Home – 2016 Anti-Bribery Cases—The Year of Internal Controls, Books & Records

2016 Anti-Bribery Cases—The Year of Internal Controls, Books & Records

By Kristin Casler, featuring Gregory Husisian of Foley & Lardner LLP and Michael Volkov of The Volkov Law Group LLC


Years of robust federal enforcement have convinced most companies operating internationally to initiate policies that forbid outright bribery of foreign officials. That would have been sufficient in the early days of the Foreign Corrupt Practices Act of 1977, when corporate compliance generally hinged on the existence of any kind of compliance program. Over the years, though, minimum standards have evolved to require a corporate compliance program be more than just a “paper program”— it needs to be “effective.” Now, the latest Department of Justice and Securities & Exchange Commission cases indicate another escalation—companies must also have good, functioning internal controls. That means companies must take utmost care with foreign transactions and dealings in countries known for corruption, and clamp down on myriad creative ways in which bribes can be disguised.


In 2016, companies that failed in that regard have been hit hard, and experts predict the spate of large settlements with companies and actions against allegedly responsible executives will flourish in coming months. Common among many of the cases were fake receipts and invoices, sham organizations and other means to get money out of the company, topped off with financial controls too weak to prevent or detect them.


The stats

In 2015, the SEC announced enforcement action settlements with nine companies and two individuals—up slightly over historical averages, with total settlement payments of $114.5 million. The DOJ numbers were the lowest since 2007, with actions against 2 companies and 10 individuals totaling $24.2 million. But announcements of enforcement actions are already sharply on the rise for 2016, indicating that 2015 was not a slowdown but rather a bottleneck of cases.


To punctuate its serious enforcement intentions, the DOJ has recently doubled the size of the squads dedicated to corruption cases, adding 10 attorneys and 3 FBI squads and a compliance counsel, and it issued the Yates memo regarding individual accountability for misdeeds, said Michael Volkov, CEO, The Volkov Law Group LLC.


And, of course, the SEC will continue its trend of the last few years of persistent civil prosecutions. Gregory Husisian, Chair, Export Controls & National Security Practice Foley & Lardner LLP, said the SEC no longer is taking a backseat on FCPA enforcement, aggressively pursuing books and records and internal controls violations against many publicly traded issuers. In fact, there have been more SEC settlements in 2016 so far than DOJ settlements.


“The additional resources, the commitment to big cases and the Yates memorandum means that we’re going to slowly but surely see an increase in individual enforcement actions; we’re going to see more risks for the corporations and more aggressive prosecutions,” Volkov said. “Whatever people may have tried to guess was coming by the slower year, it was like someone taking a deep breath before forcing it out.”


Husisian agreed, noting 2016 already is easily on track to set the all-time record for FCPA-related penalties.


Key risk areas from recent enforcement actions

VimpelCom Ltd. One of the primary reasons 2016 will see a surge in FCPA settlement figures is the agreement by the telecommunications company in February to pay $795 million in a joint DOJ/SEC settlement (including amounts to settle with Dutch authorities). This is the second-largest anti-corruption settlement of all time. It is also notable for being one of the few cases in which the DOJ brought criminal charges for internal controls violations, Husisian said.


Volkov said the bribery scheme was basic and involved payments for consulting services to a shell company owned by the daughter of the Uzbekistan president in exchange for licenses for cellular phone systems. VimpelCom was accused of falsifying its books and records in an effort to hide the bribes. It recorded the payments as equity transactions, consulting agreements, and reseller transactions.


The key takeaways are that VimpelCom had a systemic, organization-wide problem, Volkov said, because VimpelCom’s board permitted more than $114 million in transactions to take place without knowing who owned the shell company. Senior executives refused to identify the owner, thwarted internal auditors and failed to provide outside counsel with sufficient information to render a valid FCPA opinion, Volkov said.


Olympus Corp. of the Americas. The medical device distributor agreed in March to pay $623 million for illegal kickbacks to doctors and hospitals and its Latin American subsidiary will pay $22.8 million for FCPA violations. The DOJ alleges Olympus made millions in incentive payments to healthcare providers through front “training centers.”


Las Vegas Sands Corp. The casino company settled in April with the SEC for $9 million. Although there was no direct evidence of bribery, the company allegedly failed to properly authorize or document $62 million in payments to a consultant acting as an intermediary to obscure the company’s role in certain business transactions, such as the purchases of a basketball team and a building in China. Volkov said this case clearly illustrates the government’s targeting of books, records and internal controls weaknesses.


Qualcomm Inc. The company, which paid $7.5 million to settle with the SEC, was accused of giving event tickets, gifts and travel to employees of state-owned entities. Most interestingly, it was targeted for hiring relatives of state regulators in return for business. “This is not the usual money-in-a-suitcase FCPA situation,” Husisian said, noting that it represents the increasingly broad kind of bribery requests that many companies are seeing in countries with a reputation for corruption, like China.


PTC Inc. The tech company and two Chinese subsidiaries paid $28 million to settle criminal and civil allegations that they funded lavish trips to five-star hotels in New York, Honolulu, Las Vegas and others, and provided expensive gifts and recreational activities. Volkov said the elaborate scheme was paid for through third parties and used disguised codes and revisionist contracts. PTC also represents the SEC’s first deferred prosecution of an individual. Yu Kai Yuan, a former employee, cooperated in the SEC’s investigation.


