Technology Industry « FCPA Professor

Archive for the ‘Technology Industry’ Category

The Dilution Of FCPA Enforcement Has Reached A New Level With The SEC’s Enforcement Action Against Oracle

Friday, August 17th, 2012

Yesterday,the SEC announced (here) a Foreign Corrupt Practices Act books and records and internal controls enforcement action against Oracle Corporation.

With the enforcement action, the dilution of FCPA enforcement has reached a new level. The only allegations against Oracle itself is that it failed to audit distributor margins against end user prices and that it failed to audit third party payments made by distributors. It is common for large multi-national companies to have hundreds, if not thousands, of distributors. Because of this, audits Oracle was held liable for not conducting are not practical or cost-effective absent red flags suggesting improper conduct. The SEC did not allege any such red flag issues. In fact, the SEC alleges that Oracle’s Indian subsidiary “concealed” and kept “secret” the conduct from Oracle. Congress did not intend for the FCPA’s books and records and internal control provisions to be a strict liability statute. The SEC used to recognize this. However, it no longer does as once again demonstrated by the Oracle action.

In reading the Oracle action, I was reminded of a 1981 speech by Harold Williams (Chairman of the SEC) regarding the FCPA books and records and internal control provisions. See here for the prior post. Williams stated that the provisions are not “independent unrestrained mandate[s] to the Commission to establish novel or unprecedented corporate recordkeeping standards.” Williams further stated as follows. “Depending on the circumstances, intentional circumventions of a company’s system of records and of accounting controls by a low-level employee would not always be considered violations of the Act by the issuer. No system of adequate records and controls – no matter how effectively devised or conscientiously applied – could be expected to prevent all mistaken and improper transactions and disposition of assets. Given human nature, regardless of the adequacy of the system, a bookkeeper may still erroneously post entries, an overzealous agent may make unauthorized payments, or an unscrupulous employee may falsify records for his own purposes. The Act recognizes each of these limitations. Neither its text and legislative history nor its purposes suggest that occasional, inadvertent errors were the kind of problem that Congress sought to remedy in passing the Act. No rational federal interest in punishing insignificant mistakes has been articulated. And, the Act’s accounting provisions do not require a company or its senior officials to be the guarantors of all conduct of company employees.”

Back to the SEC’s enforcement action against Oracle.

The SEC complaint (here) states in summary fashion as follows.

“This matter involves violations of the books and records and internal controls provisions of the FCPA by Oracle Corporation. From 2005 to 2007, certain employees of Oracle’s Indian subsidiary Oracle India Private Limited (“Oracle India”) secretly ‘parked’ a portion of the proceeds from certain sales to the Indian government and put the money to unauthorized use, creating the potential for bribery or embezzlement. These Oracle India employes structured more than a dozen transactions so that a total of around $2.2 million was held by the Company’s distributors and kept off Oracle India’s corporate books. The Oracle India employes would then direct its distributor to disburse payments out of the unauthorized side funds to purported local ‘vendors.’ Several of the ‘vendors’ were merely storefronts that did not provide any services. Oracle failed to accurately record these side funds on the Company’s books and records, and failed to implement or maintain a system of effective internal accounting controls to prevent improper side funds in violation of the FCPA, which requires public companies to keep books and records that accurately reflect their operations.”

Specifically, the SEC complaint states as follows.

“On approximately 14 occasions related to 8 different government contracts between 2005 and 2007, certain Oracle India employees created extra margins between the end user and distributor price and directed the distributors to hold the extra margin in side funds. Oracle India’s employees made these margins large enough to ensure a side fund existed to pay third parties. At the direction of the Oracle India employees, the distributor then made payments out of the side funds to third parties, purportedly for marketing and development expenses. Some of the recipients of these payments were not on Oracle’s approved local vendor list; indeed, some of the third parties did not exist and were merely storefronts. Because the Oracle India employees concealed the existence of the side fund, Oracle did not properly account for these side funds. These funds constituted prepaid marketing expenses incurred by Oracle India and should have been recorded as an asset and rolled up to Oracle’s corporate books and records. These marketing expenses should then have been reflected in the income statement once they were used. Instead, the parked funds were not reflected on Oracle India’s books and were not properly recorded as prepaid marketing expenses. This incorrect accounting in turn affected Oracle’s books and records. Between 2005 and 2007, government customers paid Oracle India’s distributors at least $6.7 million on these sales, with Oracle receiving approximately $4.5 million in revenue, resulting in about $2.2 million in funds improperly ‘parked’ with the Company’s distributors.”

