Tag: Corporate Enforcement Policy

Categories
Blog

Balt’s DOJ Declination: A Case Study in Why Speed, Cooperation, and Remediation Still Matter

The Justice Department’s first publicly announced resolution under its new Department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) offers corporate compliance officers a practical roadmap: disclose early, cooperate fully, remediate credibly, and be prepared to help prosecutors hold individuals accountable.

Some enforcement actions feel like one-off events. Then others operate like a flare shot into the compliance sky. The DOJ Declination involving French medical device company Balt SAS and its US subsidiary Balt USA (collectively ‘Balt) falls squarely into the second category.

Why? Because this was not simply another FCPA matter. It was the first publicly announced corporate resolution under the DOJ’s new CEP, and DOJ clearly meant it to send a message to the market. As the Wiley alert noted, the Balt matter demonstrates the benefits available to companies that voluntarily self-disclose, fully cooperate, and timely remediate, while also reinforcing DOJ’s emphasis on individual accountability. For compliance officers, that makes Balt important far beyond the four corners of the case itself.

What happened at Balt?

According to the Declination, Balt paid approximately $602,000 in bribes from around 2017 to 2023 to a physician who held a senior role at a state-owned public hospital in France to obtain or retain business. The payments were routed through a third-party consultant in Belgium, with fake invoices and purported bonus payments used to conceal the true nature of the transaction. The scheme generated roughly $1.68 million in revenue and approximately $1.214 million in profits for Balt. As Matt Kelly reported in Radical Compliance, the scheme involved all the old FCPA classics: sham consulting arrangements, fake invoices, and off-channel communications. That alone would have made the matter notable. But the more important point is what happened after Balt discovered the misconduct.

DOJ declined prosecution because Balt self-disclosed while its internal investigation was still ongoing; provided full and proactive cooperation; engaged in timely and appropriate remediation, including disciplinary measures and termination of tainted business relationships; and presented no aggravating circumstances sufficient to disqualify it from a Part I declination. DOJ also required Balt to disgorge approximately $1.2 million and noted that the company had entered into a parallel resolution in France that included compliance requirements. This is the template. And compliance officers should study it carefully.

The real lesson: self-disclosure means before you know everything

One of the most significant points in the Balt matter is timing. Balt disclosed the issue during an ongoing internal investigation, which strongly suggests the company came in before every fact had been nailed down.

That matters because many companies still hesitate, hoping to finish the investigation, validate every fact, and package the matter neatly before approaching the OJ. Balt is a reminder that DOJ wants speed and credibility, not perfection. The new policy framework still prizes timely self-disclosure as the clearest route to a declination. Wiley put it plainly: voluntary disclosure still provides the clearest path to that outcome, and delay can preclude eligibility for the most favorable result.

For the Chief Compliance Officer (CCO), this is where judgment, preparation, and governance structure come together. If your escalation protocols are weak, if privilege decisions are muddled, if your triage process is slow, or if your board and senior leadership do not understand the declination calculus, you can lose the timing advantage before the real work even begins. The Balt case is not simply a win for self-disclosure. It is a win for pre-existing readiness for investigation.

Cooperation means more than being polite

The second lesson is equally important. Under the CEP, cooperation is not a vague aspiration. It is an operational requirement. The Wiley analysis emphasized that full cooperation includes identifying all individuals involved in or responsible for the misconduct and providing facts and evidence concerning their conduct.

This is where compliance officers need to understand a hard truth. DOJ is not offering declinations because it has become sentimental, or even because this administration does not believe in the FCPA. It is offering incentives because it wants something in return. And one of the most important things it wants to do is help build cases against culpable individuals.

That is precisely what happened here. DOJ paired Balt’s declination with indictments of two individuals allegedly involved in the bribery scheme. Wiley correctly described the sequencing as no coincidence, but rather a reinforcement of the DOJ’s continuing focus on individual accountability. Kelly made the same point in even more direct terms: from DOJ’s perspective, if a company voluntarily self-discloses, coughs up illicit proceeds, and helps prosecutors hold wrongdoers accountable, the company can receive a declination.

For compliance professionals, this means internal investigations must be designed from the outset with evidentiary rigor. You need documentation discipline. You need clear interview protocols. You need a defensible record of who knew what, who approved what, and how the misconduct moved through the system. A half-hearted review that avoids hard questions about executives, consultants, or favored business relationships will not get you where Balt got.

Remediation is not a slide deck

The third lesson is on remediation. Too many organizations still treat remediation as presentation theater. They produce a deck, revise a policy, hold a training session, and call it transformation. The DOJ is looking for something more concrete. In the Balt Declination, remediation included disciplinary action against relevant individuals, termination of business relationships that gave rise to the misconduct, tailored compliance training for senior management, and improvements to the compliance program and internal controls. That list is worth lingering over. The DOJ did not only want a promise. It wanted decisions. It wanted changed relationships. It wanted management-specific training. It wanted better controls.

This is a point I have been making for 15 years. A compliance program is not judged by what sits in the binder; it is judged by what the company does when the pressure hits. Balt has shown DOJ that when misconduct surfaced, the company acted. That is the difference between a paper program and a living program.

For CCOs, the action item is straightforward. Build remediation plans that can be demonstrated, measured, and explained. Who was disciplined? Which third party was terminated? What internal control was changed? How was senior management retrained? What monitoring now exists that did not exist before? If you cannot answer those questions in concrete terms, you are not remediating. You are narrating.

