audit trail was maintained for the acquisition and disposition of inventory. Furthermore, it appears that there were numerous false and misleading statements and omissions in the company’s numerous reports to the SEC, many of which were filed late or not at all.”

“Individually, the acts of these defendants do not appear so egregious as to warrant the full panoply of relief requested by the SEC nor to impose complete liability under the FCPA. However, the court cannot ignore the all-pervasive effect of the combined failure to act, failure to keep accurate records, failure to maintain any type of inventory control, material omissions and misrepresentations, and other activities which caused World-Wide to decrease from a company of 40 employees and assets over $2,000,000 to a company of only three employees and assets of less than $500,000. It is evident that World-Wide, Hale, and Seibert violated all provisions contained in section 13(b)(2)(A) and (B) and the SEC’s rules promulgated thereunder.”

If This Is The Standard, Then Every Issuer Is An FCPA Violater.

This previous post discussed how the SEC’s August 2012 FCPA enforcement action against Oracle diluted FCPA enforcement to a new level.

The SEC’s China allegations against Lilly further dilutes FCPA enforcement.  The focus of the allegations is that sales representatives at Lilly-China, between 3-6 years ago, submitted false expense reports for items such as wine, speciality foods, a jade bracelet, meals, visits to bath houses, card games, karaoke bars, door prizes, spa treatments and cigarettes.  Because the SEC charged only FCPA books and records and internal controls violations based on these allegations, the identity of the ultimate recipients was not relevant, although the SEC did allege that the ultimate recipients were ”government-employed physicians.”

If the SEC’s position is that an issuer violates the FCPA’s books and records and internal controls provisions because some employees, anywhere within its world-wide organization, submit false expense reports for such nominal and inconsequential items, then every issuer has violated and will continue to violate the FCPA.

Once again, the SEC’s charging decisions prove hallow its recent Guidance related rhetoric.  (See here for the prior post).

What Is Really Being Accomplished?

Let me state for the record, lest there be any misunderstanding, that I support strong FCPA enforcement as to conduct Congress intended to capture in passing the FCPA, that adheres to fundamental legal principles, and that actually makes a difference in accomplishing the FCPA’s objective.  My criticisms and concerns of the DOJ and SEC’s FCPA enforcement has been across a wide spectrum, including that in egregious instances of corporate bribery, the DOJ has been too lenient.  See here for my article “The Facade of FCPA Enforcement” and here for my November 2010 Senate testimony.

To be sure, certain things were accomplished by the Lilly enforcement action.  $29.4 million was added to the U.S. treasury and FCPA Inc.’s pre-enforcement action professional fees and expenses likely exceeded that amount.

Beyond this, it is an open question whether the Lilly enforcement action really accomplished anything.

For starters, let’s start with the SEC’s mission.  As stated on its website, the SEC’s mission is ”to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.”

How is this mission accomplished by the Poland and Russia allegations in the SEC’s complaint?

The Poland allegations concern approximately $39,000 in payments made by Lilly-Poland approximately 12 years ago to a legitimate and bona fide Polish charitable foundation, albeit one allegedly headed by the Director of a Government Health Fund.

The Russia allegations, the only allegations in the complaint that give rise to FCPA anti-bribery charges, concern the conduct of Lilly-Vostok and its use of various third parties in connection with government pharmaceutical business.  There is only one paragraph in the SEC’s complaint concerning specific knowledge of the alleged improper conduct and that paragraph (para. 28 of the complaint) cites a Lilly-Vostok e-mail from 18 years ago and another Lilly-Vostok e-mail from 13 years ago.

The same what is really being accomplished question could also be asked concerning a post-enforcement action requirement imposed on Lilly by the SEC.

The SEC devoted a paragraph of its complaint to “Lilly’s Remedial Measures” and stated as follows.

“Since the time of the conduct noted in this Complaint, Lilly has made improvements to its global anti-corruption compliance program, including: enhancing anticorruption due diligence requirements for relationships with third parties; implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption; enhancing financial controls and governance; and expanding anti-corruption training throughout the organization.”

In other words, per the SEC, over the last approximate decade, Lilly has made extensive enhancements to its FCPA compliance program.  Against this backdrop, what is really being accomplished by the requirement that Lilly engage a compliance consultant for a 60 day period?

“Check The Box” Due Diligence?

One of the greater frustrations I experienced during my FCPA practice career was attending meetings with SEC FCPA enforcement attorneys and learning of the alternate world they lived in.  In their alternate world, companies – 7 to 10 years ago – were supposed to have current FCPA best practices throughout their organization and the absence of such current best practices was evidence of FCPA books and records and internal control violations.

I was reminded of this alternate world when reading the SEC’s release (here) in connection with the Lilly enforcement action.  In it, Kara Novaco Brockmeyer (Chief of the SEC Enforcement Division’s Foreign Corrupt Practices Unit) stated as follows. “Eli Lilly and its subsidiaries possessed a ‘check the box’ mentality when it came to third-party due diligence.”

“Check the Box” due diligence?

The SEC’s allegations concerning due diligence (or lack thereof) focus on the conduct of Lilly-Vostok, a Russian subsidiary, between 1994 through 2005.  In other words, 7 to 18 years ago.   Even the SEC acknowledged that, as to the relevant third-parties, ”Lilly’s due diligence” consisted of “ordering a Dun and Bradstreet report and conducting a search using an internet service to scan publicly available information.”  Elsewhere, the SEC acknowledges that Lilly-Vostok “in conjunction with outside counsel” conducted due diligence on various third parties.

Effective due diligence?  Probably not – the SEC alleges that certain beneficial owners were not identified and that there was no documentation that certain third parties were capable of performing the engaged services.  Due diligence consistent with today’s best practices?  Probably not.

Yet to call such due diligence efforts – which took place 7 to 18 years ago – “check the box” is emblematic of the SEC’s alternate reality.

The Double Standard On Display

I have frequently written about the FCPA’s double standard.  (See here for all prior posts).  The double standard regards the seemingly obvious fact that there is little intellectual or moral consistency between enforcement of the FCPA and enforcement of the U.S. domestic bribery statute (18 USC 201).  The double standard is present when a U.S company’s interaction with a “foreign official” is subject to more scrutiny and different standards than its interaction with a U.S. official.

Prior double standard posts (here and here) have explored the frequency in which U.S. business gives to charitable donations favored by influential politicans.  No consequences or legal action is taken.

Yet when a U.S. company gives to charitable donation favored by foreign politicians - well that is stuff of bribery and corruption.  In addition to the Chudow (Poland) Castle Foundation allegations in the SEC’s Lilly complaint, is the following allegation concerning Russia.

“From 2005 through 2008, Lilly-Vostok made various proposals to government officials in Russia regarding how Lilly-Vostok could donate to or otherwise support various initiatives that were affiliated with public or private institutions headed by the government officials or otherwise important to the government officials. Examples included their personal participation or the participation of people from their institutions in clinical trials and international and regional conferences and the support of charities and educational events associated with the institutes. At times, these proposals to government officials were made in a communication that also included a request for assistance in getting a product reimbursed or purchased by the government. Generally, Lilly-Vostok personnel believed these proposals were proper because of their relevance to public health issues and many of the proposals were reviewed by counsel. Nonetheless, Lilly-Vostok did not have in place internal controls through which such proposals were vetted to ascertain whether Lilly-Vostok was offering something of value to a government official for a purpose of influencing or inducing him or her to assist Lilly-Vostok in obtaining or retaining business.”

No DOJ Involvement

As indicated in the prior Lilly post, the Lilly enforcement action was the latest in a series of FCPA enforcement actions begun in 2011 against pharmaceutical / health care-related companies.  All actions (Johnson & Johnson, Smith & Nephew, Biomet, and Pfizer) have been based on the same general set of allegations (things of value to various foreign health care providers for an alleged business purpose).  However, the Lilly enforcement action is the only enforcement action with no DOJ involvement.  In “The Facade of FCPA Enforcement,” I discuss how the lack of enforcement transparency contributes to the facade of enforcement when the same core set of facts are resolved with materially different results.

A Message For Internal Audit

I have long discussed (see here and here for prior posts and here for a recent interview) the importance of FCPA goggles for internal audit and finance professionals – meaning that internal audit and finance personnel should be specifically trained to approach their specific job functions not only in the traditional way, but also with “FCPA goggles” on.  I have noted that it is clear from recent FCPA enforcement actions that the SEC expects much more from non-legal personnel when it comes to FCPA compliance, including the ability to spot FCPA issues and display a high degree of (I’ll call it) intellectual curiosity as to certain issues.

The SEC’s complaint against Lilly contains an emphatic message to the internal audit community.  Paragraph 46 of the complaint states, in full, as follows.

“[D]espite an understanding that certain emerging markets were most vulnerable to FCPA violations, Lilly’s audit department, based out of Indianapolis, had no procedures specifically designed to assess the FCPA or bribery risks of sales and purchases.  Accordingly, transactions with off-shore entities or with government-affilated entities did not receive specialized or closer review for possible FCPA violations.  In assessing these transactions, the auditors relied upon the standard accounting controls which primarily assured the soundness of the paperwork.  There was little done to assess whether, despite the existence of facially acceptable paperwork, the surrounding circumstances or terms of a transaction suggested the possibility of an FCPA violation or bribery.”

Next up is Eli Lilly in a Foreign Corrupt Practices Act enforcement action announced last week by the SEC.   This post goes long and deep as to the SEC’s allegations which resulted in a $29 million settlement.

In summary, the SEC alleges in a civil complaint (here) as follows.