The SEC further alleged as follows.

“Oracle lacked the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds. For example, Oracle knew distributor discounts created a margin of cash from which distributors received payments for their services. Before 2009, however, the company failed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. In addition, although Oracle maintained corporate policies requiring approvals for payment of marketing expenses, Oracle failed to seek transparency in or audit third party payments made by distributors on Oracle India’s behalf. This control would have enabled Oracle to check that payments wer made to appropriate recipients.”

Based on the above conduct, the SEC charged Oracle with FCPA books and records and internal controls violations.

In the SEC’s release, Marc Fagel (Director of the SEC’s San Francisco Regional Office) stated as follows. “Through its subsidiary’s use of secret cash cushions, Oracle exposed itself to the risk that these hidden funds would be put to illegal use. It is important for U.S. companies to proactively establish policies and procedures to minimize the potential for payments to foreign officials or other unauthorized uses of company funds.” As noted in the release, without admitting or denying the SEC’s allegations, Oracle consented to the entry of a final judgment ordering the company to pay a $2 million penalty and permanently enjoining it from future books and records and internal control violations. The release further states as follows. “The settlement takes into account Oracle’s voluntary disclosure of the conduct in India and its cooperation with the SEC’s investigation, as well as remedial measures taken by the company, including firing the employees involved in the misconduct and making significant enhancements to its FCPA compliance program.”

It is typical for the DOJ and SEC to announce FCPA enforcement actions on the same day. Thus, the absence of a parallel DOJ enforcement action as to the alleged conduct at issue suggests that there will be no DOJ enforcement action, a good result given the SEC’s allegations and for the reasons stated above.

However, it may be premature to conclude that Oracle’s FCPA scrutiny is over. As noted in this prior post, in September 2011, the Wall Street Journal reported that the DOJ was investigating ”whether Oracle employees or agents acting on the company’s behalf made improper payments in Africa in order to land sales of database and applications software.”

*****

The SEC’s enforcement action against Oracle is not the first time distributor margin payments have served as the basis of an FCPA enforcement action. See here for the 2005 enforcement action against InVison, specifically the Thailand allegations. However, in that action the SEC alleged that the company was aware of the “high probability” that the margin was being used for improper purposes.

Complying With The Foreign Corrupt Practices Act: A Practical Primer

Thursday, February 2nd, 2012

[A new job has been posted to the Jobs Board - see here. Both job seekers and organizations seeking to hire individuals with FCPA or related experience will benefit from a wide selection of job listings, so please spread the word and send the job link to your HR department and professional contacts]

This “new era” of FCPA enforcement has resulted in many things. From my perspective, one of the best things it has resulted in is increased attention of the FCPA and FCPA compliance among academics and students.

The ABA Criminal Justice Section’s Global Anti-Corruption Task Force (here) recently published “Complying With the Foreign Corrupt Practices Act: A Practical Primer” (here). The report is authored by University of Chicago Law Students Salen Churi, David Finkelstein, Joe Mueller; University of Chicago Law School faculty Dean David Zarfes, Michael Bloom, and Sean Kramer; and Corporate Lab participants John Frank and Michel Gahard (both of Microsoft). The University of Chicago Corporate Lab (see here) objective is “to provide students with ‘real-world’ experience and context, to prepare them to become well-rounded legal practitioners with sound legal and business judgment, and to provide them with opportunities to work on cutting-edge projects with multinational companies.”