The shadow issue: aggravating circumstances

There is another important dimension here. Balt qualified for a Part I declination, in part, because DOJ found no aggravating circumstances. But as Wiley noted, that assessment can be highly fact-dependent and may not be obvious in the early stages of an internal investigation. The line between Part I and Part II can, in practice, be subjective and outcome-determinative.

That is a crucial warning for compliance officers. Balt should not be read as a guarantee. It should be read as an incentive structure. Companies must still assess whether the misconduct is egregious or pervasive, whether senior management is implicated, whether the harm is severe, and whether the organization has a recidivist history. Those factors can dramatically change the result. So the compliance officer’s job is not to assume declination. The job is to gather facts rapidly, surface aggravating factors honestly, and help leadership make a disciplined disclosure decision.

The new DOJ Declination policy offers more clarity than many companies had before. But it does not eliminate judgment. It raises the premium on disciplined judgment.

Five Key Takeaways for Chief Compliance Officers

  1. Build a rapid disclosure protocol now. Balt’s outcome underscores that early self-disclosure, even during an ongoing investigation, can be decisive. Delay can cost you the best available resolution.
  2. Design investigations to identify individuals from day one. The DOJ expects cooperation to include facts about responsible individuals, not just corporate-level summaries.
  3. Make remediation provable. Discipline wrongdoers, terminate tainted relationships, retrain management, and strengthen controls in ways you can document and explain.
  4. Assess aggravating factors early and honestly. The Part I versus Part II distinction may turn on pervasiveness, seriousness, harm, and recidivism. Do not assume a declination path without a hard-eyed assessment of the facts.
  5. Train leadership that declinations are earned, not granted. Balt is a roadmap, not a safe harbor. The organizations that benefit will be the ones prepared to act with speed, rigor, and credibility.

What Balt means for the compliance profession

The Balt Declination is a policy statement in the form of a case. The DOJ is telling companies: we will reward timely self-disclosure, meaningful cooperation, and real remediation. But we will also pursue individuals. That combination is not new in spirit, but it is now being presented with renewed clarity under the new CEP. For corporate compliance officers, the message is not to wait for an issue and hope for good instincts in the moment. The message is to prepare now.

You need escalation protocols that move fast. You need investigation readiness. You need decision trees for voluntary disclosure. You need board education on what DOJ is rewarding and why. And you need remediation mechanisms that produce evidence, not adjectives.

Balt did not receive a Declination because the misconduct was trivial. It received a Declination because, once the misconduct came to light, the company appears to have done the things the DOJ has been asking companies to do for years. That is the real lesson.

In 2026, compliance officers should read the Balt matter not as an outlier, but as a stress test. If your company found a credible FCPA issue tomorrow, could you move quickly enough, investigate thoroughly enough, cooperate meaningfully enough, and remediate credibly enough to make a Balt-style pitch to DOJ?

That is the question. And the answer should shape your compliance program today.

Categories
Blog

Argentieri at ABA White Collar Conference: Corporate Enforcement, Part 1

There were recently two significant speeches by Department of Justice (DOJ) officials at the American Bar Association National Institute on White Collar Crime. The first was by Deputy Attorney General Lisa Monaco. The second was by Acting Assistant Attorney General Nicole Argentieri. They both had important remarks for the compliance professional. Over the next several blog posts, I will review both speeches and what they might indicate for compliance and Foreign Corrupt Practices Act enforcement going forward. Yesterday, I considered the Monaco speech. Today is the speech by Nicole Argentieri.

After reviewing some of the more significant individual prosecutions, Argentieri turned to corporate enforcement, noting, “Corporate accountability is the other side of our white-collar work because companies are the first line of defense against misconduct.” She emphasized the need for “a strong compliance program that is key to preventing corporate crime before it occurs and addressing misconduct when it does occur.” The DOJ’s Corporate Enforcement Policy also encourages “companies to invest in strong compliance functions and to step up and own up when misconduct occurs.” She cited one company that did not have a robust compliance program (or a culture of compliance), Binance, which explicitly communicated its “priorities, telling employees that, when it came to compliance, it was “better to ask for forgiveness than permission.”

In the Foreign Corrupt Practices Act enforcement arena, Argentieri pointed to four cases the DOJ prosecuted over the past 18 months. The companies all entered into corporate resolutions for FCPA violations. This group included Vitol, Glencore, Freepoint, and, most recently, Gunvor. Additionally, the DOJ prosecuted multiple individuals in connection with these cases. She even detailed the multiple bribery schemes involved: “Bribe payments funneled into the pockets of foreign officials through corrupt third-party agents using sham contracts and fake invoices.”

In each organization, there was a decided lack of a culture of compliance. Additionally,  employees exploited gaps in their companies’ internal controls and compliance programs. Personal cell phones and personal email accounts were used, which the organizations seemingly had no access to during the corruption and after the internal investigations. To make payments, internal controls were overridden or ignored to make off-the-books systems not subject to the organization’s standard checks and controls.

Because of the internal control and compliance failures that led to or contributed to the FCPA violations, each of these entities was required to make critical enhancements to their compliance programs to prevent future violations of the FCPA. Argentieri said, “Companies that take forward-leaning steps on compliance will be better-positioned to certify that they have met their compliance obligations at the end of the term of their agreements, as is now required in corporate resolutions with the Criminal Division.”

