Last week, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action, involving the waste management company, Stericycle, Inc. (Stericycle). According to the Information and Deferred Prosecution Agreement (DPA), Stericycle entered into a three-year DPA. The company was charged with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Under the DPA, Stericycle agreed to a criminal penalty of $52.5 million of which the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings. According to the SEC Cease and Desist Order (Order), Stericycle violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC Order also provided for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities. Today we consider the lessons learned.
Rapid Expansion
Similar to what we saw in the WPP enforcement action, Stericycle engaged in rapid expansion in a series of foreign jurisdiction. In this case it was Latin America. Stericycle does not seem to have made the same mistakes as WPP in holding back part of the overall acquisition payout to the owners in the locales where they purchased entities and thereby incentivizing corruption to meet sales goals. Under Stericycle, there was nothing about this same type of incentive plan used by WPP. However, Stericycle did appear to keep the former owners on as the executives in these new foreign subsidiaries without taking into account how those former owners may have done business or the risk model it entailed.
Which brings us to pre-acquisition due diligence, which is not simply looking at the financial issues involved but also considering the potential purchase from the compliance perspective. How did the companies which were purchased to form the foreign subsidiaries in Latin America do business before they were purchased? Did Stericycle review those companies from the compliance standpoint?
Moreover, and as Candice Tal, founder of Infortal, continually reminds us, due diligence is more than simply a site investigation or a couple of interviews. It should include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other lawsuits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publicly.” Clearly, Stericycle did not engage in this level of due diligence in either the acquisitions of the entities which became Stericycle subsidiaries in Latin America, nor in their key personnel. Employees up and down the chain of an organization do not simply wake up one day and decide to engage in bribery and corruption and create a full set of records so the effectiveness of your bribery-based business process can be evaluated.
Impact of the FCPA Corporate Enforcement Policy
The Stericycle enforcement action once again demonstrates how the FCPA Corporate Enforcement Policy can benefit even the most corrupt organization and allow a significant reduction of the overall fine and penalty under the US Sentencing Guidelines. According to the DPA, Stericycle received a 25% discount off the bottom of the applicable Sentencing Guidelines fine range for its cooperation during the pendency of the investigation and the extensive remediation.
I have previously estimated Stericycle saved between $25 million to $30 million from their final criminal fine. That is certainly a significant amount and one every Chief Compliance Officer (CCO) needs to have ready to submit to your CEO to demonstrate the power of committing time and resources to both internal investigations and remediation during the pendency of the investigation.
Impact from the Lisa Monaco Doctrine
a. The Monitor
The is first FCPA enforcement action to show the full impact of the change in DOJ enforcement priorities after the Lisa Monaco speech of October 2021, in a variety of ways. The first is the imposition of a monitor. It was required under both the DPA and the Order. Interestingly, even though the company was long aware of its compliance and ethical failures and even though it had been investigating this matter since at least 2016; the company could not seem to get its collective act together enough to fully implement and test the new compliance regime set out in the DPA. The DPA stated, “despite its extensive remedial measures described above, the Company to date has not fully implemented or tested its enhanced compliance program, and thus the imposition of an independent compliance monitor for a term of two years, as described more fully below and in Attachment D, is necessary to prevent the recurrence of misconduct.” [Emphasis supplied] Clearly the DOJ (and SEC) did not trust that the company would follow through with its resolution documents obligations and was “necessary to prevent the recurrence of misconduct.”
b. Culture
One part of the Monaco speech which drew much criticism from the White-Collar defense bar and others were her remarks around culture and that the DOJ would start assessing corporate culture in the context of other fines, penalties and regulatory enforcement actions from outside the FCPA context. Many articulated fears that conduct completely unrelated to a FCPA enforcement action could form the basis of a FCPA enforcement action. Those fears were alleviated in the Stericycle DPA which stated, “the Company has some history of prior civil and regulatory settlements, but no prior criminal history”. At least at this point, no unrelated civil or regulatory actions were assessed in the context of a FCPA enforcement action.
There was and continues to be much to consider and learn from the Stericycle FCPA enforcement action. I am sure we will be revisiting it in the future.