Among other things, the purpose of ”Complying With the Foreign Corrupt Practices Act: A Practical Primer” is to provide “a framework for developing effective [FCPA] compliance programs.” As the report notes, “[t]he available guidance from the government on how to comply with the FCPA’s requirements and prohibitions is extremely limited” and “the guidance that the government has made available is vague, disjointed, and sparse.”

The report contains a comprehensive overview of the “purposes of a compliance program,” the “facets of a compliance program,” “sources of guidance in crafting a compliance program” and various “metrics for an effective compliance program.” However, contrary to the apparent suggestion in the report, the comprehensive FCPA best practices policies and procedures identified do not “protect companies from exposure to [FCPA] liability.”

This big-picture issue was presumably beyond the scope of the report, but it is the issue I addressed in my recent scholarship “Revisiting a Foreign Corrupt Practices Act Compliance Defense” (see here - forthcoming Wisconsin Law Review). The comprehensive FCPA policies and procedures thoroughly discussed in the University of Chicago report should matter, as a matter of law (not merely in the opaque, inconsistent and unpredictable world of DOJ decision making), when a non-executive employee or agent acts contrary to those policies and procedures and in violation of the FCPA.

*****

Qualcomm is a company with a long list of awards and recognition (see here) such as a Fortune “most admired company” and a Barron’s “most respected company.” Although the specific facts of Qualcomm’s disclosure are not yet known, on perhaps a related note to the topics discussed above, the company disclosed yesterday in its 10-Q filing (here) as follows. “On January 27, 2012, the Company learned that the U.S. Attorney’s Office for the Southern District of California/DOJ has begun a preliminary investigation regarding the Company’s compliance with the Foreign Corrupt Practices Act (FCPA), a topic about which the SEC is also inquiring. The Company believes that it is in compliance with the requirements of the FCPA and will continue to cooperate with both agencies.”

Oracle – Another World’s Most Ethical FCPA Violator?

Thursday, September 1st, 2011

It surprises most people to learn that a company with pre-existing FCPA compliance policies and procedures – and a company otherwise making good faith efforts to comply with the FCPA - can still face legal liability when a non-executive employee or agent nevertheless acts contrary to the company’s pre-existing FCPA compliance and procedures.

And rightfully so. Yet because of respondeat superior principles, the company is exposed to FCPA liability. Such pre-existing policies and procedures are relevant to charging decisions under the Principles of Prosecution as well as to the ultimate fine amount under the Sentencing Guidelines, but not relevant to liability as a matter of law.

It is even possible for a company to earn designation as one of the “World’s Most Ethical Companies” yet still, during the same general time period, resolve an FCPA enforcement action. Ethisphere’s “World’s Most Ethical Companies” designation (see here) ”recognizes companies that truly go beyond making statements about doing business ‘ethically’ and translate those words into action.” As stated by Ethisphere, the designation is “awarded to those companies that have leading ethics and compliance programs, particularly as compared to their industry peers.” A company only earns the designation after a “methodology committee of leading attorneys, professors, government officials and organization leaders” assist Ethisphere in creating the scoring methodology and after Ethisphere conducts an “in-depth analysis” of the company. Companies that have earned “World’s Most Ethical Company” designation during the same general time period as also resolving FCPA enforcement actions or being under FCPA scrutiny include the following: General Electric, Statoil, Deere & Company, Hewlett-Packard, Rockwell Automation, AstraZeneca, Novo Nordisk, and Sempra Energy.

Add Oracle Corporation, a recipient of “World’s Most Ethical Company” designation more than once, to the list.

Yesterday, Joe Palazzolo and Samuel Rubenfeld broke the story in the Wall Street Journal, “U.S. Probes Oracle Dealings,” that “U.S. authorities are investigating whether Oracle Corp., one of the world’s largest software companies by sales, violated federal antibribery laws in its dealings abroad …”. According to the report, “agents in the FBI’s Washington field office and fraud prosecutors in the Justice Department’s Criminal Division are handling a criminal investigation, which has been underway for at least a year.” Palazzolo and Rubenfeld also report that the SEC is also investigating for possible civil violations. According to the report, “the agencies are examining whether Oracle employees or agents acting on the company’s behalf made improper payments in Africa in order to land sales of database and applications software.”