“Eli Lilly and Company violated the Foreign Corrupt Practices Act in connection with the activities of its subsidiaries in China, Brazil, Poland, and Russia.  Between 2006 and 2009, employees of Lilly’s China subsidiary falsified expense reports in order to provide improper gifts and cash payments to government-employed physicians. In 2007, a pharmaceutical distributor hired by Lilly in Brazil paid bribes to government health officials in a Brazilian state in order to assure sales of a Lilly product to state government institutions. In Poland, between 2000 and 2003, Lilly’s subsidiary made eight payments totaling approximately $39,000 to a small charitable foundation that was founded and administered by the head of one of the regional government health authorities at the same time that the subsidiary was seeking the official’s support for placing Lilly drugs on the government reimbursement list. Finally, Lilly’s subsidiary in Russia paid millions of dollars to off-shore entities for alleged “services” beginning as early as 1994 and continuing through 2005 in order for pharmaceutical distributors and government entities to purchase Lilly’s drugs. In some instances, the off-shore entities appear to have been used to funnel money to government officials or others with influence in the government in order to obtain business for the subsidiary. These off-shore entities rarely provided the contracted-for services. Moreover, between 2005 and 2008, contemporaneous with requests to government officials to support the government’s purchase or reimbursement of Lilly’s products, the subsidiary in Russia made proposals to government officials about how the company could donate to, or otherwise support, various initiatives that were affiliated with, or important to, the government officials.  As a result of this conduct, Lilly violated [the FCPA's internal controls provisions] by failing to have an adequate internal controls system in place to detect and prevent illicit payments.  Lilly violated [the FCPA's books and records provisions] by improperly recording each of those payments in its accounting books and records.  Lilly also violated the [FCPA's anti-bribery provisions] in connection with certain activities of its subsidiary in Russia.”

As indicated by the above paragraph, conduct in Poland, China, and Brazil gave rise to FCPA books and records and internal controls violations only.

Poland

The SEC’s allegations relating to Poland are substantively identical to allegations made against Schering-Plough in this 2004 FCPA enforcement action.

In pertinent part, the SEC alleges in its complaint against Eli Lilly as follows.

“During 2000 through 2003, Lilly’s wholly-owned subsidiary in Poland (“Lilly- Poland”) made eight payments totaling approximately $39,000 to the Chudow Castle Foundation (“Chudow Foundation”), a small charitable foundation in Poland that was founded and administered by the Director of the Silesian Health Fund (“Director”). The Director established the Chudow Foundation in 1995 to restore the Chudow Castle in the town of Chudow and other historic sites in the Silesian region of Poland.

The Silesian Health Fund (“Health Fund”) was one of sixteen regional government health authorities in Poland during the period. Among other things, the Health Fund reimbursed hospitals and healthcare providers for the purchase of certain approved products.  The Health Fund, through the allocation of public money, exercised considerable influence over which pharmaceutical products local hospitals and other healthcare providers in the region purchased.

Beginning in early 2000 and into 2002, Lilly-Poland was in negotiations with the Health Fund over, among other things, the Heath Fund’s financing of the purchase of Gemzar, one of Lilly’s cancer drugs, by public hospitals and other healthcare providers. Those negotiations occurred primarily between a team manager at Lilly-Poland (“Lilly Manager”) and the Director. Continuing at intervals throughout these negotiations, the Director asked that Lilly Poland contribute to the Chudow Foundation. The initial request came directly from the Director and the subsequent requests came from the Chudow Foundation.

The Lilly-Poland Manager knew that the Director had established the Chudow Foundation and that it was a project to which he was devoted and lent much effort. The Manager requested the approval of payments to the Chudow Foundation. The Manager falsely described the first payment as being for the purchase of computers for the Chudow Foundation. The second Lilly-Poland payment request falsely characterized the proposed payment as “[t]o support foundation in its goal to develop activities in [Chudow Castle].” That request documentation also noted that the “value of the request” was “[i]ndirect support of educational efforts of foundation settled by Silesia [Health Fund].” Similarly, the remaining payments were mischaracterized as monies paid by Lilly-Poland to secure the use of the Chudow Castle for conferences after its renovation. No such conferences took place.

Lilly-Poland eventually made a total of eight payments to the Chudow Foundation, starting in June 2000 and ending in January 2003.  [...]  The Manager requested the approval of the payments to the Chudow Foundation with the intent of inducing the Health-Fund Director to allocate public monies to hospitals and other health care providers in the Health Fund for the purpose of purchasing Gemzar.

China

As to China, the SEC alleges, in full, as follows.

“Lilly’s wholly-owned subsidiary through which it does business in China (“Lilly- China”) employs more than one-thousand sales representatives whose main focus is on marketing Lilly products to government-employed health-care providers. During the relevant period, the sales representatives worked from regional offices and traveled throughout the country, interacting with the health-care providers in order to convince them to prescribe Lilly products. The sales representatives were directly supervised by District Sales Managers who, in tum, were supervised by Regional Managers. Sales representatives paid out-of-pocket for their travel expenses and submitted receipts and other documentation to the company for reimbursement.

Between 2006 and 2009, various sales representatives and their supervisors abused the system by submitting, or instructing subordinates to submit, false expense reports. In some instances, Lilly-China personnel used reimbursements from those false reports to purchase gifts and entertainment for government-employed physicians in order to encourage the physicians to look favorably upon Lilly and prescribe Lilly products.

In one sales area, in 2006 and 2007, a District Sales Manager for Lilly’s diabetes products instructed subordinates to submit false expenses reports and provide the reimbursement money to her. She then used the reimbursements to purchase gifts, such as wine, specialty foods and a jade bracelet, for government-employed physicians. At least five sales representatives in the oncology sales group submitted false expense reports and then used those reimbursements to provide meals, visits to bath houses, and card games to government-employed physicians.

Similarly, in three other provinces, three sales representatives submitted false expense reports and then used the reimbursements to provide government-employed physicians with visits to bath houses and karaoke bars. In another city, five sales representatives submitted false reimbursements and then their Regional Manager used the money to provide door prizes and publication fees to government-employed physicians. In another city, seven sales representatives and the District Sales Manager for the diabetes sales team used reimbursements to buy meals and cosmetics for government-employed physicians.

Between 2008 and 2009, members of Lilly-China’s “Access Group,” which was responsible for expanding access to Lilly products in China by, among other things, convincing government officials to list Lilly products on government reimbursement lists, engaged in similar misconduct. At least six members of the sixteen-member Access Group, including two associate access directors, falsified expense reports and used the proceeds to provide gifts and entertainment to government officials in China. The gifts included: spa treatments, meals, and cigarettes.

Although the dollar amount of each gift was generally small, the improper payments were wide-spread throughout the subsidiary. Lilly has terminated, or otherwise disciplined, the various employees who submitted false expense reports and/or used the proceeds to provide gifts and services to government officials.”

Brazil

As to Brazil, the SEC alleges, in full, as follows.

“Between 2007 and 2009, Lilly-Brazil distributed drugs in Brazil through third party distributors who then resold those products to both private and government entities. As a general rule, Lilly-Brazil sold the drugs to the distributors at a discount; the distributors then resold the drugs to the end users at a higher price and took the discount as their compensation.  Lilly-Brazil negotiated the amount of the discount with the distributor based on the distributor’s anticipated sale. The discount to the distributors generally ranged between 6.5% and 15%, with the majority of distributors in Brazil receiving a 10% discount.

In early 2007, at the request of one of Lilly-Brazil’s sales and marketing managers at the time, Lilly-Brazil granted a nationwide pharmaceutical distributor, unusually large discounts of 17% and 19% for two of the distributor’s purchases of a Lilly drug, which the distributor then sold to the government of one of the Brazilian states. Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient. They relied on the representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions. In May 2007, Lilly sold 3,200 milligrams of the drug to the distributor for resale to the Brazilian state; in August 2007, Lilly-Brazil sold 13,500 milligrams of the drug to the distributor for resale to the Brazilian state. Together the sales were valued at approximately $1.2 million.

The distributor used approximately 6% of the purchase price (approximately $70,000) to bribe government officials from the Brazilian state so that the state would purchase the Lilly product. The Lilly-Brazil sales and marketing manager who requested the discount knew about this arrangement.”

Russia

As to Russia, in pertinent part, the SEC complaint alleges as follows.

“From 1994 through 2005, Lilly-Vostok, a wholly-owned subsidiary of Lilly, sold pharmaceutical products either directly to government entities in the former Soviet Union or through various distributors, often selected by the government, who would then resell the products to the government entities. Along with the underlying purchase contract with the government entity or distributor, Lilly-Vostok sometimes entered into another agreement with a third-party selected by a government official or by the government-chosen pharmaceutical distributor. Generally, these third-parties, which had addresses and bank accounts located outside of Russia, were paid a flat fee or a percentage of the sale. These agreements were referred to as “marketing” or “service” agreements.  In total, Lilly-Vostok entered into over 96 such agreements with over 42 third-party entities between 1994 and 2004.

Lilly-Vostok had little information about these third-party entities, beyond their addresses and bank accounts. Rarely did Lilly-Vostok know who owned them or whether the entities were actual businesses that could provide legitimate services. Senior management employees in Lilly-Vostok’s Moscow branch assisted in the negotiation of these agreements. The contracts themselves were derived from a Lilly-Vostok-created template and enumerated various broadly-defined services, such as ensuring “immediate customs clearance” or “immediate delivery” of the products; or assisting Lilly-Vostok in “obtaining payment for the sales transaction,” “the promotion of the products,” and “marketing research.”

