In an earlier post we reviewed three of the most significant enforcement actions so far for 2012. In today's post we conclude with the final three enforcement actions that I believe provide the best or most recent insights for the compliance practitioner.
On March 26, 2012, both the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) announced the resolution of enforcement actions against Biomet Inc. a US entity which manufactures and sells global medical devices around the world. It is headquartered in Fort Wayne, Indiana. The Company admitted to a lengthy run of bribery and corruption of doctors to purchase its products and paid a criminal fine of $17.3MM to resolve charges brought by the DOJ. It also agreed with the SEC to settle civil charges by paying $5.5MM in disgorgement of profits and pre-judgment interest.
A. Bribery and Corruption Facts
The Company engaged in an eight (8) year scheme to bribe and corrupt doctors in the countries of Argentina, Brazil and China to induce the physicians to purchase Biomet products. The SEC Complaint reported that "2000 to August 2008, Biomet Argentina employees paid bribes to doctors employed by publicly owned and operated hospitals in Argentina in exchange for sales of Biomet's medical device products. The doctors were paid approximately 15-20 percent of each sale." In Brazil, the SEC Compliant reported that from 2001 until 2008, Biomet's "Brazilian Distributor, paid bribes to doctors employed by publicly owned and operated hospitals to purchase Biomet's implants. Brazilian Distributor paid the doctors bribes in the form of "commissions" of 10-20 percent of the value of the medical devices purchased." In China, Biomet subsidiaries and its Chinese distributor paid from 5% up to 25% commissions to doctors for the sale of its products which were used during surgeries and also paid for Chinese surgeons to travel for training "including a substantial portion of the trip being devoted to sightseeing and other entertainment at Biomet's expense."
B. Internal Audit Failures
The SEC Compliant reported that the Company's Internal Audit was not only aware of the bribery program but discussed it in Memorandum to the Company's home office, including the head of the Company's Internal Audit Department. For instance in Argentina, the Company's head of Internal Audit noted, as early as 2003, they "circulated an internal audit report on Argentina to Senior Vice President and others in Biomet in Indiana in which he stated, "[R]oyalties are paid to surgeons if requested. These are disclosed in the accounting records as commissions." The Internal Audit report described the payments to surgeons, but only in the context of confirming that the amount paid to the surgeon was the amount recorded on the books." However, the Company's Internal Audit Department, took no steps to determine why royalties were paid to doctors or why the payments to the doctors were 15-20% of sales. Internal Audit did not obtain any evidence of services which the doctors might have performed entitling them to the payments. The SEC Complaint noted that Internal Audit "concluded that there were adequate controls in place to properly account for royalties paid to surgeons without any supporting documentation" and Internal Audit's only recommendation was to change the journal entry from "commission expenses" to "royalties."
The SEC Complaint also noted that "Biomet's books and records did not reflect the true nature of those payments. The Company's payments were improperly recorded as "commissions," "royalties", "consulting fees", "other sales and marketing", "scientific incentives", "travel" and "entertainment." The SEC Compliant concluded with the following "False documents were routinely created or accepted that concealed the improper payments."
C. Lessons Learned for Internal Audit
The SEC Complaint had some very clear guidance for the role of Internal Audit in detecting bribery and corruption in a best practices Foreign Corrupt Practices Act (FCPA) compliance program. First, if there are any types of commission payments being made, Internal Audit needs to review the documentation supporting why such payments are being made. A review of contracts or other legal requirements which may obligate a company to make such payments should be a basic undertaking in any internal audit. After an internal auditor has determined if commission payments are legally authorized, the internal auditor should review the evidence that such commission payments have been earned. Another role delineated in the SEC Complaint for Internal Audit is to correctly classify payments so that the books and records of the company accurately reflect them as expenses. As noted, the Director of Internal Audit instructed that bribes paid during clinical trials of the Company's products should be reclassified as 'expenses'.
Key Takeaway: This enforcement action lists the specific role of Internal Audit in a FCPA compliance program.
V. Morgan Stanley and Garth Peterson
This is the first instance of the public release of a Declination to Prosecute a company under the FCPA, where an employee agreed to an underlying FCPA violation. Morgan Stanley Managing Director Garth Peterson conspired with others to circumvent Morgan Stanley's internal controls in order to transfer a multi-million dollar ownership interest in a Shanghai building to himself and a Chinese public official. Peterson encouraged Morgan Stanley to sell an interest in a Chinese real-estate deal to Shanghai Yongye Enterprise (Yongye) a state-owned and state-controlled entity through which Shanghai's Luwan District managed its own property and facilitated outside investment. However, the DOJ declined to prosecute Morgan Stanley and noted in its Press Release, "After considering all the available facts and circumstances, including that Morgan Stanley constructed and maintained a system of internal controls, which provided reasonable assurances that its employees were not bribing government officials, the Department of Justice declined to bring any enforcement action against Morgan Stanley related to Peterson's conduct. The company voluntarily disclosed this matter and has cooperated throughout the department's investigation."