Time will tell whether the Oracle investigation will lead to an FCPA enforcement action and, if so, the nature and extent of the improper conduct. If the investigation follows a pattern often seen in FCPA enforcement actions, the improper conduct will have been engaged in by non-executive employees or agents who acted contrary to the company’s FCPA policies and procedures and the company’s otherwise good faith efforts to comply with the FCPA.

While I have no unique insight or knowledge of Oracle’s FCPA compliance policies and procedures, one has got to assume it has been doing the right things to earn, on more than one occasion, Ethisphere’s highest honor. Oracle’s “Code of Ethics and Business Conduct” (here) contains a separate section on the FCPA in a Q&A format. Granted words on paper do not establish much, but the Code also refers to Oracle’s “Anti-Corruption Policy” located on the company’s non-public Compliance and Ethics Program Web Site and indeed what a company’s public website contains as to FCPA compliance is usually just the tip of the iceberg. Furthermore, among other things, Oracle has an ”Anti-Corruption Training Course” (here) for its partners available in ten languages.

If an FCPA enforcement action against Oracle is indeed forthcoming, such an enforcement action, like previous ones involving other “World’s Most Ethical Companies” highlight the need for an FCPA compliance defense. As I have highlighted on previous occasions, in the mid-1980’s numerous FCPA reform bills included a specific defense under which a company would not be held liable for a violation of the FCPA’s anti-bribery provisions by its employees or agents, who were not an officer or director, if the company established procedures reasonably designed to prevent and detect FCPA violations by employees and agents. Such a compliance defense passed the U.S. House, but was never made part of the FCPA’s 1988 amendments. However, it is likely that an FCPA reform bill will soon be introduced and that it will contain a similar compliance defense. As I highlighted in this previous post, many of the 38 signatory countries to the OECD Anti-Bribery Convention have compliance-like defenses in their domestic “FCPA-like” legislation.

Nevertheless, Assistant Attorney General Lanny Breuer has, in the past, flatly rejected the need for a compliance defense. Speaking last March at the Dow Jones Global Compliance Symposium, he said, “we can’t engage in some sort of formalistic solution from a script that says if you check the following six boxes you’re guaranteed this outcome.”

More recently, during the June House FCPA Hearing, Greg Andres, testifying on behalf of the DOJ, stated that a potential FCPA compliance defense was “novel and risky” and that the “time is not right to consider it.”

With another “World’s Most Ethical Company” facing FCPA exposure, the time is right to consider amending the FCPA to include a compliance defense.

Questions Abound In IBM Enforcement Action

Thursday, March 24th, 2011

Last week, the SEC announced (here) a settled FCPA enforcement action against International Business Machines Corporation (“IBM”).

This post summarizes the enforcement action and then addresses the many questions raised by the enforcement action.

Summary of Enforcement Action

According to the SEC complaint (here): “During the period from 1998 through 2009, in violation of the Foreign Corrupt Practices Act of 1977, employees of certain of [IBM's] subsidiaries and a majority-owned joint venture provided cash payments, improper gifts, as well as improper travel and entertainment to government officials in South Korea and China.”

The conduct at issue focused on:

IBM-Korea, Inc. (“IBM-Korea”), a South Korean corporation “wholly-owned indirectly by IBM International Group B.V, which, in turn is wholly-owned by IBM;”

LG IBM PC Co. Ltd. (“LG-IBM”), a South Korean joint venture formed in 1996 by IBM-Korea (51% owner of the JV) and LG Electronics (“LG”) (49% owners of the JV); and

IBM (China) Investment Company Limited and IBM Global Services (China) Co. Ltd. (collectively “IBM-China”) – entities “owned by IBM China/Hong Kong Limited, a Hong Kong company that is ultimately owned by IBM.”