Contrary to what was recorded in the company’s books and records, there is little evidence that any services were actually provided under any of these third-party agreements. Indeed, in many instances, the “services” identified in the contract were already being provided by the distributor, a third-party handler (such as an international shipping handler) or Lilly itself. To the extent services such as expedited customs clearance or other services requiring interaction with government officials were provided, Lilly-Vostok did not know or inquire how the third party intended to perform their services.

Contemporaneous documents reflect that Lilly-Vostok employees viewed the payments as necessary to obtain the business from the distributor or government entity, and not as payment for legitimate services.

The SEC also alleges that in 1997 and in 1999 Lilly conducted a business review of Lilly-Vostok.  According to the SEC, the reports raised concerns about Lilly-Vostok’s business practices and the reports “recommended that Lilly-Vostok modify its internal controls to ensure that [certain third-party] services were documented” and to “assure itself that [certain third-party] agreements accurately and fairly reflect the services to be provided.”

However, the SEC alleged as follows.

“Lilly did not curtail the use of marketing agreements by its subsidiary or make any meaningful efforts to ensure that the marketing agreements were not being used as a method to funnel money to government officials, despite recognition that the marketing agreements were being used to “create sales potential” or “to ‘support’ activities leading to agreement-signing” with government entities. In fact, during the 2000-2004 period — after the above-described reports, but prior to the company ending use of the agreements– Lilly-Vostok entered into the three most expensive of these arrangements.”

The three arrangements are as follows.

First, the SEC alleged that in response to a 2002 Russian Ministry of Health tender, the ministry selected a “large Russian pharmaceutical distributor” for which to purchase the products and the distributor in turn negotiated with Lilly-Vostok for the purchase of diabetes products.  According to the SEC, the distributor required Lilly-Vostok, “as a condition of their agreement” to enter into various agreements with an entity incorporated in Cyprus.

According to the SEC.

“Lilly’s due diligence regarding the entity in Cyprus was limited to ordering a Dun and Bradstreet report and conducting a search using an internet service to scan publicly available information. Neither the Dun and Bradstreet report nor the internet search revealed the Cyprus entity’s beneficial owner or anything about its business. Nonetheless, pursuant to the terms of its arrangement with the distributor, Lilly-Vostok paid the entity in Cyprus over $3.8 million in early 2003.

The Cyprus entity was, in fact, owned by the Russian businessman who was the owner of the distributor. There is no evidence of services provided to Lilly-Vostok by the Cyprus entity in consideration for Lilly-Vostok’s $3.8 million in payments. Lilly’s books and records improperly reflected these payments as payments for services.”

Second, the SEC alleges “at least two instances” involving foreign government officials and alleges as follows.

“Between 2000 and 2005, Lilly-Vostok sold significant amounts of pharmaceutical products to a major Russian pharmaceutical distributor for resale to the Russian Ministry of Health. The pharmaceutical distributor was owned and controlled by an individual who, at the beginning of the distributor’s relationship with Lilly-Vostok, was a close adviser to a member of Russia’s Parliament. In 2003, this official became a member of the upper house of Russia’s Parliament. Throughout the period, this official exercised considerable influence over government decisions relating to the pharmaceutical industry in Russia.

As part of most of the sales arrangements with the distributor, the official demanded that Lilly-Vostok enter into separate “marketing” agreements with entities with addresses and bank accounts in Cyprus. Under the arrangement, Lilly-Vostok paid the Cypriot entities up to thirty percent of the sales price of the underlying sales contracts in return for the Cypriot entities entering into an agreement “to offer all assistance necessary” in various areas like storage, importation and payment.

In conjunction with outside counsel, Lilly-Vostok conducted limited due diligence on these third-parties. However, the due diligence did not identify the beneficial owners of these third-parties or determine whether the third-parties were able to provide the contracted-for assistance. Nonetheless, Lilly-Vostok concluded that it could proceed with the transactions and paid the Cypriot entities over $5.2 million. In fact, the Cypriot entities were owned by an individual associated with the distributor controlled by the member of the upper house of Russia Parliament. The Cypriot entity transferred the payments from Lilly-Vostok to other off-shore entities.”

Third, the SEC alleges “in connection another series of contracts, from 2000 through 2004, Lilly-Vostok sold products to a distributor, headquartered in Moscow, which was wholly-owned by a Russian government entity.

The SEC alleged as follows.

 ”The purchase agreements were signed on the government-owned distributor’s behalf by its General Director. As part of the arrangement, the government-owned distributor selected a third-party entity with an address in the British Virgin Islands (“the BVI entity”) with which Lilly-Vostok entered into agreements for the broadly defined “services” enumerated in the Lilly-Vostok template (see above). Under the terms of the agreements between Lilly-Vostok and the BVI entity, Lilly-Vostok was to pay the BVI entity up to 15% of the price of the product purchased by the government-owned distributor. Accordingly, from 2000 through 2005, Lilly-Vostok made approximately 65 payments to the BVI entity totaling approximately $2 million.

There is no evidence that the BVI entity performed any of the services listed in its agreement with Lilly-Vostok. There is also no evidence that Lilly-Vostok performed any due diligence or inquiry as to whether the BVI entity was able or did perform the contracted-for services. Lastly, there is no evidence that Lilly-Vostok performed any due diligence or inquiry into the identity of the beneficial owner of the BVI entity. In fact, the beneficial owner of the BVI entity was the General Director of the government-owned distributor, and he ultimately received the payments from the BVI entity.”

As to these various arrangements, the SEC alleges as follows.  “Lilly did not direct Lilly-Vostok to cease entering into these third-party agreements until 2004. However, Lilly permitted the subsidiary to continue making payments under already existing third-party contracts as late as 2005.”

As to the above Russian conduct, the complaint charges violations of the FCPA’s anti-bribery provisions.  Of note, the complaints specifically pleads as follows regarding knowledge.  “When knowledge of the existence of a particular circumstance is required for an offense, such knowledge is established if a person is aware of a high probability of the existence of such circumstances, unless the person actually believes that the circumstance does not exist.”

The SEC complaint also contains the following allegation.

“From 2005 through 2008, Lilly-Vostok made various proposals to government officials in Russia regarding how Lilly-Vostok could donate to or otherwise support various initiatives that were affiliated with public or private institutions headed by the government officials or otherwise important to the government officials. Examples included their personal participation or the participation of people from their institutions in clinical trials and international and regional conferences and the support of charities and educational events associated with the institutes. At times, these proposals to government officials were made in a communication that also included a request for assistance in getting a product reimbursed or purchased by the government. Generally, Lilly-Vostok personnel believed these proposals were proper because of their relevance to public health issues and many of the proposals were reviewed by counsel. Nonetheless, Lilly-Vostok did not have in place internal controls through which such proposals were vetted to ascertain whether Lilly-Vostok was offering something of value to a government official for a purpose of influencing or inducing him or her to assist Lilly-Vostok in obtaining or retaining business.”

As to Lilly’s books and records, the SEC alleges as follows.

“[S]ubsidiaries of Eli Lilly made numerous payments that were incorrectly described in the company’s books and records. In China, payments were falsely described as reimbursement of expenses when, in fact, the money was used to provide gifts to government-employed physicians. In Brazil, money that was described in company records as a “discount” for a pharmaceutical distributor was, in actuality, a bribe for government officials. In Poland, payments classified as charitable donations were not intended for a genuine charitable purpose but rather to induce a government official to assent to the purchase of a Lilly product. Finally, in Russia, millions of dollars in payments, described in the company’s books and records as for various services, were actually payments to assure that Lilly was able to conduct business with certain pharmaceutical distributors.”

As to Lilly’s internal controls, the SEC alleges as follows.

“During the relevant period, Lilly and its subsidiaries failed to devise and maintain an adequate system of internal accounting sufficient to provide reasonable assurance that the company maintained accountability for its assets and transactions were executed in accordance with management’s authorization. Particularly, Lilly did not adequately verify that intermediaries with which the company was doing government-related business would not provide a benefit to a government official on Lilly’s behalf in order to obtain or retain business. Lilly and its subsidiaries primarily relied on assurances and information provided in the paperwork by these intermediaries or by Lilly personnel rather than engaging in adequate verification and analyzing the surrounding circumstances of the transaction. Lilly and its subsidiaries’ employees considered and offered benefits to government officials at the same time they were asking those government officials to assist with the reimbursement or purchase of Lilly’s products with inadequate safeguards to assure that its employees were not offering items of values to a government official with a purpose to assist Lilly in retaining or obtaining business.

Moreover, despite an understanding that certain emerging markets were most vulnerable to FCPA violations, Lilly’s audit department, based out of Indianapolis, had no procedures specifically designed to assess the FCPA or bribery risks of sales and purchases. Accordingly, transactions with off-shore entities or with government-affiliated entities did not receive specialized or closer review for possible FCPA violations.  In assessing these transactions, the auditors relied upon the standard accounting controls which primarily assured the soundness of the paperwork. There was little done to assess whether, despite the existence of facially acceptable paperwork, the surrounding circumstances or terms of a transaction suggested the possibility of an FCPA violation or bribery.

As to Lilly’s remedial efforts, the SEC complaint states as follows.

“Since the time of the conduct noted in this Complaint, Lilly has made improvements to its global anti-corruption compliance program, including: enhancing anticorruption due diligence requirements for relationships with third parties; implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption; enhancing financial controls and governance; and expanding anti-corruption training throughout the organization.”

