Categories
Blog

WPP Enforcement Action: Part 5 – The Lessons Learned

This week we have been exploring the recent Securities and Exchange Commission (SEC) Cease and Desist Order (Order) entered into last week with WPP plc, the world’s largest advertising group, for paying bribes to Indian government officials and participating in other “illicit schemes” in China, Brazil and Peru. WPP agreed to pay $11 million+ in disgorgement and interest and penalty of $8 million for a total amount of just over $19 million. Today we conclude with some lessons learned for the compliance professional.
Culture Matters
It seems about the most basic thing to say in the compliance realm, but the most important thing is your corporate culture. If your culture puts no value on doing business ethically and in compliance, your organization will surely have problems. As I have cited to multiple times in this exploration of WPP, the Order stated, “WPP had no compliance department during the relevant period”. If your company will not have a compliance function, it speaks about as highly as one can about the values and culture of your organization. It could not be put more simply, with no compliance program, your organization does not value having a culture of compliance. Throughout the Order are examples of this lack of value. From the perfunctory first investigation into allegations in India, to the paper compliance program in place, to the lack of preacquisition due diligence from the compliance perspective; it is clear WPP put no value into having a culture of compliance.
Investigations 
The Order made clear that after the initial whistleblower report, “which identified CEO A by name as the architect of the scheme”; WPP then tasked part of the group involved in the actions to investigate the allegations. That group then hired “an Indian partner firm of an international accounting firm ostensibly to investigate the allegations and review India Subsidiary’s processes regarding government contracts and transactions involving government clients.” [emphasis supplied] Who did this investigator rely on for information? The very leaders of the corruption scheme, the WPP-India Chief Executive Officer (CEO) and Chief Financial Officer (CFO).
What were other key deficiencies in the investigation?

  • There was no contact with the identified recalcitrant 3rd
  • The investigative firm relied on information from the parties identified in the whistleblower report.
  • There was no independent verification.
  • There were no conclusions related to the bribery allegations brought forward by the whistleblower.

The WPP matter is an excellent teaching tool for how NOT to perform an investigation.
Mergers and Acquisitions (M&A)
Here WPP apparently engage in none of the M&A components of even a minimum standard for compliance. There was no preacquisition due diligence into any of the entities acquired. Simply doing acquisitions in a high-risk environment is not verboten. But doing so with no compliance is. Moreover, there was apparently no integration of the acquired entities into the WPP compliance program, such as it was. Once again without a compliance function to drive this to the finish, there was no corporate group tasked to finish it out. Obviously, there was no forensic compliance audit of the acquired entities after acquisition as well. I cannot point to a shortcoming of WPP as there were no shortcomings in execution, as there was no effort.
Incentives
When do sales or remuneration incentives become perverse incentives? For Wells Fargo, it came when the corporate hierarchy determined that the proper number of Wells Fargo products was eight per customer and employees continued employment and compensation would depend on hitting that inane number. (Remember the CEO, John Stumpf, said “8 is great!”) WPP crossed that threshold when they made the earnouts for the founders of the organizations they acquired, who were kept on to run subsidiaries such as WPP-India, contingent on hitting sales numbers they could not reach without engaging in bribery and corruption. When you couple that with no effective controls, no culture of compliance and outright fraud, you see how WPP came to Foreign Corrupt Practices Act (FCPA) grief.
Whistleblower Reports
The bribery schemes were so blatant that in India there were seven internal whistleblower reports. As stated in the Order, “From July 7, 2015 through September 2, 2017, WPP received seven anonymous complaints alleging – with increasing specificity – two bribery schemes related to India Subsidiary’s work for DIPR.” That is seven, count them seven documented whistleblower reports which had details including names of the participants and the bribery schemes. This failure simply boggles the mind, yet is axiomatic of the culture of WPP.
It is still not clear how WPP came to the attention of the SEC. We do know if it was not through self-disclosure. It may well have been an internal whistleblower. For companies who decry whistleblowers who go public, WPP is Prime Example 1 of why. Moreover, how many whistleblowers would have the continued drive to continue to report illegal conduct after the first report which was dismissed through a sham investigation?
We are now at the end of the WPP sage from the perspective of the SEC enforcement action. I began this series with several questions which still remain open. They include:

  • How was the SEC made aware of WPP’s bribery and corruption?
  • Is there a parallel Department of Justice (DOJ) enforcement action?
  • Where is the Serious Fraud Office (SFO)?
  • How did WPP avoid a monitor?

As these questions remain open, we may well be revisiting WPP again.