In summary fashion, the SEC alleged as follows.

“From 1998 to 2003, employees of [IBM-Korea] and [LG-IBM] made payments to various government officials in South Korea. The purpose of these payments was to secure the sale of IBM products through IBM-Korea and LG-IBM’s business partners. During the relevant period, these managers paid approximately KRW 216,832,500 (South Korean Won), or $207,000, in cash bribes to South Korean government officials, including providing improper·gifts and payments of travel and entertainment expenses.”

“From at least 2004 to early 2009, employees of [IBM-China] engaged in a widespread practice of providing overseas trips, entertainment, and improper gifts to Chinese government officials. The misconduct in China involved several key IBM-China employees and more than 100 IBM China employees overall.”

As to IBM, the parent-company issuer, the SEC alleged as follows.

“Despite its extensive international operations, IBM lacked sufficient internal
controls designed to prevent or detect these violations of the FCPA. During the period 1998 to 2009, IBM had corporate policies prohibiting bribery and procedures relating to compliance with the FCPA; however, deficient internal controls allowed employees of IBM’s subsidiaries and joint venture to use local business partners and travel agencies as conduits for bribes or other improper payments to South Korean and Chinese government officials over long periods of time.”

“During the period 1998 to 2009, IBM failed to make and keep books and records that accurately reflected the improper payments made in South Korea and China. Instead, these payments were recorded as legitimate business expenses.”

The body of the SEC’s complaint alleges various “things of value” provided to alleged South Korean “foreign officials” including shopping bags filled with thousands of dollars, cash-filled envelopes exchanged in parking lots and free personal computers, and travel and entertainment expenses.

According to the SEC, such “things of value” were: “in exchange for designating IBM-Korea a preferred supplier of mainframe computers to [an alleged government entity] and for placing orders with IBM-Korea at higher prices;” “in exchange for (1) maintaining IBM-Korea as the supplier of mainframe computers to [an alleged government entity]; and (2) for helping an IBM-Korea business partner win bids to supply mainframe computers and storage equipment to [an alleged government entity] worth more than [$21 million]; “in exchange for [an alleged "foreign official's] assistance to IBM-Korea in obtaining a contract with [an alleged government entity] worth approximately [$13 million] for the installation of a mainframe computer in 2002;” “to entice [foreign official's] to purchase IBM products:” “to win a contract to supply 657 (later increased to 825) personal computers valued at [approximately $1.4 million]; “in exchange for providing LG-IBM with certain confidential information regarding the product specifications on [an alleged government entity's] request for procurement;” “to persuade employees of [an alleged government entity] to purchase IBM products;” and to entice alleged foreign officials “to purchase IBM products or to provide information to assist LG-IBM in the bidding process.”

The body of the SEC’s complaint as to China conduct alleges as follows.

“From at least 2004 to early 2009, IBM-China employees created slush funds at local travel agencies in China that were then used to pay for overseas and other travel expenses incurred by Chinese government officials. In addition, IBM-China employees created slush funds at its business partners to provide a cash payment and improper gifts, such as cameras and laptop computers, to Chinese government officials. IBM failed to record accurately these payments in its books and records.”

Specifically, the SEC alleged as follows:

“Between 2004 and 2009, IBM’s internal controls failed to detect at least 114
instances in which (1) IBM-China employees and its local travel agency worked together to create fake invoices to match approved [Delegation Trip Requests] DTRs; (2) trips were not connected to any DTRs; (3) trips involved unapproved sightseeing itineraries for Chinese government employees; (4) trips had little or no business content; (5) trips involved one or more deviations from the approved DTR; and (6) trips where per diem payments and gifts were provided to Chinese government officials.”

Based on the above allegations, the SEC charged IBM with violating the FCPA’s books and records and internal control provisions. As noted in the SEC release, IBM, without admitting or denying the SEC’s allegations, consented to the entry of a final judgment permanently enjoining the company from future FCPA violations. IBM agreed to pay $10 million (disgorgement of $5.3 million, $2.7 million in prejudgment interest, and a $2 million civil penalty).