A. Declination to Prosecute
Both the DOJ and SEC went out of their way to praise the Morgan Stanley compliance program. This written praise demonstrated that not only do company's receive credit from the DOJ for having a compliance program in place but also gave solid information as to why the DOJ declined to prosecute Morgan Stanley. In other words, it was a very public pronouncement of a declination to prosecute.
The SEC Complaint detailed the compliance program it had in place and how it directly related to Peterson.
(1) Morgan Stanley trained Peterson on anti-corruption policies and the FCPA at least seven times between 2002 and 2008.
(2) Morgan Stanley distributed to Peterson written training materials specifically addressing the FCPA.
(3) A Morgan Stanley compliance officer specifically informed Peterson in 2004 that employees of Yongye, a Chinese state-owned entity, were government officials for purposes of the FCPA.
(4) Peterson received from Morgan Stanley at least thirty five FCPA-compliance reminders.
(5) Morgan Stanley required Peterson on multiple occasions to certify his compliance with the FCPA.
(6) Morgan Stanley required each of its employees, including Peterson, annually to certify adherence to Morgan Stanley's Code of Conduct.
(7) Morgan Stanley required its employees, including Peterson, annually to disclose their outside business interests.
(8) Morgan Stanley had policies to conduct due diligence on its foreign business partners, conducted due diligence on the Chinese Official and Yongye before initially conducting business with them, and generally imposed an approval process for payments made in the course of its real estate investments.
B. Compliance Program as Compliance Defense
If it was not clear that a company receives credit for having a best practices compliance program it is now. Recognizing that a compliance program is not available as a formal affirmative defense, it is clear that Morgan Stanley was able to use not only their written compliance program, but its ongoing maintenance, communication and due diligence aspects to shield the employer from liability. The bottom line is what the DOJ and SEC representatives have been saying all along and that is that companies with best practices compliance programs receive credit in negotiating with the government.
Key Takeaway: The compliance defense is alive and well.
Key Takeaway II (for the DOJ): Publicize Declinations to Prosecute. It is solid information for the compliance practitioner to use and it will help companies do business in compliance with the FCPA.
Last, but certainly not least, we end our Top 6 of 2012, to date, with the Data Systems & Solutions LLC (DS&S) case.
A. The Bribery Scheme
The bribery scheme involved payments made to officials at a state-owned nuclear power facility in Lithuania, named Ignalina Nuclear Power Plant (INPP). The payments were made to allow DS&S to obtain and retain business with INPP. The Information listed contracts awarded to DS&S in the amount of over $30MM from 1999 to 2004. Significantly, DS&S did not self-disclose this matter to the DOJ but only began an investigation after receiving a DOJ Subpoena for records.
The bribery scheme used by DS&S recycled about every known technique there is to pay bribes. The Information listed 51 instances of bribes paid or communications via email about the need to continue to pay bribes. The bribery scheme laid out in the Information reflected the following techniques used:
and last but not least...
B. The Discounted Fine
DS&S received a discount of 30% off the low end of the penalty range as calculated under the US Sentencing Guidelines, which specified a fine between $25MM down to $12.6MM. The ultimate fine paid by DS&S was only $8.82MM, which the Deferred Prosecution Agreement (DPA) states is "an approximately thirty-percent reduction off the bottom of the fine range..." In addition to its real-time internal investigation and extraordinary cooperation, the DPA reports that DS&S took the following extensive remediation steps:
There were two new additions are found on items 13 & 14 on Schedule C of the DPA that dealt with mergers and acquisitions (M&A). They draw from and build upon the prior Opinion Release 08-02 regarding Halliburton's request for guidance during an attempted acquisition and the Johnson and Johnson (J&J) Enhanced Compliance Obligations which were incorporated into its DPA. The five keys under these new items are: (1) develop policies and procedures for M&A work prior to engaging in such transactions; (2) full FCPA audit of any acquired entities "as quickly as practicable"; (3) report any corrupt payments or inadequate internal controls it discovers in this process to the DOJ; (4) apply DS&S anti-corruption policies and procedures to the newly acquired entities; and (5) train any persons who might "present a corruption risk to DS&S" on the company's policies and procedures and the law.
Key Takeaway: Minimum best practices evolve so you should stay abreast of them. IN the M&A arena, the DOJ continues to listen to comments on 'buying a FCPA violation' and provide guidance to manage the risk.
Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2012
For more information about LexisNexis products and solutions connect with us through our corporate site.