Categories
The Ethics Movement

Converge21-Michael Randrup – The Devil in the Details: EU Directive Requirement You May Not Know


CONVERGE is in its 6th year of bringing together the world’s leading companies for 2 days of dynamic speakers, thought-provoking breakout sessions, and opportunities to connect with like-minded professionals. This year the conference has gone virtual. You will leave the conference with new resources and best practices allowing you to continue the hard work of driving ethics to the center of your business. In today’s episode I visit with Michael Randrup, Senior Compliance Specialist at Ørsted. We visit about his presentation at Converge21 on The Devil in the Details: EU Directive Requirement You May Not Know.
The EU Directive’s intent is clear: Better protect whistleblowers and drive effective reporting. Yet the reality has the potential to be fundamentally counterproductive for multi-jurisdiction programs. A group of leading Danish companies are challenging the EU Commission Expert Group to remove the requirement for local hotline instances—and hitting a brick wall. Join this session to hear their journey and have your questions answered by those seeking a better outcome for all companies affected by the Directive.
For more information, go to Converge21.

Categories
Compliance Kitchen

SEC Issues


The SEC charges companies with illegal offering of digital assets and stocks; the Kitchen takes a closer look what is cooking in the securities area.

Categories
Life with GDPR

Jonathan’s Favorite Enforcement Action

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode we take up Jonathan’s (current) favorite GDPR enforcement action, involving the food deliver services Deliveroo and Foodinho, who ran afoul of the Italian data protection authority.

Some of the questions we consider include:

  1. What are the facts of the enforcement actions?
  2. What do these cases tell us about the use of AI and data privacy?
  3. What lessons can companies that use algorithmic management of staff learn?

Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Blog

WPP Enforcement Action: Part 4 – The Bribery Schemes

This week we are exploring the recent Securities and Exchange Commission (SEC) Cease and Desist Order (Order) entered into last week with WPP plc, the world’s largest advertising group, for paying bribes to Indian government officials and participating in other “illicit schemes” in China, Brazil and Peru. WPP agreed to pay $11 million+ in disgorgement and interest and penalty of $8 million for a total amount of just over $19 million. Today we consider the bribery schemes and the lessons they present for the compliance professional.
Due Diligence
Before we get to the bribery schemes, a word (yet again) about due diligence. Clearly WPP was deficient in performing the most rudimentary level of due diligence. This is true whether or not it was a potential business partner acquired through acquisition or a vendor hired to assist in WPP sales efforts. Due diligence is one of the most basic functions in any compliance program. Obviously one function of due diligence is to determine if you are going into business with bad actors who have engaged in bribery and corruption previously. But the next level of inquiry is perhaps even more important. Are you going into business with persons who want to and will do business ethically and in compliance with anti-corruption programs? This requires more than simply a Level 1 search of social media and the relevant bad guy lists. It requires understanding the person or entity you are going to do business with going forward. This means you have to sit down (or Zoom) and talk to people and get a sense of their values and their ethics. A simple computer search is not going to give you such insights.
Bribery Schemes 
India
As laid out in the Order, the Vendor A bribery scheme worked with the customer DIPR awarding WPP India a contract under which WPP India developed advertisements and then purchased space in newspapers to display the advertisement. The customer set the fee to media agencies for purchasing advertisement space. WPP-India CEO A negotiated rates with the newspapers that were significantly less than the fee and utilized the difference between the approved fee and the actual price paid to the newspapers to create a pot of money to pay bribes to the government officials. WPP-India hid this arrangement by agreeing to pay Vendor A to purchase the advertising space. The Vendor A paid the newspapers, took a cut and forwarded the difference on as bribe to government officials.
The next scheme involved Vendor B, which once again involved WPP-India bribing government officials through an intermediary. Here the customer paid WPP-India Subsidiary $1.5 million to create and run a media campaign to celebrate the formation of the Indian state of Telangana in June 2015. But there was never any such campaign. There were fake records created at the behest of the WPP-India CFO, by Vendor B falsify that the campaign occurred. Vendor B then paid $1+ million to another 3rd party who made the bribe payments. All the recalcitrant parties split the rest of the money.
China
Here WPP-China avoided paying $3,2 million in taxes to a tax authority by making corrupt payments to a vendor selected by corrupt tax officials. WPP-China paid approximately $107,000 to the corrupt vendor in the two months before a tax audit finalized. The vendor kept a cut of the bribe payment and distributed the bulk of the monies as bribes. But it did not end there as the WPP-China books and records were doctored to show the vendor performed services for a client. There was also $2,000 of gifts and entertainment to tax officials during the same time period. Finally, WPP uncovered an off-the-books account maintained by China Subsidiary reflecting the payments to the vendor recommended by the tax officials.
Brazil
WPP acquired a majority interest in a public relations agency in São Paulo, Brazil, with the acquired entity’s minority owner serving as CEO of WPP-Brazil going forward. WPP-Brazil made improper payments to vendors in connection to obtain government. As Mike Volkov has noted, “These payments were made in circumstances in which there was a high probability that a portion of the payments may have been passed to the government officials with the authority to award the contracts. To disguise the fact that Brazil Subsidiary’s payments to the vendors related to obtaining or retaining government contracts, Brazil Subsidiary falsified its books and records to reflect that the vendors performed bona fide services, such as marketing or IT services.”
Peru
This was perhaps the most sophisticated bribery scheme for its complexity. Once again, it began with WPP obtaining a majority interest in an entity headquartered in Lima, Peru, with the acquired entity’s founder staying on as CDO of WPP-Peru. The bribery scheme involved a construction company funding the mayor of Lima’s political campaigns in exchange for contract awards. WPP-Peru was a conduit for the construction company’s bribe to the mayor of Lima. However, WPP-Peru disguised the corrupt source of the funds by channeling the construction company’s payments through WPP subsidiaries in Colombia and Chile. WPP-Chile and WPP-Colombia then falsely recorded that they received money in return for services performed for the construction company, and WPP-Peru maintained no records that the construction company paid for a portion of the mayor of Lima’s political campaigns.
There are multiple lessons for every compliance professional of a multi-national organization about the selection, use and management of third parties in high-risk environments. You have to know the folks you are doing business with. Equally important is the quality of their character and commitment to doing business ethically. CEOs and/or CFOs who are willing to create advertising campaigns out of thin air did not wake up one morning with that idea. They were committed to getting business anyway possible. Moreover, all procedures must have appropriate oversight or a second set of eyes. Finally, when reports of misconduct come in, they must be thoroughly investigated.