Peter Barbur and Evan Chessler (Cravath, Swaine & Moore – here and here) represented IBM.

Questions Abound

For starters, this is not the first time IBM has been the focus of an FCPA enforcement action.

In December 2000 (see here), the SEC found, in a cease and desist proceeding, that IBM violated the FCPA books and records provisions in connection with a $250 million contract to integrate and modernize computer systems in Argentina. As part of the settlement, “IBM consented to the entry of an Order that requires IBM to cease and desist from committing or causing any future violation of [the FCPA's books and records provisions].

Given that IBM was charged last week with FCPA books and records violations, IBM has clearly violated this 2000 court order.

In my recent “Facade of FCPA Enforcement” article (here), I highlight various pillars that contribute to the facade of FCPA enforcement.

Pillars include, unsupported legal conclusions serving as the foundation for an enforcement action, including as to “foreign official” and disgorgement issues; the tendency of factually similar cases being resolved materially different ways; and bribery, yet no bribery.

These pillars are present in the IBM enforcement action.

For starters, who were the “government officials in South Korea and China.” Were they traditional bona-fide government officials or employees of alleged state-owned or state-controlled enterprises and thus “foreign officials” under the enforcement agencies’ interpretation – an interpretation currently the subject of judicial challenges?

As to the South Korean officials, the complaint merely alleges that the “foreign government officials involved worked for sixteen South Korean government entities.” These officials included the “Chief of Operations for the Electronic Operations Division” of an entity; an employee of the same entity; a “manager of the government-controlled entity”; the “Director of Planning” of another entity; employees of an entity; an employee of a “state-owned agency of the South Korean government;” a “Director of Information Technology” at another entity; employees of another entity; and “key decision makers at ten other” entities.

As to the Chinese officials, the complaint merely alleges that the individuals were associated with “government-owned or controlled customers in China for hardware, software, and other services.”

Based on the descriptions in the complaint, it seems as if the “foreign officials” were all employees of SOE entities. If so, two out of three corporate FCPA enforcement actions in 2011 (IBM and Maxwell Technologies – see here) involve SOE employees.

Why no FCPA anti-bribery charges against IBM or the relevant subsidiaries (accepting of course the SEC’s “foreign official” interpretation)?

According to the SEC, the conduct at issue took place between 1998 and 2009. Further, according to the SEC, “in connection with the conduct described herein, IBM, directly or indirectly, made use of the mails or the means or instrumentalities of interstate commerce in connection with the acts, transactions, practices and courses of business alleged in this Complaint.”

Why no DOJ involvement?

It is very common for the DOJ and SEC to announce FCPA enforcement actions on the same day. Thus, one can assume (perhaps future events will prove otherwise) that the DOJ elected to sit this one out.

Why?

The SEC’s complaint alleges vivid instances of bribery (not always seen in FCPA enforcement actions) in connection with multi-million dollar contracts.

Yet, no bribery – not even civil FCPA anti-bribery charges.

Is this another instance where the U.S. enforcement agencies look first at the corporate offender, its customers, and its products, and then craft a resolution that will hurt the least?

After all, one of IBM’s largest customer segments is the government (federal, state, etc.) see here.

Did this play any role in how the enforcement action was resolved?

The SEC charged IBM only with FCPA books and records and internal controls violations. Yet, as in several other cases, the SEC pursued a disgorgement remedy. As noted in my Facade article (pages 981-984) non-FCPA disgorgement case law clearly holds that disgorgement may not be used punitively. It is difficult to see how mis-recording of a payment (a payment the SEC does not allege violated the FCPA’s anti-bribery provisions) can properly give rise to a disgorgement remedy. See also here from Philip Urofsky and Danforth Newcomb on this issue.