As noted in this SEC release,  Lilly, without admitting or denying the allegations, agreed to pay disgorgement of $13,955,196, prejudgment interest of $6,743,538, and a penalty of $8.7 million for a total payment of $29,398,734.  The release also notes that “Lilly also agreed to comply with certain undertakings including the retention of an independent consultant to review and make recommendations about its foreign corruption policies and procedures.”

In Lilly’s release (below) the retention period of the consultant is identified as 60 days and in the SEC’s proposed final judgement, the consultant is identified as FTI Consulting which has been assisting Lilly in connection with a previous Corporate Integrity Agreement.

The case has been assigned to Judge Beryl A. Howell (U.S. District Court, District of Columbia).

William Baker III (Latham & Watkins) represented Lilly.

In the SEC’s release, Kara Novaco Brockmeyer (Chief of the SEC Enforcement Division’s Foreign Corrupt Practices Unit) stated as follows. “Eli Lilly and its subsidiaries possessed a ‘check the box’ mentality when it came to third-party due diligence. Companies can’t simply rely on paper-thin assurances by employees, distributors, or customers. They need to look at the surrounding circumstances of any payment to adequately assess whether it could wind up in a government official’s pocket.”  In the same release, Antonia Chion (Associate Director in the SEC Enforcement Division) stated as follows.  “When a parent company learns tell-tale signs of a bribery scheme involving a subsidiary, it must take immediate action to assure that the FCPA is not being violated.  We strongly caution company officials from averting their eyes from what they do not wish to see.”

This Lilly release quotes Anne Nobles (Lilly’s Chief Ethics and Compliance Officer and Senior VP of Enterprise Risk Management) as follows.  “Lilly requires our employees to act with integrity with all external parties and in accordance with all applicable laws and regulations.  Since ours is a business based on trust, we strive to conduct ourselves in an ethical way that is beyond reproach. We have cooperated with the U.S. government throughout this investigation and have strengthened our internal controls and compliance program globally, including significant investment in our global anti-corruption program.”  The Lilly release further states as follows.  “The SEC noted that since the time of the conduct alleged in its complaint, Lilly has made improvements to its global anti-corruption compliance program, including: enhancing anti-corruption due diligence requirements for relationships with third parties; implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption; enhancing financial controls and governance; and expanding anti-corruption training throughout the organization.”  The release further notes that “Lilly was first notified of the investigation in August 2003″ and describes the independent compliance consultant as conducting a ”60-day review of the company’s internal controls and compliance program related to the FCPA.”

With the enforcement action, the dilution of FCPA enforcement has reached a new level.   The only allegations against Oracle itself is that it failed to audit distributor margins against end user prices and that it failed to audit third party payments made by distributors.  It is common for large multi-national companies to have hundreds, if not thousands, of distributors.  Because of this, audits Oracle was held liable for not conducting are not practical or cost-effective absent red flags suggesting improper conduct. The SEC did not allege any such red flag issues.  In fact, the SEC alleges that Oracle’s Indian subsidiary “concealed” and kept “secret” the conduct from Oracle.  Congress did not intend for the FCPA’s books and records and internal control provisions to be a strict liability statute.  The SEC used to recognize this.  However, it no longer does as once again demonstrated by the Oracle action.

In reading the Oracle action, I was reminded of a 1981 speech by Harold Williams (Chairman of the SEC) regarding the FCPA books and records and internal control provisions.  See here for the prior post.  Williams stated that the provisions are not “independent unrestrained mandate[s] to the Commission to establish novel or unprecedented corporate recordkeeping standards.”  Williams further stated as follows.  “Depending on the circumstances, intentional circumventions of a company’s system of records and of accounting controls by a low-level employee would not always be considered violations of the Act by the issuer. No system of adequate records and controls – no matter how effectively devised or conscientiously applied – could be expected to prevent all mistaken and improper transactions and disposition of assets. Given human nature, regardless of the adequacy of the system, a bookkeeper may still erroneously post entries, an overzealous agent may make unauthorized payments, or an unscrupulous employee may falsify records for his own purposes. The Act recognizes each of these limitations. Neither its text and legislative history nor its purposes suggest that occasional, inadvertent errors were the kind of problem that Congress sought to remedy in passing the Act. No rational federal interest in punishing insignificant mistakes has been articulated. And, the Act’s accounting provisions do not require a company or its senior officials to be the guarantors of all conduct of company employees.”

Back to the SEC’s enforcement action against Oracle.

The SEC complaint (here) states in summary fashion as follows.

“This matter involves violations of the books and records and internal controls provisions of the FCPA by Oracle Corporation.  From 2005 to 2007, certain employees of Oracle’s Indian subsidiary Oracle India Private Limited (“Oracle India”) secretly ‘parked’ a portion of the proceeds from certain sales to the Indian government and put the money to unauthorized use, creating the potential for bribery or embezzlement.  These Oracle India employes structured more than a dozen transactions so that a total of around $2.2 million was held by the Company’s distributors and kept off Oracle India’s corporate books.  The Oracle India employes would then direct its distributor to disburse payments out of the unauthorized side funds to purported local ‘vendors.’  Several of the ‘vendors’ were merely storefronts that did not provide any services.  Oracle failed to accurately record these side funds on the Company’s books and records, and failed to implement or maintain a system of effective internal accounting controls to prevent improper side funds in violation of the FCPA, which requires public companies to keep books and records that accurately reflect their operations.”

Specifically, the SEC complaint states as follows.

“On approximately 14 occasions related to 8 different government contracts between 2005 and 2007, certain Oracle India employees created extra margins between the end user and distributor price and directed the distributors to hold the extra margin in side funds. Oracle India’s employees made these margins large enough to ensure a side fund existed to pay third parties. At the direction of the Oracle India employees, the distributor then made payments out of the side funds to third parties, purportedly for marketing and development expenses. Some of the recipients of these payments were not on Oracle’s approved local vendor list; indeed, some of the third parties did not exist and were merely storefronts.  Because the Oracle India employees concealed the existence of the side fund, Oracle did not properly account for these side funds. These funds constituted prepaid marketing expenses incurred by Oracle India and should have been recorded as an asset and rolled up to Oracle’s corporate books and records. These marketing expenses should then have been reflected in the income statement once they were used. Instead, the parked funds were not reflected on Oracle India’s books and were not properly recorded as prepaid marketing expenses. This incorrect accounting in turn affected Oracle’s books and records.  Between 2005 and 2007, government customers paid Oracle India’s distributors at least $6.7 million on these sales, with Oracle receiving approximately $4.5 million in revenue, resulting in about $2.2 million in funds improperly ‘parked’ with the Company’s distributors.”

The SEC further alleged as follows.

“Oracle lacked the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds.  For example, Oracle knew distributor discounts created a margin of cash from which distributors received payments for their services.  Before 2009, however, the company failed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure.  In addition, although Oracle maintained corporate policies requiring approvals for payment of marketing expenses, Oracle failed to seek transparency in or audit third party payments made by distributors on Oracle India’s behalf.  This control would have enabled Oracle to check that payments wer made to appropriate recipients.”

Based on the above conduct, the SEC charged Oracle with FCPA books and records and internal controls violations.

In the SEC’s release, Marc Fagel (Director of the SEC’s San Francisco Regional Office) stated as follows.  “Through its subsidiary’s use of secret cash cushions, Oracle exposed itself to the risk that these hidden funds would be put to illegal use.  It is important for U.S. companies to proactively establish policies and procedures to minimize the potential for payments to foreign officials or other unauthorized uses of company funds.”  As noted in the release, without admitting or denying the SEC’s allegations, Oracle consented to the entry of a final judgment ordering the company to pay a $2 million penalty and permanently enjoining it from future books and records and internal control violations.  The release further states as follows.  “The settlement takes into account Oracle’s voluntary disclosure of the conduct in India and its cooperation with the SEC’s investigation, as well as remedial measures taken by the company, including firing the employees involved in the misconduct and making significant enhancements to its FCPA compliance program.”

It is typical for the DOJ and SEC to announce FCPA enforcement actions on the same day.  Thus, the absence of a parallel DOJ enforcement action as to the alleged conduct at issue suggests that there will be no DOJ enforcement action, a good result given the SEC’s allegations and for the reasons stated above.

However, it may be premature to conclude that Oracle’s FCPA scrutiny is over.  As noted in this prior post, in September 2011, the Wall Street Journal reported that the DOJ was investigating ”whether Oracle employees or agents acting on the company’s behalf made improper payments in Africa in order to land sales of database and applications software.”

*****

The SEC’s enforcement action against Oracle  is not the first time distributor margin payments have served as the basis of an FCPA enforcement action.  See here for the 2005 enforcement action against InVison, specifically the Thailand allegations.  However, in that action the SEC alleged that the company was aware of the “high probability” that the margin was being used for improper purposes.

What I am talking about is the FCPA’s books and records and internal control provisions.

During Congressional investigation, deliberation and consideration of the foreign corporate payments problem in the mid-1970′s, Congress was surprised to learn that existing corporate record-keeping and internal control provisions were deficient to fully capture the domestic and foreign corporate payments that surfaced.  The following exchange between Senator Proxmire, Roderick Hills (Chairman, SEC) and Stanley Sporkin (Director of Enforcement, SEC) during a 1976 hearing is instructive.

Senator Proxmire:  “[Y]ou stress the fact that … the corporate abuses were accompanied by false or inadequate corporate books and records and that most of the cases involved illegal or improper domestic and foreign payments.  Does such falsification of corporate books and records constitute a violation of SEC’s laws or regulations and do they constitute criminal violations?

Hills:  I can’t say in all cases.