However, the DOJ’s work done after a settlement with a company is equally important. She clarified that the DOJ will monitor companies after resolution as they make, monitor, and attest to their compliance program and internal controls enhancements. She reported that “twenty-four companies have a market capitalization of more than $1 billion, and 22 are public companies. Over the past decade, hundreds of other companies across a wide range of industries have similarly been subject to compliance obligations in cases brought by the Criminal Division.” This ongoing oversight is not an independent monitorship but to ensure compliance with the resolution documents and to “have a real impact on corporate culture and compliance.”

The DOJ wants good corporate citizens and incentivizes companies to do so in various ways. Beyond enforcement actions are the Evaluation of Corporate Compliance Program (ECCP), the Corporate Enforcement Policy (CEP), the Voluntary Self-Disclosure Program (VSP), and the Compensation Incentives and Clawbacks Pilot Program. Argentieri reported that self-disclosures have increased over the past three years: “In 2023, we received nearly twice as many disclosures as in 2021. We expect this trend to continue as more companies take advantage of the benefits of voluntary self-disclosure and the CEP more generally.”

Argentieri believes that the DOJ has articulated policies that apply transparent criteria for both prosecutors to use and as “guideposts for companies and their counsel to consider when deciding what to do when faced with the prospect of a government investigation. It is a goal of the DOJ “to demonstrate the benefits that await those who voluntarily disclose misconduct.” She concluded this section by stating, “It’s one thing to issue and update policies. It’s another way to change corporate behavior. That is why we track the number of disclosures from companies. I’m proud to announce that early indications are that our policies are bearing fruit.”

Join us tomorrow as we examine how the ECCP, VSD, CEP, and Clawbacks Program have been reflected in recent enforcement actions.

Categories
Blog

Ten Top Lessons from Recent FCPA Settlements – Lesson No. 3, Extensive Remediation

Over the past 15 months, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have made clear, through three Foreign Corrupt Practices Act (FCPA) enforcement actions and speeches, their priorities in investigations, remediations, and best practices compliance programs. Every compliance professional should study these enforcement actions closely for the lessons learned and direct communications from the DOJ. They should guide not simply your actions should you find yourself in an investigation but also how you should think about priorities.

The three FCPA enforcement actions are ABB from December 2022, Albemarle from November 2023, and SAP from January 2024. Taken together, they point out a clear path for the company that finds itself in an investigation, using extensive remediation to avoid monitoring and provide insight for the compliance professional into what the DOJ expects in a best practices compliance program on an ongoing basis.

Over a series of blog posts, I will lay out what I believe are the Top Ten lessons from these enforcement actions for compliance professionals who find themselves in an enforcement action. Today, we continue with Number 3, Extensive Remediation. The DOJ expects extensive remediation, well documented with data analytics to support everything you have done. Each of the companies engaged in extensive remediation.

ABB

The plea agreement said that ABB “took a lot of corrective action,” such as hiring experienced compliance staff and, after figuring out what caused the behavior described in the Statement of Facts, putting a lot more money into testing and monitoring compliance across the whole company; putting in place targeted training programs and extra case-study sessions on-site; and continuing to test and monitor to see how things are going. This final point was expanded on in the SEC Order, which reported that all employees involved in the misconduct were terminated.

At this point, there are not many specific components of the ABB remediation available, but we do know that ABB was given credit for hiring “experienced compliance personnel,” starting with the hiring of Natalia Shehadeh, SVP and Chief Integrity Officer, and then allowing Shehadeh to hire a dream team of compliance professionals to work with her.

Albemarle

The NPA cited several remedial actions by the company that helped Albemarle obtain a superior result regarding the discounted fine and penalty. These steps were taken during the pendency of the DOJ investigation so that when the parties were ready to resolve the matter, Albemarle had built out an effective compliance program and had tested it. The NPA provided that Albemarle engage in the following remedial efforts:

  • Strengthening its anti-corruption compliance program by investing in compliance resources, expanding its compliance function with experienced and qualified personnel, and taking steps to embed compliance and ethical values at all levels of its business organization;
  • Transformed its business model and risk management process to reduce corruption risk in its operation and to embed compliance in the business, including implementing a go-to-market strategy that resulted in eliminating the use of sales agents throughout the Company, terminating hundreds of other third-party sales representatives, such as distributors and resellers, and shifting to a direct sales business model;
  • Provided extensive training to its sales team, restructuring compensation and incentives so that compensation is no longer tied to sales amounts;
  • Used data analytics to monitor and measure the compliance program’s effectiveness and
  • We are engaged in continuous testing, monitoring, and improving all aspects of its compliance program, beginning immediately after identifying misconduct.

SAP

SAP also did an excellent job in its remedial efforts, whether SAP realized that, as a recidivist in dire straits, it was after the publicity in South Africa around corruption or some other reason that the company made major steps to create an effective, operationalized compliance program that met the requirements of the Hallmarks of an Effective Compliance Program as laid out in the 2020 FCPA Resource Guide, 2nd edition.