In a transparent legal system, similar facts are supposed to be resolved with similar charges. However, it is questionable whether this fundamental principle (one that inspires trust and confidence in a legal system) is followed in many FCPA enforcement actions.

The China-related charges against IBM regarding excessive travel and entertainment expenses are nearly identical to two previous FCPA enforcement actions – the December 2007 enforcement action against Lucent Technologies and the December 2009 enforcement action against UTStarcom, Inc.

Lucent was resolved via a DOJ non-prosecution agreement (here) and an SEC enforcement action charging only FCPA books and records violations (here).

UTStarcom was resolved via a DOJ non-prosecution agreement (here) and an SEC enforcement action charging FCPA anti-bribery as well as books and records and internal controls violations (here).

IBM, as detailed above, is presumably being resolved without any DOJ involvement and an SEC enforcement action charging only FCPA books and records violations.

Three cases – all involving in whole or in part allegations of providing excessive travel and entertainment expenses to Chinese “foreign officials” – resolved in three different ways.

*****

And now, as one reader put it, the question all FCPA Professor blog readers (at least this particular reader) are dying to know.

Butler or Wisconsin?

I am a born and raised cheesehead and graduate of the University of Wisconsin Law School.

However, my allegiance is to my employer – Butler University. Let’s face it, Butler is an awesome, feel-good story. Student-athletes in every sense of the word, home games at historic Hinkle Fieldhouse, a coach who, a few years ago, left his job selling pharmaceuticals to become a volunteer coach (since promoted), and a small, cozy campus to top it off.

BU-TLE- R U a Bulldog – hell ya!

A Look Back (and Forward)

Monday, December 28th, 2009

This week marks not only the end of a year, but also a decade.

So let’s take a look back at FCPA enforcement circa 2000.

In 2000, the FCPA was indeed “on the books” (the statute was enacted in 1977), yet there was little in terms of FCPA news or enforcement actions.

A “U.S. newspapers and wires” search for the FCPA in the 2000 picks up 64 “hits” and among the more noteworthy stories from that year were the following:

(1) BellSouth corporation disclosed that the SEC launched a probe into whether one of its Latin American subsidiaries violated the FCPA and the company also disclosed that its outside counsel had already investigated the conduct and found that no violations had occurred; and

(2) BF Goodrich Company announced that it was using a web-enabled training system to educate its employees about work-related legal issues including the FCPA.

One could even attend a few FCPA training sessions in 2000 as the search picked up programs sponsored by both the City of New York Bar and the Washington DC Bar.

There was even one FCPA enforcement action in 2000!

In December 2000, the SEC announced (here) the filing of a settled cease-and-desist proceeding against International Business Machines Corporation (“IBM”).

According to the SEC order (here), IBM violated the books and records provisions of the FCPA based on the conduct of its indirect, wholly-owned subsidiary, IBM-Argentina, S.A. The conduct involved “presumed illicit payments to foreign officials” in connection with a “$250 million systems integration contract” between Banco de la Nacion Argentina (“BNA”) (an apparent “government-owned commercial bank in Argentina) and IBM-Argentina.

The SEC order finds that, in connection with the contract, IBM-Argentina’s Former Senior Management (without the knowledge or approval of any IBM employee in the U.S.) caused IBM-Argentina to enter into a subcontract with an Argentine corporation (“CCR”) and that “money paid to CCR by IBM-Argentina in connection with the subcontract was apparently subsequently paid by CCR to certain BNA officials.”

According to the Order, IBM-Argentina paid CCR approximately $22 million under the subcontract and “at least $4.5 million was transferred to several BNA directors by CCR.”

According to the Order, the former Senior Management “overrode IBM procurement and contracting procedures, and hid the details of the subcontract from the technical and financial review personnel assigned to the Contract.” The Order finds that IBM-Argentina “recorded the payments to CCR in its books and records as third-party subcontractor expenses” and that IBM-Argentina’s financial results were incorporated into IBM’s financial results filed with the Commission.