Sporkin:  There is no provision that prohibits just what you stated.

Sporkin:  There is no provision that provides, with respect to the kinds of companies we are talking about, that that could be a violation of law.

Senator Proxmire:  Well, then, it would seem to me that maybe we ought to consider, as the legislative body for our Government, making it a violation of the law.”

Although the SEC wanted no part in enforcing what would become the FCPA’s anti-bribery provisions, the SEC insisted that any legislation directly addressing foreign corporate payments be supplemented by books and records and internal control provisions.  Chairman Hills stated as follows.  “I admit that [the provisions make] for dull reading, but these proposals will provide the teeth to assure that problems of this nature are brought to appropriate levels of corporate management and recorded in a manner that makes it far easier for us to discover them.”

Even with the enforcement agencies aggressive and broad theories regarding the FCPA’s anti-bribery provisions, the provisions nevertheless are (as a matter of law) narrowed by elements such as “foreign official” and “obtain or retain business.”

Not so, with the FCPA’s books and records and internal control provisions.  They are among the most generic substantive legal provisions one can find and state as follows.

Issuers shall –

(A) make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer [the books and records provisions]; and

(B) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that – (i) transactions are executed in accordance with management’s general or specific authorization; (ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets; (iii) access to assets is permitted only in accordance with management’s general or specific authorization; and (iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences [the internal control provisions].”

As evident from these provisions, enforcement actions can result where the conduct at issue is not foreign and in the absence of corruption allegations.

Case in point are two recent FCPA enforcement actions that you likely never heard about because they are what I have called “non-FCPA FCPA enforcement.”

Recently, the U.S. Attorneys Office (E.D.N.Y.) announced (here) a criminal complaint against FalconStor Software, Inc. alleging that the company conspired to pay more than $300,000 in bribes to executives of J.P. Morgan Chase Bank, N.A.  to obtain over $12 million in electronic storage licencing contracts. FalconStor was also charged with conspiring to falsify its corporate books and records to cover up the bribery scheme.  According to the DOJ, “the bribes, including the grants of the stock options and restricted shares, were recognized in FalconStor’s books and records, but were falsely recorded as “compensation to an advisor” or as “employment bonuses.”   The SEC also brought an action against FalconStar (see here) charging, among other things, violations of the FCPA’s books and records and internal control provisions.  In its complaint (here) the SEC alleged, among other things, that the grants of restricted stock and options to various recipients in the bribe scheme were inaccurately characterized on the company’s books and records as consultant or advisor payments for bona fide services, when in fact no bona fide services were provided.  The SEC also alleged that several of the expenses were disguised as compensation expenses on the company’s books and records and that other expenses of many of the bribes were reflected on books and records as sales promotion expenses and entertainment expenses.

Another instance of a recent FCPA enforcement action you likely heard little about was against Gold Standard Mining Corp. and certain of its executives.  As noted in this SEC release, the SEC alleged that, between 2009 and 2011, Gold Standard filed numerous reports about its purported Russian gold mining operations that were materially false and misleading in various respects.   Among other things, Gold Standard represented that it had acquired a Russian gold mining company known as Ross Zoloto Co., Ltd. (“Ross Zoloto”), but did not inform investors that it had agreed to allow the prior owner of Ross Zoloto to keep profits from existing operations or of issues surrounding Russian government registration or approval of the business combination.  Among other things, in the complaint (here) SEC alleged as follows.  “Gold Standard failed to devise and maintain a system of internal accounting controls. For example, Gold Standard did not have a means to verify the amount of gold produced; it did not have a means to determine the costs of producing the gold that was sold; it did not maintain records of inventory; it did not have independent access to Ross Zoloto’s bank statements and transactions; and it did not have a method for accessing the Russian accounting system used by Ross Zoloto or to close the books quarterly and create trial balances. It did not have copies of accounting policies or methods used to create the Russian accounting records to enable any U.S. accountants it retained to be able to convert the Russian accounting records accurately into financial statements in conformance with GAAP.   As the chief executive officer of Gold Standard, Zachos knowingly or recklessly failed to implement a system of internal controls at Gold Standard…”.

Such instances of non-FCPA FCPA enforcement actions as noted above (and numerous other examples could be cited as well) raise the question – do companies view the FCPA books and records and internal control provisions holistically or through the narrow window of foreign operations and anti-bribery risk assessment?  Do companies with a low FCPA bribery risk profile nevertheless provide training and adequate compliance resources to purely domestic FCPA books and records and internal control issues?  If not, why not?  Is too much focus in the FCPA space devoted to foreign corrupt practices and not enough focus on the more generic books and records and internal control provisions?

After all, the FCPA is a law much broader than its name suggests.

I was pleased to participate along with John Buretta (Deputy Assistant Attorney General,  Criminal Division, Department of Justice);  Charles Cain (Deputy Chief, FCPA Unit, Securities and Exchange  Commission); France Chain (Senior Legal Analyst,  Anti-Corruption Division, OECD);  Stanley Sporkin; and Eric Bruce (Partner,  Kobre & Kim  LLP).  The program was moderated by Thomas Gorman (Partner,  Dorsey & Whitney LLP) and Frank Razzano (Partner,  Pepper Hamilton LLP).

An audio version of the 90 minute program can be downloaded here.  Below is a breakdown of topics discussed along with the approximate minute mark(s) of the discussion.

4 – 11 minutes – Eric Bruce (defense counsel in the Africa Sting case) provides an inside view of the case.

11 – 13 minutes – discussion of 78dd-3 jurisdictional issues, including in the Africa Sting case

13 – 19  minutes – discussion of various issues including corporate FCPA resolutions, whether the DOJ is more of a regulator than prosecutor in FCPA cases, and the DOJ’s view of the Africa Sting cases including whether it learned anything from the cases

19 – 24 minutes –  Stanley Sporkin weighs in as to the origins of the FCPA’s books and records and internal control provisions, says that the DOJ was hunting in the wrong place in the Africa Sting cases and says that FCPA enforcement needs to get back to the basics of “blocking and tackling”

25 – 30 minutes – discussion of the “foreign official” issue in which the DOJ says that “no one really conveys that they are confused” about what “foreign official” means

30 – 38 minutes – discussion of facilitation payments and whether the enforcement agencies have ignored this statutory exemption

38 – 41 minutes – I raise the question of whether the FCPA has morphed into an all-purpose corporate ethics or governance statute and discussion regarding what is the best way to expand the FCPA – through charging decisions or through Congressional action

42 – 50 minutes – discussion of compliance issues and how best to reward corporate compliance as well as the recent Garth Peterson / Morgan Stanley case in which I pose to the DOJ and the SEC the question of whether the outcome would have been any different if the FCPA had a formal compliance defense

50 – 55 minutes – discussion of miscellaneous issues including transparency in enforcement, cooperation issues and self-reporting

55 – 67 minutes – further discussion of compliance issues, including whether a compliance defense would be a “race to the bottom” or a “race to the top,” whether there is a Washington D.C. beltway view on FCPA compliance, and whether the increase in FCPA enforcement is doing anything to properly incentivize business conduct

67 – 71 minutes – discussion of whether there is any practical difference in the corporate liability standards in the U.K. Bribery Act and the FCPA

72 – 76 minutes – further discussion of the Africa Sting cases

77 – 79, 83 – 86 minutes – DOJ responds to a question regarding FCPA guidance, including timing and specifics

80 – 83 minutes – discussion as to whether it is acceptable not to self-report if the company otherwise implements a variety of internal remedial measures

87 – 89 – once again the issue of whether the DOJ has learned anything from the Africa Sting cases

*****

If you are aware of other FCPA video or audio programs and would like to provide a similar annotation as to issues, please consider this an open invitation to do a guest post as many could benefit.

A quick glance at the FCPA books and records and internal controls word cloud demonstrates that the term “reasonable” is the most prominent term in these provisions.  Yet, reviewing SEC FCPA enforcement actions you would hardly know as the agency seems to have, in many cases, converted the books and records and internal control provisions into strict liability provisions.  See here for a prior post and for an extended discussion see here - ”The Facade of FCPA Enforcement” (pages 976-981).  Common verbiage in SEC FCPA enforcement actions includes generic statements that the parent company issuer failed to implement effective internal controls or that problematic payments in distant subsidiary books and records were consolidated with the issuer’s for purposes of financial reporting and that therefore the parent company issuer is liability.

The dominance of “reasonable’ in the FCPA books and records and internal control provisions, as demonstrated by the word cloud, is a good opportunity to revisit this prior post which details comments by Harold Williams (Chairman of the SEC) in 1981 as to the then infant FCPA.  Terming his statements as official Commission policy, Williams stated as follows.

“The Act does not mandate any particular kind of internal controls system. The test is whether a system, taken as a whole, reasonably meets the statute’s  specified objectives. ‘Reasonableness,’ a familiar legal concept, depends on an  evaluation of all the facts and circumstances.”  [...] “Private sector decisions implementing these statutory objectives are business decisions. And,  reasonable business decisions should be afforded deference. This means that the  issuer need not always select the best or the most effective control measure.  However, the one selected must be reasonable under all the circumstances.”