The remedial actions by SAP can be grouped as follows:

  1. Root Cause, Risk Assessment, and Gap Analysis. After doing a gap analysis of internal controls and fixing any problems found, the company did a root cause analysis of the behavior in question and fixed the issues it found. It then did a full risk assessment, focusing on high-risk areas and controls around payment processes, and used the results to improve its compliance risk assessment process.
  2. Enhancement of Compliance. Here, the company significantly increased the budget, resources, and expertise devoted to compliance; restructured its Offices of Ethics and Compliance to ensure adequate stature, independence, autonomy, and access to executive leadership; enhanced its code of conduct and policies and procedures regarding gifts, hospitality, and the use of third parties; enhanced its reporting, investigations and consequence management processes;
  3. Change in sales models. On the external sales side, SAP eliminated its third-party sales commission model globally, prohibited all sales commissions for public sector contracts in high-risk markets, and enhanced compliance monitoring and audit programs, including creating a well-resourced team devoted to audits of third-party partners and suppliers. On the internal side, SAP adjusted internal compensation incentives to align with compliance objectives and reduce corruption risk.
  4. Data Analytics. Here, SAP expanded its data analytics capabilities to cover over 150 countries, including all high-risk countries globally, and comprehensively used data analytics in its risk assessments.

Each of these entities worked quite diligently to rebuild their compliance programs from the ground up. Whatever the faults of their prior compliance programs, each company was quite diligent in revamping their compliance regimes. While each company builds out a program based on its own risk, there is quite a bit of guidance you can draw from if your company finds itself in this position.

Categories
Blog

The SAP FCPA Enforcement Action-Part 4: The Fines: Self-Disclose, Self-Disclose, Self-Disclose

We continue our exploration of the SAP Foreign Corrupt Practices Act (FCPA) enforcement action. Today we go full geek in a look at the fine and penalty and most importantly what the fine and penalty communicate about what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) want from companies embroiled in a FCPA investigation. First the numbers.

DOJ

According to the Deferred Prosecution Agreement, the criminal fine and penalty is in the amount of $63,590,859, equal to approximately 54% of the Criminal Penalty ($63,700,000), reduced by $109,141 under the Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks. Additionally, the DOJ agreed to a “credit toward the Criminal Penalty the amount paid by the Company to authorities in South Africa for violations of South African law related to the same conduct described in the Statement of Facts, up to a maximum of $55,100,000 (the “Penalty Credit Amount”).”

SEC

According to the SEC Order, “SAP acknowledges that the Commission is not imposing a civil penalty based upon the imposition of an $ 118.8 million criminal fine as part of SAP’s resolution with the United States Department of Justice.” However, SAP did agree to disgorgement in the following amount, $85,046,035 and prejudgment interest of $13,405,149, for a total payment of $98,451,184. SAP received a disgorgement offset of up to $59,455,779 based on the U.S. dollar value for any payments made or to be made to the Government of South Africa or a South African state-owned entity in any parallel proceeding against Respondent in South Africa.

The SEC Order also reported these additional fines and penalties.

  • On March 15, 2022, SAP entered into a civil settlement with the South African Special Investigating Unit and others relating to the DWS conduct described above and paid ZAR 11 344.78 million ($21.4 million), which represented reimbursement of the entire amount SAP received from DWS under the 2015 and 2016 deals with DWS.
  • On October 18, 2023, SAP entered into a settlement agreement with the South African Special Investigative Unit and others relating to the Transnet conduct described above, pursuant to which it paid ZAR 214.39 million (approximately $11.42 million based on the exchange rate on the date of payment).
  • On November 1, 2023, SAP entered into a civil settlement with the South African Special Investigating Unit and others relating to the Eskom conduct described above, pursuant to which it paid ZAR 500 million (approximately $26.63 million based on the exchange rate on the date of payment).

The bottom line, as reported by the FCPA Blog is SAP agreed to pay a $118.8 million criminal penalty to the DOJ and an administrative forfeiture of $103.4 million to the SEC. SAP has also paid approximately $59.4 million to various South African authorities, for which they received a penalty credit of $55 million from the DOJ.

Fine Calculation

Let’s start with the DOJ. The basis comes from the US Sentencing Guidelines.  From the DPA we note the following:

  1. The November 1, 2023 U.S.S.G. are applicable to this matter.
  2. Offense Level. Based upon U.S.S.G. § 2Cl.1, the total offense level is 42, calculated as follows:
  • 2Cl.l(a)(2) Base Offense Level 12
  • 2Cl.l(b)(l) More than One Bribe +2
  • § 2Cl.l(b)(2), 2Bl.l(b)(l)(M) +24

Benefit (More than $ 65,000,000)

  • 2C 1.1 (b )(3) Involvement of High-Level Public Official +4

TOTAL                                                                                      42

  1. Base Fine Based upon U.S.S.G. § 8C2.4(d), the base fine is

$ I50,000,000.

  1. Culpability Score. Based upon U.S.S.G. § 8C2.5, the culpability score is

6, calculated as follows:

  • 8C2.5(a) Base Culpability Score 5
  • 8C2.5(b )(3)(B)(i) Unit had 200 or more employees + 3

and High-Level Personnel

  • 8C2.5(g)(2) Cooperation, Acceptance -2

TOTAL                                                                                      6

Calculation of Fine Range:

Base Fine                                                                     $ I50,000,000

Multipliers                                                       1.2 (min) / 2.4 (max)

Fine Range                                     $180,000,000 to $360,000,000

The key area to noted is the highlighted line entitled “§ 8C2.5(g)(2) Cooperation, Acceptance”.