Based on the above conduct, the SEC concluded that “IBM violated [the FCPA’s books and records provisions] by failing to ensure that IBM-Argentina maintained books and records which accurately reflected IBM-Argentina’s transactions and dispositions of assets with respect to the Subcontract.” IBM consented to a cease and desist order and consented to entry of a judgment ordering it to pay a $300,000 penalty.

A Washington Post article about the IBM action notes that it “is the SEC’s first in three years involving overseas bribery.”

In 2000, there were no DOJ FCPA prosecutions (against corporations or individuals).

The first DOJ corporate FCPA prosecution of this decade did not occur until 2002.

In that action (here) Syncor Taiwan, Inc. (a wholly-owned, indirect subsidiary of Syncor International Corporation) pleaded guilty to a one-count criminal information charging violations of the FCPA. According to the DOJ release, “[t]he company admitted making improper payments [approximately $344,110] to physicians employed by hospitals owned by the legal authorities in Taiwan for the purpose of obtaining and retaining business from those hospitals and in connection with the purchase and sale of unit dosages of certain radiopharmaceuticals.”

The release further notes that the company “made payments [approximately $113,000] to physicians employed by hospitals owned by the legal authorities in Taiwan in exchange for their referrals of patients to medial imaging centers owned and operated by the defendant.”

Based on this conduct, the release notes that the company agreed to a $2 million criminal fine – “the maximum criminal fine for a corporation under the FCPA” (as noted in the release). The release also notes that “Syncor International has consented to the entry of a judgment requiring it to pay a $500,000 civil penalty, the largest penalty ever obtained by the SEC in an FCPA case.”.

From this retrospective, two issues jump out.

First, as demonstrated by the IBM action, the notion that an issuer may be strictly liable for a subsidiary’s (even if indirect) violations of the FCPA books and records is nothing new. (See here for a prior post on this issue).

Second, as demonstrated by the Syncor action, DOJ’s interpretation of the “foreign official” element to include non-government employees employed by state-owned or state-controlled entities stretches back to earlier this decade. (See here for prior posts on this issue).

This retrospective also highlights just how significantly FCPA enforcement has changed this decade.

For starters, the same “U.S. newspapers and wires” search for the FCPA (year to date) picks up nearly 700 “hits” (a ten-fold increase from ten years ago). In addition, if one wanted to, one could attend (it seems) an FCPA seminar, training session, bar event, etc. every week in a different state.

Further, I bet my Jack LaLanne Power Juicer received this holiday season that if the IBM enforcement action were to have recently occurred, the SEC would have also charged FCPA internal control violations as well as sought a significant disgorgement penalty given that the alleged improper payments in that matter helped secure a $250 million contract.

Moreover, the $2 million “maximum criminal fine for a corporation under the FCPA” (as noted in the Syncor DOJ release) seems laughable when viewed in the context of the $450 million Siemens criminal fine (Dec. 2008) or the $402 million Kellogg Brown & Root criminal fine (Feb. 2009). Also laughable is the $500,000 “largest penalty ever obtained by the SEC in an FCPA case” (as noted in the Syncor release) when viewed in the context of the $350 million Siemens penalty or the $177 million KBR/Halliburton penalty.

Has the conduct become more egregious during this decade or have enforcement theories and strategies simply changed? I doubt it is the former.

Why have enforcement theories and strategies changed? One of the best, candid explanations I’ve heard recently is that FCPA enforcement for the government “is lucrative.” (See here).

One of the great legal “head-scratchers” of this decade is how DOJ and SEC’s enforcement of the FCPA against business entities has taken place almost entirely outside of the normal judicial process due to the fact that corporate FCPA prosecutions are resolved through non-prosecution or deferred prosecution agreements, settled through SEC cease and desist orders, or otherwise resolved informally. The end result is that in many cases, the FCPA means what DOJ and SEC says it means.

My hope for the New Year and decade is that many of the untested and unchallenged legal theories which are now common in FCPA enforcement will actually be subject to judicial scrutiny and interpretation.