As to the “degree of exactitude” Williams stated as follows. “I turn first to the question of whether the Act’s text or purpose mandates that business records and controls conform to a standard of absolute exactitude or that a company’s control system meet some absolute ideal. The answer is ‘no.’ Both of the Act’s accounting provisions, it should be noted are modified by the key term ‘reasonable.’ […] In essence, therefore, the Act does provide a de minimus exemption, though not in absolute quantitative terms.”  Williams further stated as follows. “Reasonableness, as a standard, allows flexibility in responding to particular facts and circumstances. Inherent in this concept is a toleration of deviations from the absolute. One measure of the reasonableness of a system relates to whether the expected benefits from improving it would be significantly greater than the anticipated costs of doing so. Thousands of dollars ordinarily should not be spent conserving hundreds. Further, not every procedure which may be individually cost-justifiable need be implemented; the Act allows a range of reasonable judgments.”

In a sign of just how much FCPA enforcement has changed, Williams stated as follows in his speech. “If a violation was committed by a low level employee, without the knowledge of top management, with an adequate system of internal control, and with appropriate corrective action taken by the issuer, we do not believe that any action against the company would be called for.”

In another sign of just how much FCPA enforcement has changed, William stated as follows. “… [D]epending on the
circumstances, intentional circumventions of a company’s system of records and of accounting controls by a low-level employee would not always be considered violations of the Act by the issuer. No system of adequate records and controls – no matter how effectively devised or conscientiously applied – could be expected to prevent all mistaken and improper transactions and disposition of assets. Given human nature, regardless of the adequacy of the system, a bookkeeper may still erroneously post entries, an overzealous agent may make unauthorized payments, or an unscrupulous employee may falsify records for his own purposes. The Act recognizes each of these limitations. Neither its text and legislative history nor its purposes suggest that occasional, inadvertent errors were the kind of problem that Congress sought to remedy in passing the Act. No rational federal interest in punishing insignificant mistakes has been articulated. And, the Act’s accounting provisions do not require a company or its senior officials to be the guarantors of all conduct of company employees.”

In concluding this portion of his speech, Williams stated as follows. “The test of a company’s internal control system is not whether occasional failings can occur. Those will happen in the most ideally managed company. But, an adequate system of internal controls means that, when such breaches do arise, they will be isolated rather than systemic, and they will be subject to a reasonable likelihood of being uncovered in a timely manner and then remedied promptly. Barring, of course, the participation or complicity of senior company officials in the deed, when discovery and correction expeditiously follow, no failing in the company’s internal accounting system would have existed. To the contrary, routine discovery and correction would evidence its effectiveness.”

As to the SEC’s enforcement policy, Williams concluded his remarks as follows. “The genius – and challenge – of [the FCPA’s accounting provisions] , it should be remembered, is their reliance on private sector decisionmaking – rather than specific federal edicts – to address an area of public concern. The Act’s eventual success or failure will, therefore, depend primarily upon business’s response. The Commission’s obligation, in turn, is to provide a regulatory environment in which the private sector can address these issues meaningfully and creatively. In this regard, we must encourage public companies to develop innovative records and control systems, to modify and improve them as circumstances change, and to correct recordkeeping errors when they occur without a chilling fear of penalty or inference that a violation of the Act is involved.”

The above comments by Williams are even more significant when one considers that the FCPA Williams was speaking about in 1981 did not contain the good faith compliance provisions added to the FCPA’s books and records and internal control provisions in 1988.

Those provisions currently state as follows.

“Where an issuer [...] holds 50 per centum or less of the voting power with respect to a domestic or foreign firm, the [FCPA's books and records and internal control provisions] require only that the issuer proceed in good faith to use its influence, to the extent reasonable under the issuer’s circumstances, to cause such domestic or foreign firm to devise and maintain a system of internal accounting controls consistent with [the provisions]. Such circumstances include the relative degree of the issuer’s ownership of the domestic or foreign firm and the laws and practices governing the business operations of the country in which such firm is located. An issuer which demonstrates good faith efforts to use such influence shall be conclusively presumed to have complied with the requirements of [the provisions].

In short, the FCPA’s books and records and internal control provisions focus on reasonable.  Are the SEC’s enforcement theories as to these provisions reasonable?

Chairman Schapiro begins as follows.  “Contuined strong enforcement of the FCPA sends the message that American companies operating abroad will not pay bribes as a ‘cost of doing business.’  The deterrence message of the Commission’s FCPA enforcement program incentivizes companies to self-assess and update their compliance and internal controls – all of which benefits companies’ operations overall and provides greater transparency to investors.  While I certainly appreciate and share your concerns about the costs of FCPA compliance in certain circumstances, I believe that the risks to investors and costs to companies posed by outdated or weak FCPA compliance measures are equally significant.”

Compliance Defense?

As to a potential FCPA compliance defense, Chairman Schapiro began by stating a common enforcement agency response … we already consider compliance.   She stated as follows.  “The Commission, in deciding whether to approve the filing of an FCPA enforcement action against a public company, already considers as one mitigating factor whether the company’s compliance program was reasonably designed and operated in a manner to detect and prevent FCPA violations.”  “Similarly,” Chairman Schapiro stated, “companies facing FCPA inquiries can obtain credit for cooperation under the Commission’s new Cooperative Initiative, in which cooperation is defined to include, among other factors, having reasonable internal controls and compliance measures.”    Given the above, Chairman Schapiro states that “it seems unnecessary – and even counterproductive – to recognize a formal affirmative defense for having such a program, given that there are at least three significant costs associated with such a defense.”

Chairman Schapiro then identifies the following three issues.

“First, the reasonableness of a compliance program is best measured not by how it exists on paper, but by how it operates in practice.  Consequently, the ease with which an employee was able to circumvent anti-corruption controls is some evidence – not sufficient evidence, but some evidence – that internal controls were insufficient.  The Commission would not want to be foreclosed from bringing FCPA charges under those circumstances, since holding companies accountable for weak internal controls incentivizes companies to create a robust FCPA compliance environment.”

“Second, providing an affirmative defense for reasonably designed compliance programs could allow companies to retain ill-gotten gains.  A company could engage in bribery or other corrupt behavior, obtain a benefit from such conduct (i.e. securing lucrative contracts), and yet not disgorge its ill-gotten gains.  Enabling companies to retain proceeds generated from the payment of bribes would disincentivize those companies from adopting rigorous anti-corruption programs.”

“Third, sanctioning corrupt behavior sends a strong message of general deterrence to all similarly situated companies that there is a high financial and reputational cost to be paid if they bribe foreign officials.  There is often no substitute for the deterrent impact of financial and reputational sanctions, which prevent improper behavior from becoming ingrained as just another ‘cost of doing business.’  That deterrence message likely would be diluted if such an affirmative defense was adopted.”

“Foreign Official”?

According to Chairman Schapiro, the FCPA “sufficiently defines the term foreign official.”  She stated as follows.  “Given the various forms of government found around the world, it would be impractical to articulate each of the myriad of ways that one could use to identify a foreign official in particular countries or cultures.  In addition, Commission and Department of Justice enforcement actions also provide guidance on the meaning of ‘foreign official’ in various contexts.  Finally, companies with a strong compliance culture have policies prohibiting all bribery in order to send a clear corporate message that such practices are not condoned.”

SEC Guidance?

“Both the Commission and the Department of Justice have numerous mechanisms for providing guidance on FCPA matters.  Perhaps the most important guidance comes from the enforcement actions that are brought by the Commission and the Department of Justice.  The Commission uses it pleadings and accompanying public news releases to highlight and reinforce the key elements of each case.  Additionally, senior staff in the Division of Enforcement speak regularly at industry conferences and provide guidance on the FCPA program. ”

For a prior post on “prosecutorial common law” – see here.

As relevant to Chairman Schapiro’s ”guidance” response, readers may be interested in my “Facade of FCPA Enforcement” article  (here) in which I discuss  the frequency in which FCPA enforcement actions are resolved based on uninformative, bare-bones statements of facts or allegations or conclusory legal statements; the increasing trend of FCPA enforcement actions resolved based on untested and dubious legal theories, as well as enforcement theories seemingly in direct conflict with FCPA’s statutory provisions; and the opaque nature of FCPA enforcement and how similar enforcement actions, based on the government’s own allegations, are resolved with materially different charges and penalties.

In short, the notion that settled SEC civil complaints or administrative orders (or now SEC NPAs or DPAs or DOJ NPAs or DPAs for that matter) provide meaningful guidance or should serve as FCPA caselaw is absurd.  In my Facade article, I detail cases in which the SEC admits that the terms of an SEC settlement “do not necessarily reflect the triumph of one party’s position over the other.”  I also highlight statements from former SEC Commissioner and current Standford law professor Joseph Grundfest that, among other things, SEC complaints “typically omit mention of valid defenses and of countervailing facts or mitigating circumstances …”.  In the words of Professor Grundfest, the “natural result” of settling an SEC enforcement action “is a one-sided record in which the Commission asserts its version of the facts and the law, and the settling defendants commit not to challenge that rendition.” 

On the same general topic, albeit in the DOJ FCPA context, see this recent piece from Michael Volkov ”The FCPA & Voluntary Disclosure An Engimatic Threat to Due Process” (“the Justice Department has started to cite as precedent its own decisions respecting the outer reaches of the law”).

Strict Parent Company Liability for Foreign Subsidiary Actions?