The reason this line is so critical is that it is the one area under the US Sentencing Guidelines that a company can receive a discount or at least credit for actions it has taken to reduce the multiplier and thereby reduce the overall fine range. In the Sentencing Guidelines it states,

(g)       Self-Reporting, Cooperation, and Acceptance of Responsibility 

 If more than one applies, use the greatest:

  8C2.5(g)(1) (1)       If the organization (A) prior to an imminent threat of disclosure or government investigation; and (B) within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 5 points; or

 8C2.5(g)(2) (2)       If the organization fully cooperated in the investigation and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 2 points; or

 8C2.5(g)(3) (3)       If the organization clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 1 point.

All this means a company if company self-discloses to the DOJ, it can receive a 5-point discount off the overall multiplier. SAP did not self-disclose so it lost this discount. If SAP had self-disclosed the multiplier range would have been something like 0.7 to 1.4, making the fine range $126 million to $252 million. From there the discount under the Sentencing Guidelines led the following “The Fraud Section and the Office and the Company agree, based on the application of the Sentencing Guidelines, that the appropriate criminal penalty is $118,800,000 (the “Criminal Penalty”). This reflects a 40% discount off the 10th percentile of the Sentencing Guidelines fine range.” By my estimation, this failure to self-disclose cost SAP an additional $20,000,000 under the Sentencing Guidelines alone.

But the analysis does not end there as the overall fine and penalty is also governed by the Corporate Enforcement Policy, under which a company can garner a full declination if the following criteria are met (1) self-disclosure, (2) extensive cooperation, (3) extensive remediation, and (4) profit disgorgement. Obviously, SAP failed to meet this burden as it did not self-disclose so a full Declination was never in the cards. But the company could and did receive credit under the Corporate Enforcement Policy with a monetary penalty in the amount of $63,590,859, equal to approximately 54% of the Criminal Penalty. There was a further reduction of the overall criminal fine, reduced by $109,141 under the DOJ’s Pilot Program Regarding Compensation Incentives and Clawbacks.

Moreover, under the Corporate Enforcement Policy, SAP’s failure to self-disclose cost it an opportunity of at least 50% and up to a 75% reduction off the low end of the U.S. Sentencing Guidelines fine range. Its actions as a criminal recidivist, resulted in it not receiving a reduction of at least 50% and up to 75% will generally not be from the low end of the U.S.S.G. fine range but rather at the 40% amount noted above. SAP’s failure to self-disclose cost it an estimated $20 million under the Sentencing Guidelines. It’s failure to self-disclose and recidivism cost it a potential $94.5 million in discounts under the Corporate Enforcement Policy.

While all these numbers might be enough to make your head swim (as it did mine); the significance and why I went through it in this detail is that the DOJ is clearly sending the message that self-disclosure is the single most important thing a company can do in any FCPA investigation or enforcement action. Kenneth Polite said that when announcing the updated Corporate Enforcement Policy in January 2023; it was enshrined the new Monitor Selection Policy as the number one reason for a company not having a monitor required. I heard Fraud Section head Glenn Leon say it as well at Compliance Week 2023 in a Fireside Chat with Billy Jacobsen.

The DOJ’s message could not be any clearer. Self-disclose; Self-disclose; Self-disclose.

 Resources

SEC Order

DOJ DPA

Join us tomorrow where we conclude with lessons learned for the compliance professional.

Categories
Blog

Albemarle FCPA Enforcement Action: Part 3 – The Comeback

Last week, Albemarle Corporation (Albemarle) agreed to pay more than $218 million to resolve investigations by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) into violations of the Foreign Corrupt Practices Act (FCPA) stemming from Albemarle’s participation in corrupt schemes to pay bribes to government officials in multiple foreign countries.

According to a Non-Prosecution Agreement (NPA) with the DOJ, between 2009 and 2017, Albemarle, through its third-party sales agents and subsidiary employees, conspired to pay bribes to government officials to obtain and retain chemical catalyst business with state-owned oil refineries in Vietnam, Indonesia, and India. According to the SEC Administrative Order (Order), the bribery schemes extended into China and the UAE. Today, we consider the company’s conduct, which allowed it to receive such an outstanding reduction, leading to the significantly lower final penalty under the new Corporate Enforcement Policy.

Untimely Self-Disclosure

One of the interesting factors in this matter is that Albemarle voluntarily disclosed to the DOJ the illegal conduct at issue. However, NPA noted that “the disclosure was not “reasonably prompt” as defined in the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy and the U.S. Sentencing Guidelines.” As further laid out in the NPA, Albemarle learned of allegations regarding possible misconduct in Vietnam approximately 16 months before disclosing it to the DOJ. After that, “an internal investigation, the Company gathered evidence demonstrating the potential misconduct at least approximately nine months prior to the disclosure. The Company took remedial action and continued to investigate other potential issues. In January 2018, the Company disclosed to the Fraud Section misconduct relating to four separate geographies, including Vietnam.”

This meant the self-disclosure “was not within a reasonably prompt time after becoming aware of the misconduct in Vietnam,” and it means that Albemarle did not meet the standard for voluntary self-disclosure under the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy. Nevertheless, the DOJ “gave significant weight, in evaluating the appropriate disposition of this matter—including the appropriate form of the resolution and the reduction for cooperation and remediation—to the Company’s voluntary, even if untimely, disclosure of the misconduct.” The NPA stated that the company received credit for its “voluntarily disclosing the conduct that forms the basis for this Agreement before it came to the attention of the Offices.” 