Novartis. The SEC accused the drug maker of financing travel and gifts to medical practitioners in China and improperly recording the payments as legitimate employee expenses for travel and entertainment, conferences, lecture fees, marketing events, educational seminars and medical studies. Volkov said the company invited medical professionals to a clinical congress in Chicago, but the trip strayed into danger when it paid for the visitors and their families to go to Niagara Falls. Novartis settled the claims for $25 million.


SciClone Pharmaceuticals. The SEC accused the drug maker of having lax accounting controls. Managers in China condoned representatives paying for family travel, regular attendance at a beer fest and family meal expenditures for customers and decision makers at medical facilities. SciClone settled the claims for $12.8 million.


Husisian noted that the U.S. government continues to see corruption in the medical/pharmaceutical spaces, particularly in China. He said this is likely due to the highly regulated nature of the industry, as well as the number of state-owned entities that arise in this industry, particularly for companies that need to deal with state-owned hospitals. Employees of these state-owned entities, including doctors who receive inducements to sell medical products or to write prescriptions, are considered foreign officials by the DOJ.


What the government wants to know

The government has high expectations for adequate compliance programs. It has increased transparency to encourage companies to voluntarily disclose violations, offers leniency when a company satisfies specific criteria accompanied by an effective compliance program, and it is increasing individual prosecutions for lax FCPA compliance, Volkov said.


Based on a November 2015 speech by Assistant Attorney General Leslie Caldwell, Volkov said companies seeking to be compliant need to ask themselves the following questions:


  • Are your executives and senior managers providing strong, visible support for compliance initiatives?
  • Do your compliance leaders have sufficient resources and authority?
  • Are your compliance policies written clearly and easily understood in multiple languages?
  • Are your compliance policies effectively communicated to all employees and easily accessible?
  • Are the employees trained?
  • Do you update your policies with evolving risks?
  • Do you train, inform and seek written assurances from third parties, vendors, suppliers and consultants?
  • Do you have enforcement mechanisms and incentivize good behavior?


“The government expects companies at substantial risk for receiving bribery-related requests to have dedicated compliance professionals who are immune from profit and loss expectations who are high enough in the organization to be taken seriously; to train key employees who are likely to encounter bribe-related requests; and to conduct due diligence on agents, consultants, and third parties operating on behalf of the company,” Husisian said.


In the 2016 settlements, the government has emphasized how inadequate controls created the problem, Husisian said. In VimpelCom, for example, the company, until 2013, only had two paragraphs on anticorruption requirements in its code of conduct, no separate anticorruption program, and its policy, “to the extent it existed at all” was “inadequate and ad hoc,” according to the settlement agreement.


Husisian also cited the Qualcomm settlement, in which the settlement agreement stated that “internal controls weaknesses were intensified by the absence of someone whose full-time responsibility was to act as a company-wide chief compliance officer and the absence of an FCPA compliance officer in China.”


Further, the government expects companies to conduct audits of the adequacy of their anticorruption programs, as highlighted by the VimpelCom settlement, Husisian said. It also expects employees to receive sufficient training, as shown in the Qualcomm settlement.


Where should companies focus compliance efforts?

Identifying and managing risk is key, Husisian said. There is no substitute for regularly conducting a risk assessment to determine the unique risk points of the organization, and using this as a guide as to how companies should best allocate their scarce compliance resources.


In addition to conducting a risk assessment and identifying risk points, Husisian and Volkov said best practices include:


  • Establishing anti-corruption procedures for high-risk countries
  • Establishing a uniform review process to ensure consistency
  • Evaluating dealings with government officials
  • Having effective anticorruption and Gifts, Meals, Entertainment & Travel (GME&T) programs/internal controls
  • Conducting regular and effective training for employees and third-parties
  • Conducting anti-corruption audits in house and of third parties
  • Assessing and reinvigorating internal controls, books and records
  • Documenting your good faith actions to protect the company from post-violation scrutiny
  • Reexamining and fine-tuning your travel, entertainment, gifts, meals controls and approval process
  • Having an ex-pat control the money; locals have connections and pay to get things done.


“It’s all about due diligence, due diligence and more due diligence,” Volkov said.


Recent settlements also show that maintaining active oversight of dealings with third parties is essential. Husisian noted that many companies that deal with third parties (consultants, agents, distributors and joint venture partners) should consider the following types of compliance measures:


  • Placement of representations and warranties in third-party contracts or, for joint venture partners, in governing instruments
  • Conducting due diligence on third parties, especially in high-risk countries like China or India or for relationships where there will be regular contact of the third party with government officials
  • Taking steps to increase the transparency of the relationship, such as gaining the right to review the books and records of the prospective third-party partner
  • Establishing audit rights at the outset of third-party relationships or when such arrangements are renewed
  • Conducting training for third parties rather than relying on representations that the third parties have themselves conducted training
  • Actively monitoring the relationship for red flags related to potential bribes
  • Regularly conducting audits using risk-based principles to determine appropriate frequency and level of detail