Categories
Daily Compliance News

September 30, 2021 the Crime Does Pay (or it did) edition


In today’s edition of Daily Compliance News:

  • Digital bank fined in Germany. (WSJ)
  • Theranos defense goes on the attack. (WSJ)
  • More Ozy fallout. (NYT)
  • When crime does pay. (Bloomberg)
Categories
The Ethics Movement

Converge21-Lloydette Bai-Marrow “Handle With Care” – The Human Corporate Investigations Function


CONVERGE is in its 6th year of bringing together the world’s leading companies for 2 days of dynamic speakers, thought-provoking breakout sessions, and opportunities to connect with like-minded professionals. This year the conference has gone virtual. You will leave the conference with new resources and best practices allowing you to continue the hard work of driving ethics to the center of your business. In today’s episode I visit with Lloydette Bai-Marrow, Founding Partner at ParaMetric Global . We visit about her presentation at Converge21 on “Handle With Care” – The Human Corporate Investigations Function.
Poorly handled investigations have very real consequences for everyone involved. Cultural nuances in cross-border investigations coupled with the ongoing psychological and technological impact of the pandemic call for an empathetic overhaul of our approach. Join this panel of hands-on experts who will share a reporter-centred approach which humanises your processes for the best possible outcome–and surfaces inherent biases.
For more information, go to Converge21.

Categories
Compliance Kitchen

Treasury’s actions against cybercrime and ransomware


In this episode, The Kitchen takes a look at the Treasury’s actions against cybercrime and ransomware.

Categories
The Ethics Experts

Episode 084 – Mary Menard

In this episode of The Ethics Experts, Nick welcomes Mary Menard, vice president of regulatory compliance, privacy & security officer at CHS Therapy, to the show.

Categories
Great Women in Compliance

Yuet Ming Tham-Investigations in Asia


Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.
This week the Great Women in Compliance podcast shines a spotlight on the Asia Pacific region again with Mary and guest Yuet Ming Tham getting into the nitty gritty of conducting investigations in Asia.  They discuss common trends that Yuet has observed from her vantage point in international law firm private practice.  One of the greatest headaches for Compliance Officers in recent years is dealing with data that is housed within text messaging or chat apps.  Yuet gives her advice for companies to best control data flow and custody, as well as opines on whether there is still utility in conducting email reviews.
This episode wraps up Mary’s last for the summer season and Lisa will conduct the last interview of the season next week.  During their seasonal two-week break, Mary and Lisa will be preparing their next joint episode – a Halloween special on 27 October.  They invite listeners to participate in the episode by sending Compliance horror stories to gwicpod@gmail.com to be included in the Halloween episode.  The stories can be about things that have happened in your everyday Compliance duties life, work travel or applying for jobs.
Corporate Compliance Insights is a much appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).  Thank you to all those who have taken the time to rate the GWIC podcast and book, it’s much appreciated.
If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?
As always, we are so grateful for all of your support and if you have any feedback or suggestions for our 2021 line up or would just like to reach out and say hello, we always welcome hearing from our listeners.
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.