Significant Cooperation 

The company was credited with significant cooperation with the DOJ during the pendency of its investigation, and the Company received credit for its cooperation with the DOJ investigation. It cooperated with their investigation and demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct. The NPA went on to note that “the Company also received credit for its substantial cooperation and extensive and timely remediation. The company

  1. Promptly providing information obtained through its internal investigation, which allowed the government to preserve and obtain evidence as part of its extensive independent investigation;
  2. made regular and detailed presentations to the Offices;
  3. proactively identifying information previously unknown to the Offices;
  4. met DOJ requests promptly;
  5. voluntarily making foreign-based employees available for interviews in the United States;
  6. collected and produced voluminous relevant documents and translations to the Offices, including documents located outside the United States and
  7. It produced documents to the DOJ from foreign countries in ways that did not implicate foreign data privacy laws.

Extensive Remediation

Albemarle also received credit “because it engaged in extensive and timely remedial measures.” These remedial measures include:

  • The Company started its remediation program based on its internal investigation of the misconduct prior to the DOJ investigation (
  • Albemarle disciplined employees involved in the misconduct, including terminating eleven employees and withholding bonuses from sixteen employees;
  • Albemarle is strengthening its anti-corruption compliance program by investing in compliance resources, expanding its compliance function with experienced and qualified personnel, and taking steps to embed compliance and ethical values at all levels of its business organization;
  • The Company “transformed its business model and risk management process to reduce corruption risk in its operation and to embed compliance in the business, including implementing a go-to-market strategy that resulted in eliminating the use of sales agents throughout the Company, terminating hundreds of other third-party sales representatives, such as distributors and resellers, and shifting to a direct sales business model;
  • The company provides extensive training to its sales team and restructuring compensation and incentives so that compensation is no longer tied to sales amounts;
  • The company used data analytics to monitor and measure its compliance program’s effectiveness and
  • Albemarle engages in continuous testing, monitoring, and improvement of all aspects of its compliance program, beginning almost immediately following the identification of misconduct.

Holdbacks (not Clawbacks)

While the DOJ has made much noise about clawbacks from recalcitrant executives, Albemarle engaged in holdbacks, where they did not pay bonuses to certain employees involved in the conduct or those who had oversight. The NPA stated, “The Company withheld bonuses totaling $763,453 during the course of its internal investigation from employees who engaged in suspected wrongdoing.” The illegal conduct involved those who “(a) had supervisory authority over the employee(s) or business area engaged in the misconduct; and (b) knew of, or were willfully blind to, the misconduct.” The significance of this effort was important as it qualified Albemarle for an additional fine reduction of a dollar-for-dollar credit of the amount of the withheld bonuses under the Criminal Division’s March 2023 Compensation Incentives and Clawbacks Pilot Program.

Culture, Culture, Culture

Albemarle received additional credit or at least did not sustain any enhancement from the DOJ culture analysis. The NPA stated, “The Company has some limited history of prior civil and regulatory actions, including environmental and workplace safety matters, but no prior criminal history.” From this language and other enforcement actions taken since the October 2021 announcement of culture as an item the DOJ would assess, it now appears that civil and regulatory matters, particularly those in the ethics and compliance arena, would not be held against companies.

The Result

All of the above factors led to a significant discount for Albemarle under the Corporate Enforcement Policy. The NPA stated, “Accordingly, after considering (a) through (k) in paragraph 2 above, the Offices have determined that the appropriate resolution of this case is a non-prosecution agreement with the Company; payment by the Company in the amount of a $98,236,547 criminal monetary penalty, which reflects a discount of 45 percent off the bottom of the otherwise-applicable U.S. Sentencing Guidelines fine range and an additional discount of $763,453 under the Pilot Program, and $98,511,669 in forfeiture, which, as described below in paragraph 10, will be credited, in large part, against disgorgement of ill-gotten profits that the Company pays to the SEC in a concurrent resolution.” [emphasis supplied]

In other words, the actions of Albemarle saved it around $90 million in additional fines under the Policy, and this needs to take into account the discounts under the U.S. Sentencing Guidelines as their calculation was not reported in the NPA.

Join us tomorrow to review some of the key lessons learned.

Categories
All Things Investigations

All Things Investigations: Episode 22 – Mike Huneke and Laura Perkins on Changes to Corporate Enforcement Policy

Welcome to the Hughes Hubbard Anticorruption and Internal investigation Practice Group’s podcast, where host Tom Fox and Hughes Hubbard Anticorruption and Internal Investigation Practices Group members delve into the legal issues surrounding white-collar and other investigations, both domestically and internationally.  Laura Perkins and Mike Huneke join Tom on this episode to discuss the changes to the Department of Justice’s Corporate Enforcement Policy.

Laura Perkins is the Co-Chair of the Anti-Corruption & Internal Investigations practice group and Co-Managing Partner of the Washington, DC, office at Hughes Hubbard & Reed. Prior to joining the firm, Laura worked for nearly ten years at the Criminal Division of the U.S. Department of Justice, where she served as Assistant Chief of the FCPA Unit and oversaw some of the largest individual and corporate FCPA cases in the U.S. Laura now advises corporations, boards of directors, and senior executives on high-stakes government and internal investigations, crisis management, white-collar criminal defense, and cross-border compliance counseling. She has particular expertise in FCPA/anti-corruption, healthcare fraud, financial fraud, and money laundering cases.

