There was a paucity of Foreign Corrupt Practices Act (FCPA) enforcement actions in 2021. However, the few enforcement actions announced did provide significant lessons for every compliance professional.
Deutsche Bank
The year started off with a bang when, according to a Department of Justice (DOJ) Press Release, Deutsche Bank Aktiengesellschaft, “agreed to pay more than $130 million to resolve the government’s investigation into violations of the Foreign Corrupt Practices Act (FCPA) and a separate investigation into a commodities fraud scheme. “The resolution includes criminal penalties of $85,186,206, criminal disgorgement of $681,480, victim compensation payments of $1,223,738 and $43,329,622 to be paid to the US Securities & Exchange Commission in a coordinated resolution.” Settlement documents include a Deferred Prosecution Agreement (DPA) and Information from the Department of Justice (DOJ) and a Cease and Desist Order (Order) entered to with the Securities and Exchange Commission (SEC). This settlement comes on the heels of another FCPA settlement in August 2019, where the Bank paid $16.2 million to settle a ‘Princeling’ charge that it corruptly hired sons and daughters of foreign officials and of employees of state-owned enterprises.
One can only wonder at the culture at the Bank which basically boiled down to win at all costs: lie, cheat, steal, engage in bribery and corruption, manipulate the markets, we don’t care. Just Win Baby. The Bank was also comfortable in dealing with some very dodgy characters beyond even Donald Trump and his family. The Bank has now said it will no longer do business with Trump and his personal banker left the Bank at the end of 2020.
Does this mean the Bank will turn state’s evidence against Trump? It is hard to say at this point, but the Bank is committed in the DPA to “cooperate fully with the Offices in any and all matters relating to the conduct described in the Statement of Facts and other conduct under investigation by the Offices at any time during the Term, subject to applicable laws and regulations, until the later of the date upon which all investigations and prosecutions arising out of such conduct are concluded, or the end of the Term.” [emphasis supplied] While this is boilerplate language found in every DPA it certainly takes on greater significance now.
Amec Foster Wheeler
The next matter was the Amec Foster Wheeler FCPA enforcement action, which is currently owned by John Wood Group PLC (Wood), the successor-in-interest to Amec Foster Wheeler Plc. It involved a long-standing corruption investigation which involved multiple investigative and enforcement agencies in multiple jurisdictions regarding the use of the disgraced agent Unaoil to pay bribes to secure business. In a Press Release, the Company said that it had reached agreements with the UK Serious Fraud Office (SFO), the DOJ and SEC) in the US, and the Ministério Público Federal (MPF), the Comptroller General’s Office (CGU) and the Solicitor General (AGU) in Brazil, to resolve their respective bribery and corruption investigations into the past use of third parties in the legacy Foster Wheeler business. Under the terms of these various agreements, the Company will pay compensation, disgorgement and prejudgment interest, fines and penalties totaling $177m. The payment will “be phased over the next three years with approximately $62m payable in H2 2021, and the balance to be paid in instalments in 2022, 2023 and 2024.”
There were some key lessons learned from the matter. In the area of internal controls, hopefully in 2021, if a General Counsel is asked to draft an agreement, even an interim agreement which violates a company’s internal controls for the vetting and contracting with third-party agents, that GC would stop the process. But if not, there should trips wires which would alert those at the highest level of a corporation that a key control was been over-ridden or worked around. This of course means the Board of Directors should have visibility into the highest risks an organization faces and in the world of international commerce, a third-part sales agent is that level of risk.
This case also involved multiple failures in the area of Mergers and Acquisitions (M&A). There were at least two acquisitions involved here where the acquiring entity; first Amec acquired Foster Wheeler (forming Amec Foster Wheeler) and then the second, the John Wood Group PLC (acquiring Amec Foster Wheeler) failed to perform either sufficient pre-acquisition due diligence or even post-acquisition audit of the acquired company’s high-risk ventures. Once again, this involved Petrobras which was well-known for corruption issues by 2014. There was no mention of the failures of Amec and Wood in the M&A areas on this matter but clearly something went through unnoticed.
Since at least the 2012 FCPA Resource Guide, the DOJ and SEC have specified the steps for compliance in M&A. It is pre-acquisition due diligence which should form the basis of post-acquisition integration. After acquisition, there should be a full forensic FCPA audit and investigation, most notably in high-risk markets and with high-risk ventures. There must be full compliance training and integration of the acquired entity into the acquirer’s compliance regime.
WPP
Finally, was the SEC Cease and Desist Order entered into with WPP plc, the world’s largest advertising group, for paying bribes to Indian government officials and participating in other “illicit schemes” in China, Brazil and Peru. WPP agreed to pay $11 million+ in disgorgement and interest and penalty of $8 million for a total amount of just over $19 million. Some of the key lessons from compliance including the following.
Culture Matters – It seems about the most basic thing to say in the compliance realm, but the most important thing is your corporate culture. If your culture puts no value on doing business ethically and in compliance, your organization will surely have problems. Investigations – From the ignoring of internal whistleblower reports, to selecting poor investigative counsel, to allowing the persons involved in the corruption to help shape the original internal investigation, this matter is an excellent teaching tool for how NOT to perform an investigation. M&A – There was no preacquisition compliance due diligence into any of the entities acquired. This was bookended with no forensic compliance audit of the acquired entities after acquisition as well. Incentives – When do sales or remuneration incentives become perverse incentives? WPP crossed that threshold when they made the earnouts for the founders of the organizations they acquired, who were kept on to run subsidiaries such as WPP-India, contingent on hitting sales numbers they could not reach without engaging in bribery and corruption.
While there was a smaller number of FCPA enforcement actions in 2021 than in prior years, the cases that were resolved were significant. They provide many lessons for every Chief Compliance Officer (CCO) and compliance professional.
Tag: Deutsche Bank
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today we consider the Deutsche Bank Foreign Corrupt Practices Act resolution. We look at the compliance program; red flags missed, overlooked or avoided and internal control failures.
Some of the issues we consider are:
- The Bank’s compliance program was a paper program only.
- Where was compliance?
- What Red Flags were missed?
- Internal Audit did its job but was ignored.
- Actual Knowledge of corruption?
- What about the DFS?
Resources
Tom is running a 5-part blog post series on the FCPA Compliance and Ethics Blog:
Part 1–Introduction
Part 2– The Bribery Schemes
Part 3- Overlooked Red Flags and Internal Control Failures
Part 4-Recivist Penalty
Part 5-Final Thoughts
Matt’s blog post in Radical Compliance:
Deutsche Bank Control Failures Cost $130 million
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode Matt Kelly and Tom Fox take a look the recent enforcement action by New York banking regulators against Deutsche Bank, which resulted in a $150 million penalty for its business dealings with Jeffrey Epstein. The matter is full of corporate miss-steps, compliance failures, corporate governance disasters and presents a cautionary tale for every compliance professional.
Resources
See Matt’s blog post, Deutsche Bank’s Many Epstein Failures on Radical Compliance.