Chairman Schapiro’s response states in full as follows.  “A U.S. parent company may be liable under the FCPA for bribes paid by its foreign subsidiary in certain circumstances, such as where the parent company had knowledge of the foreign subsidiary’s bribery or where the subsidiary acted as the parent’s agent.  ‘Knowledge’ under the FCPA’s anti-bribery provisions encompasses actual knowledge, conscious disregard of, or willful blindness to the subsidiary’s illicit activities.  In addition, under agency law, an agent’s knowledge can be imputed to the principal (parent).  Accordingly, in the absence of the requisite evidence, the Commission does not charge a U.S. parent company with a violation of the FCPA’s anti-bribery provisions in connection with the foreign subsidiary’s actions.  In addition, the Commission may, based on its analysis of the particular facts and circumstances of some cases, charge the foreign subsidiary directly with violation of the FCPA’s anti-bribery provisions while separately charging the parent company with violations of the books and records and internal control provisions of the FCPA.  This is because the public company parent typically is responsible for the accuracy of the books and records of its overall operations, including those of its controlled foreign subsidiaries.  While the FCPA’s books and records and internal controls provisions do not contain a ‘knowledge’ requirement, the Commission exercises its discretion and flexibility in charging these provisions.”

For previous posts on the issue of strict liability see here and here.

Double-Dip Penalties?

Chairman Schapiro stated as follows. “The Commission and Department of Justice do not obtain duplicative penalties in FCPA cases.  Typically, the Commission will obtain monetary sanctions in the form of disgorgement (ill-gotten gains) while the Department of Justice obtains monetary sanctions in the form of penalties.  In those rare cases where both the Commission and the Department of Justice obtain penalties, the total penalty assessed against the company is no greater than it would be if either the Commission or DOJ alone obtained the penalty.”

However, DOJ penalties are calculated by reference to the advisory U.S. Sentencing Guidelines where an important factor in determining the ultimate penalty amount is value of the benefit received by the company from the conduct at issue.  

*****

For your viewing pleasure here - an October 5th rountable program sponsored by the Heritage Foundation on corruption, economic growth, and freedom.

For the calendars of Indianapolis area readers see here.  A luncheon address - “Compliance in a New Era of FCPA Enforcement” I am giving next Tuesday (Oct. 11th) to the World Trade Club of Indiana.   The event, sponsored by Butler University College of Business, begins at 11:30 at the downtown law offices of Baker & Daniels.

Sporkin has been talking about FCPA reform for years – long before the U.S. Chamber released its FCPA reform proposals in October 2010.

Thanks to a reader, we can all read some of Sporkin’s early FCPA reform speeches.

In a 2004 speech (here), Sporkin spoke of the SEC stumbling upon the foreign payments issue in connection with its Watergate-related investigations.  The FCPA was not a singular outgrowth of Watergate -  Congress was already actively investigating allegations of overseas bribery and corruption separate and apart from the Watergate scandal – yet Watergate is nevertheless relevant to the FCPA’s origins.  In his speech, Sporkin also talks about the relationship between the FCPA and Sarbanes-Oxley Section 404 (a hot-button issue in 2004 when Sporkin delivered the speech).  As to “Next Steps,” Sporkin stated as follows.  “[W]e need more than Congress passing new statute, and the SEC requiring strict compliance with existing legislation.  We need a comprehensive assault on the problem.  This means we need the assistance of our government and indeed all the countries of the world along with the world business community, to provide a climate which enables our corporations to compete honestly and fairly throughout the world.  There is a way to fix this problem if there is a will to do so.”  Among other things, Sporkin proposed – no doubt in recognition that most FCPA issues arise from use of foreign agents –  the “establishment of a country-by-country list of agents that have been properly vetted and have agreed to be examined and audited by an independent international auditing group.”

In 2006, Sporkin returned to the podium (see here) as the FCPA neared its 30th year.  He stated as follows.  “What I envisioned when the law was enacted was a new corporate regime where bribery of foreign officials would be almost completely extinguished at least as it pertained to major U.S. corporations.  As all of us here have observed, the wild-eyed-do-gooder predictions never occurred.  Instead statistics indicate that bribery of foreign officials has maintained a steady pace over the years.”  [Counterpoint - perhaps bribery of foreign officials, as envisioned by Congress and indeed Sporkin's SEC, has largely been extinguished, but the issue (in 2006 and still today) is that the goalposts have been moved ... and not by Congress].

In his 2006 speech, Sporkin did not advocate the FCPA’s repeal, but he did “think the Department of Justice and the SEC can do something forward-looking which would be win-win for both the government and the private sector.”  He called it the “FCPA Immunization-Inoculation Program.”  Sporkin stated that the “quasi-amnesty program” would consist of the following:  (i) “agreement by participating firms to conduct a full and complete review [conducted jointly by a major accounting firm or specialized forensic accounting firm and a law firm]  of the company’s compliance with the FCPA for the previous 3 years; (ii) the company would agree “to disclose the results of the legal-accounting audit to the SEC, its investors, and the public; (iii) “if any violations turned up in the process of the audit, the participating [company] would agree to take all steps to eliminate the problems and implement the appropriate controls to prevent further violations; (iv) participating companies “would agree to subject themselves to a similar audit on an annual basis for at least 5 years to ensure that compliance was being maintained; (v) participating companies “would be required to create the position of FCPA compliance officer, whose sole responsibility would be to ensure the company’s compliance with the FCPA” and make an annual certification; and (vi) “in exchange … the SEC and DOJ would give qualified assurances that no actions would be brought for violations exposed by the review.”  As envisioned by Sporkin, the “limited amnesty would not apply if violations rose to flagrant or egregious level.”

According to Sporkin, the “immunization-inoculation program would serve the dual purpose of: (1) creating suitable incentives to compliance-minded companies to adopt and maintain high ethical standards in the conduct of their business; and (2) reducing the case load and investigative burden of governmental agencies that enforce the FCPA while reassuring regulators that companies are taking active steps to limit corruption in their foreign contracting and other activities.”  Sporkin conceded that “some adjustments may be necessary” but he believed that his proposal “would provide the right-thinking corporate community with the necessary assurances that it needs to develop a vibrant overseas business without having to defend itself against very costly and time consuming investigations.”

At the November 2010 Senate FCPA hearing, FCPA practitioner Michael Volkov (here) resurrected Sporkin’s proposal – see here for Volkov’s prepared statement.  [By the way, for those of you looking for the complete transcript of that hearing, along with the prepared statements, and post-hearing Q&A's - see here].

While Sporkin’s FCPA reform proposals are, in certain ways, different from many of the proposed FCPA amendments being discussed at the moment, the point of this post – other than to highlight Sporkin’s reform proposals, is to demonstrate that the screams of some – that FCPA reform is solely a Chamber issue or somehow akin to waving the white flag of surrender to corporate bribery - are off-base.

What various FCPA reform proposals through the years have in common is experienced and knowledgeable individuals (including many former DOJ and SEC enforcement attorneys who helped shape the FCPA and FCPA enforcement) sharing a belief that the current ad hoc, inconsistent, arbitrary, and largely opaque enforcement only climate is in need of reform.

Yet, the FCPA is also enforced by the SEC.

As a civil enforcement agency only, the SEC’s stick is less sharp the DOJ’s. Nevertheless, the SEC’s FCPA enforcement positions on issues such as “foreign official” and “obtain or retain business” are seemingly identical to the DOJ’s.

Moreover, certain of the SEC’s enforcement theories as to the FCPA’s books and records and internal control provisions are subject to controversy. As I highlighted in “The Facade of FCPA Enforcement” (here at pgs. 976-984), with increasing frequency, the SEC has charged FCPA books and records and internal control violations based on untested and dubious legal theories, as well as theories seemingly in direct conflict with the FCPA’s statutory provisions.

For instance, the SEC routinely charges parent companies with FCPA books and records and internal control violations based solely on the conduct of indirect subsidiaries or affiliates in the absence of any allegation that the parent company participated in, or had knowledge of, the conduct at issue – even though the FCPA specifically states that issuers that demonstrate good faith efforts to cause indirect subsidiaries and affiliates to devise and maintain effective internal controls “shall be conclusively presumed to have complied with” the FCPA’s applicable requirements.

The SEC’s FCPA enforcement theories and policies are now being questioned. See here for the June 30th letter from Senator Mike Crapo (R-ID) to SEC Chairman Mary Schapiro.

The letter begins with Senator Crapo stating that “Congress and the agencies that enforce the FCPA must work together to ensure that the statute’s goals are being met without perverting the risk and reward calculus U.S. firms face when considering overseas business opportunities that would support domestic job growth.”

In the letter, Senator Crapo says he is “concerned by the recent Congressional testimony about the increased compliance costs for businesses operating in good faith to abide by the FCPA’s strictures and the deterrence of U.S. firms’ entry into, or expansion of, overseas operations.”

Senator Crapo then asks Chairman Schapiro for answers to the following questions.

1. Should the FCPA be amended to provide an affirmative defense, which may be raised where violations resulted from the conduct of individual employees or agents who circumvented compliance measures that were reasonably designed to identify and prevent such violations?

2. Does the Commission believe that regulations or guidance explaning factors it considers when determining whether an entity’s officers or employees are “foreign officials” would be helpful to U.S. firms? Would the Commission support legislation that more clearly defines the term “foreign official” under the FCPA?

3. What are the mechanisms by which the Commission could or does provide guidance on FCPA related matters?

4. Is it the Commission’s policy to hold firms strictly liable for foreign subsidiaries’ actions in violation of the FCPA?

5. Under what circumstances, if any, is it appropriate for both the Commission and the Department to seek the recovery of penalties from the same entity for the same conduct?

Prior to responding to Senator Crapo’s letter, Chairman Schapiro and others at the SEC’s FCPA Unit would be well served by reviewing a 1981 speech by then Chairman of the SEC – Harold Williams – on the FCPA’s books and records and internal control provisions.

To best understand (and place in context) current SEC FCPA enforcement positions and policies, it is useful to understand past SEC FCPA enforcement positions and policies. Statements made by the SEC Chairman in 1981 bear little resemblence to the SEC’s current enforcement of the FCPA’s books and records and internal control provisions.