 

Mike Huneke is a Hughes Hubbard & Reed partner specializing in Anti-Corruption & Internal Investigations. His work involves advising clients on navigating complex international anti-corruption investigations, implementing compliance risk assessments and program enhancements, and conducting due diligence on third parties. He has received several awards, including Lexology’s Client Choice Award for Investigations-USA in 2022 and recognition from Global Investigations Review for his work representing Airbus in resolving bribery and corruption allegations.

 

Key ideas you’ll hear in this episode:

  • The Department of Justice’s corporate enforcement policy has been expanded to a broader range of white-collar crimes. Prosecutors can use it to evaluate possible criminal violations against a company when investigating potential criminal violations. It’s also an unofficial guide for companies to position themselves to avoid prosecution or mitigate consequences.
  • The new policy offers a 75% discount for self-reporting, a significant change, and an additional incentive for companies to self-report.
  • The discounts offered can stack up quickly, and the range of penalties for non-compliance can be large so the discount can make a marked difference in the amount of criminal penalty under the sentencing guidelines.
  • There may still be apprehension about self-reporting, as there is uncertainty about the actual penalties and the reputational harm that can result from a public criminal resolution.
  • The definition of extraordinary cooperation is subjective and largely depends on the speed and fulsomeness of the material going from the company to the department.
  • Proactive cooperation, being efficient in conducting an internal investigation, and being the one to come to the department with a good rhythm and cadence are all ways to stay on the good side of extraordinary cooperation.
  • The decision to self-disclose still depends on whether the company thinks the issue will come out or not and the pros and cons of self-disclosure need to be weighed in a case-specific analysis.
  • The more guidance that comes out in speeches, policy memos, or resolutions and declinations, the better companies will be able to evaluate the value of self-disclosure.

 

KEY QUOTES:

“One of the major [changes to the Corporate Enforcement Policy is] increasing the maximum potential fine reduction a company can get for self-reporting. It’s a further effort by the Department to incentivize self-reporting.” – Laura Perkins

 

“I think [the updated Corporate Enforcement Policy] does provide a clear incentive for companies to continually maintain a good compliance program and controls that can detect these violations.” – Laura Perkins

 

“I think the more that the government can show examples of the application of this increased benefit for exceptionally cooperating recidivists and ABB is a great example of that.” – Mike Huneke

 

“[The Corporate Enforcement Policy is] also the unofficial guide for companies and how they can position themselves best in the event of a problem to avoid prosecution either or to mitigate the consequences.” – Mike Huneke

 

Resources:

Hughes Hubbard & Reed website

Laura Perkins on LinkedIn

Mike Huneke on LinkedIn

Categories
Compliance Kitchen

Compliance Kitchen – The Changes in the DOJ Corporate Enforcement Policy

The Compliance Kitchen returns with a wrap-up of the week’s top trade and economic sanction issues. In today’s episode, Silvia Surman visits the DOJ revised its Corporate Enforcement Policy and the Kitchen looks at the highlights.

Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 4

Over the past year, the role of the Chief Compliance Officer (CCO) has shifted in some very dramatic ways. The shifts have been from disparate groups and for a variety of reasons. Yet when put together, one can see a clear and bright line expanding and elevating the role of the CCO in the corporate world. From the announcement of the requirement for CCO Certification last year up to the announcement of the Delaware Court of Chancery’s decision in the case of In re McDonald’s Corporation Stockholder Derivative Litigation, it is now clear that the CCO has as wide a remit and responsibility as any corporate officer, other than the Chief Executive Officer (CEO) of a company.

I think the following announcements, changes in DOJ and SEC focus on Foreign Corrupt Practices Act (FCPA) enforcement and now a court case out of Delaware will change the role of the CCO forever.

CCO Certification

This shift began with the speech by Kenneth Polite, Assistant Attorney General for the Criminal Division speech on May 17, 2022, at Compliance Week 2022; announcing the new requirement for CCO Certification of compliance programs for companies going through a Deferred Prosecution Agreement (DPA). This CCO Certification required the Glencore CCO to certify Glencore compliance program “is reasonably designed to detect and prevent violations of the FCPA and other anti-corruption laws” at the conclusion of the DPA.  Who is the only other person required to make a similar certification at the conclusion of a DPA? The CEO of the company.

This means the CCO (and CEO) are certifying the entire compliance program meets the standards of not simply best practices but also all the enhanced requirements set out in Attachment C of any DPA. While many have focused on the question of whether this would bring criminal liability to a long-gone (or even current) CCO; this question now seems to miss the mark. Recall what Polite said when announcing the new requirement “It is the type of resource that compliance officials, including myself, have wanted for some time, because it makes it clear that you should and must have appropriate stature in corporate decision-making. It is intended to empower our compliance professionals to have the data, access, and voice within the organization to ensure you, and us, that your company has an ethical and compliance focused environment.”

Monaco Memo and Changes in the Corporate Enforcement Policy

The 2022 Monaco Memo and 2023 announced changes in the DOJ’s Corporate Enforcement Policy (CEP) are bookends of a series of changes which began as far back as October 2021 when Deputy Attorney General Lisa Monaco first announced the revisions which would eventually be incorporated into the Monaco Memo and CEP. In many ways the Monaco Memo laid out the sticks while the CEP provided the carrots for current FCPA and other white-collar enforcements.

