The Rogue Employee Myth: Prevention and Detection in a FCPA Compliance Program

The Rogue Employee Myth: Prevention and Detection in a FCPA Compliance Program

 I cannot think of any criminal enforcement actions against a corporation involving the Foreign Corrupt Practices Act (FCPA) where there was a lone wolf employee engaging in bribery and corruption on his or her own. There might well be some internal investigations and even self-disclosures to the Department of Justice (DOJ) of such conduct but the public usually does not know about them since the DOJ would issue a Declination under such circumstances. The only publicly announced Declination where the company was identified was the Morgan Stanley Declination. In that matter, a Managing Director, Garth Peterson was prosecuted for his individual action in violating the FCPA. But from the information made available, it appears that the company uncovered Peterson’s conduct, investigated and self-reported it to the DOJ.

One of things that Donna Boehme and Jim McGrath regularly rail against is the claim that violations of the FCPA, UK Bribery Act and other anti-corruption laws are the result of some ‘rogue employee’ out there, dreaming up ways to engage in bribery and corruption to obtain or retain business. Organizations such as the US Chamber of Commerce want to limit corporate liability for the criminal actions of their employees saying it is not fair for a company to pay for the sins of these alleged rogue employees.

While I recognize the US Supreme Court may soon make all of the above moot by deciding that corporations have the same rights, obligations and duties of real persons, those individuals making the claim of rogue-ness do not seem to contemplate how much work and effort must go into any ongoing bribery scandal which would result in a FCPA violation and how much is attributable to the company. First if the company, explicitly or implicitly, communicates that the bottom line, quarterly numbers or anything like that is the most important action an employee will be evaluated on, guess what, their numbers, and employees will always find a way to make their numbers. Further, if employees can either manipulate or over-ride a company’s internal controls to help fund or hide the payment of bribes, it is the fault of the company not having robust controls in the first place.

Remember Paul McNulty’s Three Maxims? (1) What did you do to prevent it? (2) What did you do to detect it? (3) What did you when you found out about it? If a company’s internal controls are so porous that employees can slide the payment of bribes through the system, I would say that you have failed to answer Maxim 1 in the affirmative. If your auditing or monitoring is so poor that you cannot find any evidence of bribery and corruption because you didn’t want to (See: Wal-Mart’s initial investigation into its Mexican subsidiary) or because the auditing and monitoring is so poor (See: GSK in China where they somehow missed $500MM in payments to ‘travel agents’); you have also failed to answer McNulty Maxim 2 in the affirmative.

Yesterday I wrote about psychopaths in the guise of Chief Executive Officers (CEOs). I do not think there could be a better example of this than Bernie Madoff. His grandiosity extended to attempting to claim to federal investigators that his multi-decade, multi-billion dollar fraud and Ponzi scheme was all his work alone, that no one else in his company was involved or even knew about it. That outsized claim is being put to the test over the next couple of months in a courtroom in New York where five former employees are currently on trial for participating in this massive fraud.

In fascinating testimony Frank DiPascali, a former top lieutenant to Madoff, reported in a Wall Street Journal (WSJ) article, entitled “Madoff’s Cold Play Outwitted Auditor” by James Sterngold, the schemes used to defraud customers and fool auditors and regulators. Initially, he noted that NONE of the trades recorded in the company’s books and records ever took place and that “a number of staff members spent most of their time producing large volumes of fake documents to convince customers there were earning attractive returns.” To put an explanation point on his testimony, when asked if Madoff’s staff created trades out of thin air, he responded, “Literally, yes.” To confuse and misdirect an auditor from KPMG, when the accounting firm demanded to see “detailed daily trading logs to confirm that the firm was actually engaged in trading”, Madoff’s staff not only created the fake logs but put them in the refrigerator to “cool them down”. Another time, the staff tossed them around “like a medicine ball to make them look used and crinkled.” All of this was presented as evidence in the trial which indicates that more people had to be involved in the fraud.

The clear lesson for the compliance practitioner from the Madoff employees’ trial testimony to-date is that there cannot be one person or the ubiquitous ‘rogue employee’ who decides to engage in bribery and corruption. There has to be more than one person. To circumvent a company’s internal controls takes work. For in any criminal FCPA enforcement matter, it is because the company involved had such weak internal controls that such circumvention could occur in the first place. But more than this circumvention, it means that the company did not employ sufficient systems to detect such bribery and corruption. And if the documentation you are reviewing is cold to the touch that may now constitute a red flag.

Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2013

For more information about LexisNexis products and solutions connect with us through our corporate site.