*****

The year was 1981, the event was the American Institute of Certified Public Accountants, and the speaker was Harold Williams, the Chairman of the SEC. Williams focused his remarks (here) “solely to one major auditing development of recent years: the accounting provisions of the Foreign Corrupt Practices Act of 1977.”

Williams began has remarks as follows. “When viewed from an abstract perspective, the Act’s accounting provisions seem merely to codify a basic and uncontroversial management principle: no enterprise of any size can operate successfully without maintaining effective controls over its transactions and the disposition of its assets. Perhaps in part because these provisions were considered truisms, the Act was passed without Congressional dissent. However, practical experience with new legislation – even a law thought to be noncontroversial – often will reveal unanticipated problems. Newly enacted standards, for example, may be subject to differing constructions or raise compliance difficulties and ambiguities unforeseen by their draftsmen. And, until these problems are resolved by an agency, the courts or the Congress, those who are subject to these laws are often faced, unfortunately, with some disquieting circumstances. The anxieties created by the Foreign Corrupt Practices Act – among men and women of utmost good faith – have been, in my experience without equal.”

Williams noted that “such uncertainty can have a debilitating effect on the activities of those who seek to comply with the law. My sense is that, as a consequence, many businesses have been very cautious – sometimes overly so – in assuring at least technical compliance with the Act. And, therefore, business resources may have been diverted from more productive uses to overly-burdensome compliance systems which extend beyond the requirements of sound management or the policies embodied in the Act. The public, of course, is not well served by such reactions.”

Unlike many SEC speeches that contain the usual – this is only my personal opinion disclaimer – Williams specifically noted that he “conferred” with his “colleagues before presenting these remarks, and they have authorized me to advise you that these remarks constitute a statement of the Commission’s policy.”

As to the FCPA’s books and records provisions, Williams stated as follows. “This provision is intimately related to the requirement for a system of internal accounting controls, and we believe that records which are not relevant to accomplishing the objectives specified in the statute for the system of internal controls are not within the purview of the recordkeeping provision. […] nor could a company be enjoined for a falsification of which its management, broadly defined, was not aware and reasonably should not have known.”

As to the FCPA’s internal control provisions, Williams stated as follows. “The Act does not mandate any particular kind of internal controls system. The test is whether a system, taken as a whole, reasonably meets the statute’s specified objectives. ‘Reasonableness,’ a familiar legal concept, depends on an evaluation of all the facts and circumstances.”

Under the heading “deference” Williams stated as follows. “Private sector decisions implementing these statutory objectives are business decisions. And, reasonable business decisions should be afforded deference. This means that the issuer need not always select the best or the most effective control measure. However, the one selected must be reasonable under all the circumstances.”

Under the heading “state of mind” Williams stated as follows. “The accounting provisions principal objective is to reaching knowing or reckless conduct.”

As to the “purposes of the Act,” Williams provided a brief review of the “events which led to the [FCPA].” He stated as follows. “Clearly, Congress went further than determining whether the payments which gave the new law its name were ethically and commercially justifiable. It also chose to consider the corporate accounting and control deficiencies which had been breeding grounds for these practices. And, by doing so, it addressed the far more serious issues raised by these disclosures. […] These payments and falsifications were not only previously unknown to public investors and independent auditors, but many were also unknown to the payor’s board and, in numerous examples, even to its senior management. In some of these instances, internal controls existed, but they were shown to be ineffective or easily subverted. Unauthorized payments and related falsifications of corporate records seemed to evidence – indeed, were fostered by – a lack of adequate accounting records and controls. Consequently, in the legislation which ultimately emerged from Congress, prohibiting questionable payments and mandating control and recordkeeping were inexorably interconnected.”

Williams stated as follows. “The primary thrust of the Act’s accounting provisions, in short, was to require those public companies which lacked effective internal controls or tolerated unreliable recordkeeping to comply with the standards of their better managed peers. That is the context in which these provisions should be construed.”

Williams then addressed “four of the most important” interpretative questions concerning the then-young FCPA: “first, the degree of exactitude in recordkeeping mandated by the Act; second, the deference it affords business decisions concerning internal controls; third, whether a particular state of mind is necessary for a violation to exist; and finally, liability for compliance by subsidiaries.”

As to the “degree of exactitude” Williams stated as follows. “I turn first to the question of whether the Act’s text or purpose mandates that business records and controls conform to a standard of absolute exactitude or that a company’s control system meet some absolute ideal. The answer is ‘no.’ Both of the Act’s accounting provisions, it should be noted are modified by the key term ‘reasonable.’ […] In essence, therefore, the Act does provide a de minimus exemption, though not in absolute quantitative terms.”

Williams noted that Congress specifically declined to adopt a materiality test and stated that “internal accounting controls are not only concerned with misconduct that is material to investors, but also with a great deal of misconduct which is not.” He noted that while materiality is “appropriate as a threshold standard to determine the necessity for disclosure to investors, [it] is totally inadequate as a standard for an internal control system.”

Williams stated that “procedures designed only to uncover deficiencies in amounts material for financial statement purposes would be useless for internal control purposes” and noted that “systems which tolerated omissions or errors of many thousands or even millions of dollars would not represent, by any accepted standard, adequate records and controls.” Indeed, Williams noted that many of the “questionable payments that alarmed the public and caused Congress to act” […] were in most instance of far lesser magnitude than that which would constitute financial statement materiality.”

“Reasonableness, rather than materiality, is the appropriate test,” Williams stated. He noted as follows. “Reasonableness, as a standard, allows flexibility in responding to particular facts and circumstances. Inherent in this concept is a toleration of deviations from the absolute. One measure of the reasonableness of a system relates to whether the expected benefits from improving it would be significantly greater than the anticipated costs of doing so. Thousands of dollars ordinarily should not be spent conserving hundreds. Further, not every procedure which may be individually cost-justifiable need be implemented; the Act allows a range of reasonable judgments.”

As to the “specific recordkeeping requirement” in the FCPA, Williams stated as follows. “… [T]his provision is not an independent unrestrained mandate to the Commission to establish novel or unprecedented corporate recordkeeping standards; it is, rather, an integral part of Congress’ efforts to assure that the business community records transactions and assets in such a way as to maintain adequate control over them. And this leads to two important conclusions: First, the Act does not establish any absolute standard of exactitude for corporate records. And, second, records which are not related to internal or external audits or to the four internal control objectives set forth in the Act are not within the purview of the Act’s accounting provisions.”

As to “deference” with respect to “issuer liability for recordkeeping violations” Williams stated that the SEC “will look to the adequacy of the internal control system of the issuer, the involvement of top management in the violation, and the corrective actions taken once the violation was uncovered.”

In a sign of just how much FCPA enforcement has changed, Williams then stated as follows. “If a violation was committed by a low level employee, without the knowledge of top management, with an adequate system of internal control, and with appropriate corrective action taken by the issuer, we do not believe that any action against the company would be called for.”

Williams next turned to the “state of mind needed to violate the Act’s accounting provisions.” He reiterated that the “Act’s principal purpose is to reach knowing or reckless misconduct.”

In another sign of just how much FCPA enforcement has changed, William stated as follows. “… [D]epending on the circumstances, intentional circumventions of a company’s system of records and of accounting controls by a low-level employee would not always be considered violations of the Act by the issuer. No system of adequate records and controls – no matter how effectively devised or conscientiously applied – could be expected to prevent all mistaken and improper transactions and disposition of assets. Given human nature, regardless of the adequacy of the system, a bookkeeper may still erroneously post entries, an overzealous agent may make unauthorized payments, or an unscrupulous employee may falsify records for his own purposes. The Act recognizes each of these limitations. Neither its text and legislative history nor its purposes suggest that occasional, inadvertent errors were the kind of problem that Congress sought to remedy in passing the Act. No rational federal interest in punishing insignificant mistakes has been articulated. And, the Act’s accounting provisions do not require a company or its senior officials to be the guarantors of all conduct of company employees.”

In concluding this portion of his speech, Williams stated as follows. “The test of a company’s internal control system is not whether occasional failings can occur. Those will happen in the most ideally managed company. But, an adequate system of internal controls means that, when such breaches do arise, they will be isolated rather than systemic, and they will be subject to a reasonable likelihood of being uncovered in a timely manner and then remedied promptly. Barring, of course, the participation or complicity of senior company officials in the deed, when discovery and correction expeditiously follow, no failing in the company’s internal accounting system would have existed. To the contrary, routine discovery and correction would evidence its effectiveness.”

As to subsidiaries, Williams stated as follows. “Where the issuer controls more than 50 percent of the voting securities of the subsidiary, compliance is expected. So, too, would it be expected if there is between 20 percent and 50 percent ownership, subject to some demonstration by the issuer that this does not amount to control. If there is less than 20 percent ownership, we will shoulder the burden to affirmatively demonstrate control.”

As to the SEC’s enforcement policy, Williams concluded his remarks as follows. “The genius – and challenge – of [the FCPA’s accounting provisions] , it should be remembered, is their reliance on private sector decisionmaking – rather than specific federal edicts – to address an area of public concern. The Act’s eventual success or failure will, therefore, depend primarily upon business’s response. The Commission’s obligation, in turn, is to provide a regulatory environment in which the private sector can address these issues meaningfully and creatively. In this regard, we must encourage public companies to develop innovative records and control systems, to modify and improve them as circumstances change, and to correct recordkeeping errors when they occur without a chilling fear of penalty or inference that a violation of the Act is involved.”