The Monaco Memo directed prosecutors to evaluate a corporation’s compliance program as a factor in determining the appropriate terms for a corporate resolution; as prosecutors should now assess the adequacy and effectiveness of the corporation’s compliance program at two points in time: (1) the time of the offense; and (2) the time of a charging decision.  Kenneth Polite further defined the effectiveness of a compliance program at the time of the offense as “At the time of the misconduct and the disclosure, the company had an effective compliance program and system of internal accounting controls that allowed the identification of the misconduct and led to the company’s self-disclosure.” This is the first time the DOJ has said that it is the detection of wrongdoing which defines the effectiveness of a compliance program. This means a company’s investment in a compliance program, CCO and corporate compliance team are all elevated in importance. This prong does not simply get you a discount, but it can put you on the road to the default position of the DOJ for a FCPA violation, a declination.

Moreover, when you couple the ABB FCPA resolution to the Monaco Memo, you see the carrots which appeared in the new CEP. ABB was the first, three-time FCPA recidivist yet was able to get an excellent resolution with the government and a fine of only $315 million despite clear aggravating factors including corruption up to and in the corporate office. From the ABB resolution, you begin to see how the role of the CCO increases dramatically.

Duty of Oversight

These trends were brought together in the Delaware Court of Chancery’s decision in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst in the case In re McDonald’s Corporation Stockholder Derivative Litigation, where for the first time, a Delaware court formally recognized the oversight duties of officers of Delaware corporations.

As I have previously noted, one of the most interesting parts of the court’s opinion is that it draws from the US Sentencing Guidelines and their creation of the Chief Compliance Officer position as both reasons for the decision and as a guide to how the CCO position will be impacted by this ruling. The judge pointed to the US Sentencing Guidelines as a key basis for the creation of the original Caremark Doctrine. The court stated that a prime reason for “recognizing the board’s duty of oversight was the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines.” However, the Guidelines did not stop at the board level. The US Sentencing Guidelines mandated the creation of the CCO position.

The court noted that the CCO has a broad scope within an organization. The court stated “Although the CEO and Chief Compliance Officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority.” The responsibilities of the CCO are wide and sometimes varied. Here the court stated, ““[s]pecific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program.” But the Delaware court also provided CCOs with some additional ammunition in their quest for true influence in a corporation by stating that “to carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”

What Does It Mean?

This is the part where it gets interesting. Under the CCO Certification and the Delaware court’s ruling, it is the CCO who is 1B to the CEO’s 1A. The first step every company must make it to put the CCO in position to report up directly to the Board of Directors. It also means that the days of a CCO reporting to a Chief Legal Officer (CLO) or General Counsel (GC) are certainly numbered. The Delaware Court drove this point home by specifically naming  a CLO/GC as a person “responsible for legal oversight and for making a good faith effort to establish reasonable information systems to cover that area.” In other words, not responsible for the company wide remit such as the CCO.

The next area would come from the Hallmarks of an Effective Compliance Program as laid out in the FCPA Resource Guide, 2nd edition. In that document it states “In appraising a compliance program, DOJ and SEC also consider whether a company has assigned responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization. Those individuals must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively.” That means financial resources and head count.

I would add, a level of professionalism and expertise in compliance means more than simply ‘being a lawyer’. Under Chapter 9, Section 47 of the US Attorney’s Manual, the DOJ is mandated to evaluate “The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk.”  Finally, the DOJ will also evaluate other factors such as CCO compensataion as commiserate with the position of being second in importance to the CEO.

The Delaware Court decision creating the Duty of Oversight was not designed to increase the scope, reach and importance of a CCO but the more I look at the case I believe that will be its most lasting legacy. When you look back over the past 12 months, you see that the CCO has more stature and responsibility than it has ever had before.

With a converse nod to Uncle Ben from Spiderman, with great responsibility must come great power.

Categories
From the Editor's Desk

January and February 2023 in Compliance Week

Welcome to From the Editor’s Desk, a podcast where co-hosts Tom Fox and Kyle Brasseur, EIC at Compliance Week, unpack some of the top stories which have appeared in Compliance Week over the past month, look at top compliance stories upcoming for the next month, talk some sports and generally try to solve the world’s problems.

In this month’s episode, we look back at top stories in CW from January around the changes to the DOJ Corporate Enforcement Policy, the Ireland DPC fine against Meta, and the always-interesting Inside the Mind of the CCO series. We previewed some of the stories CW will look at in February, including several articles about data privacy in the US and Europe.

We conclude with a look at some top sports stories, including the NFL playoffs and the Carlos Correa contract situation.

Resources

Kyle Brasseur on LinkedIn

Compliance Week

Categories
Compliance Into the Weeds

Update to the Corporate Enforcement Policy

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more. In this episode, Matt and I deep dive into the recent Kenneth Polite speech announcing changes to the Corporate Enforcement Policy.

Some of the highlights include:

·      What are the policy reasons for the change?

·      Real credit is now being given for effective compliance programs.

·      What about self-disclosure?

·      What is the new definition of an effective compliance program?

·      Is the DOJ trying to avoid 5th Amendment concerns? Will it work?

·      New percentage discounts and what they mean?

·      Why does Matt have more questions?

 Resources

Tom cited in CCI

Matt Kelly in Radical Compliance