Tag: DOJ

Categories
Blog

Incentives in Compliance: Part 1 – Financial Incentives

One of the areas that many companies have not paid as much attention to in their compliance programs is compensation and incentives. However, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have long made clear that they view monetary structure for compensation, rewarding those employees who do business in compliance with their employer’s compliance program, as one of the ways to reinforce the compliance program and the message of compliance.

This was made clear once again in the Monaco Memo which stated, “Corporations can help to deter criminal activity if they reward compliant behavior and penalize individuals who engage in misconduct. Compensation systems that clearly and effectively impose financial penalties for misconduct can incentivize compliant conduct, deter risky behavior, and instill a corporate culture in which employees follow the law and avoid legal “gray areas.””

Moreover, the Monaco Memo tied compensation to a company’s culture of compliance. It stated, “Similarly, corporations can promote an ethical corporate culture by rewarding those executives and employees who promote compliance within the organization. Prosecutors should therefore also consider whether a corporation’s compensation systems provide affirmative incentives for compliance-promoting behavior. Affirmative incentives include, for example, the use of compliance metrics and benchmarks in compensation calculations and the use of performance reviews that measure and reward compliance-promoting behavior, both as to the employee and any subordinates whom they supervise. When effectively implemented, such provisions incentivize executives and employees to engage in and promote compliant behavior and emphasize the corporation’s commitment to its compliance programs and its culture.”

Yet compensation incentives have long been seen as a key element of any best practices compliance program. As far back as 2004, then SEC Director of Enforcement Stephen M. Cutler noted that integrity, ethics and compliance needed to be part of promotion, compensation and evaluation processes: “At the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it.”

The 2020 FCPA Guidance, 2nd edition, stated the “DOJ and SEC recognize that positive incentives can also drive compliant behavior. These incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” The Monaco Memo takes it a step further by asking more broadly has your company, “incentivized employee behavior as part of its efforts to create a culture of ethics and compliance within its organization.”

The 2020 Update, in the section entitled “Incentives and Disciplinary Measures”, provided some key questions for a company to ask about its incentive system:

Incentive System—Has the company considered the implications of its incentives and rewards on compliance? How does the company incentivize compliance and ethical behavior? Have there been specific examples of actions taken (e.g., promotions or awards denied) as a result of compliance and ethics considerations? Who determines the compensation, including bonuses, as well as discipline and promotion of compliance personnel?

The first question posed in the 2020 Update requires you to start with the basic question of what does your employee compensation consist of? Is it a straight salary? Is it variable? If so, what does the variable component consist of? Is it a discretionary bonus based upon the overall success of the entire business enterprise or some small subset, such as a business unit or geographic region? Is it solely personal? Or is it some combination of all of the above?

Under the second question, you need to demonstrate that you have thought through this issue. The DOJ does not mandate one solution or formula, only that it be well considered. And, of course, the approach you come up with must be documented. A good starting place is Marc Roberge’s 2015 Harvard Business Review (HBR) article, entitled “The Right Way to Use Compensation, that discusses the design and redesign of an employee’s compensation system to help drive certain behaviors. The article’s subtitle, “To shift strategy, change how you pay your team”, echoed Cutler’s message from 2004. The article lays out a framework for a Chief Compliance Officer (CCO) or compliance practitioner to operationalize compensation as a mechanism in a best practices compliance program.

As your compliance program matures and your strategy shifts, “it’s critical that the employees who bring in the revenue—the sales force—understand and behave in ways that support the new strategy. The sales compensation system can help ventures achieve that compliance.” The prescription for you as the compliance practitioner is to revise the incentive system to focus employees on the goals of your compliance program. This may mean that you need to change the incentives as the compliance programs matures; from installing the building blocks of compliance to integrating anti-corruption compliance within the DNA of your company.

There are three key questions you should ask yourself in modifying your compensation structure. First, is the change simple? Second, is the changed aligned with your company values? Third, is the effect on behavior immediate due to the change?

Simplicity. Keep the compensation plan simple when designing your program. The simplest way to incentivize employees is to create metrics that they readily understand and are achievable in the context of the compliance program.

Alignment. You need to state the most important compliance goal your entity needs to achieve. From there you should determine how your compensation program can be aligned with that goal. The beauty of this alignment is that it works with your sales force throughout the entire sales cycle, whether employee-based or through third parties such as agents, representatives, channel ops partners or distributors.

Immediacy. It is important that such structures be put in place “immediately” but in a way that incentivizes employees. As a part of immediacy, there must be sufficient communication with your employees. In the world of employee compensation incentives, there should be transparency as to the expectations.

Under the third question from the 2020 Update, you need to have documented examples where additional compensation or promotions were made to employees who did business ethically and in alignment with the corporate compliance program. The fourth question goes in a different direction by asking who in the organization is evaluating and then setting the compensation of the CCO and compliance personnel?

Obviously, the power of a compensation plan is to motivate employees to not only sell more but to act in ways that support your company’s business model and overall culture and values. For the compliance practitioner, one of the biggest reasons is to first change a company’s culture to make compliance more important, and then integrate it into the DNA of your organization. But you must be able to evolve in your thinking and professionalism to recognize the opportunities to change and then adapt your incentive program to make the doing of compliance part of your company’s everyday business process. The Monaco Memo makes it clear that the bottom line is the “use of financial incentives to align the interests of the C-suite with the interests of the compliance department can greatly amplify a corporation’s overall level of compliance.”

Categories
Daily Compliance News

January 9, 2023 – The Don’t Pee in a Plane Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Some of the stories include:

  • DOJ sets up a website for those defrauded by FTX. (Reuters)
  • Vietnam removes two Deputy PMs for corruption. (Aljazeera)
  • Indian bank exec urinates on a fellow plane passenger. (NYT)
  • Will remoted work continue in 2023? (Bloomberg)
Categories
31 Days to More Effective Compliance Programs

Day 8 – Internal Controls and Compliance

What are internal controls? The best definition I have come across is from Jonathan Marks, who defined internal controls as:
Internal control is an action or process of interlocking activities designed to support the policies and procedures detailing the specific preventative, detective, corrective, directive, and corroborative actions required to achieve the desired process outcomes or objectives(s). This, along with continuous auditing, continuous monitoring, and training, reasonably assures: 

  • The achievement of the process objectives linked to the organization’s objectives;
  • Operational effectiveness and efficiency;
  • Reliable (complete and accurate) books and records (financial reporting);
  • Compliance with laws, regulations, and policies; and 
  • The reduction of risk fraud, waste, and abuse, which,
  • Aids in the decline of process and policy variation, leading to more predictive outcomes.

The DOJ and SEC, in the 2020 FCPA Resource Guide, stated:
Internal controls over financial reporting are the processes used by compa­nies to provide reasonable assurances regarding the reliabil­ity of financial reporting and the preparation of financial statements. They include various components, such as a controlled environment that covers the tone set by the organi­zation regarding integrity and ethics, risk assessments, and con­trol activities that cover policies and procedures designed to ensure that management directives are carried out (e.g., approvals, authorizations, reconciliations, and segregation of duties); information and communication; and monitoring. … The design of a company’s internal controls must take into account the operational realities and risks attendant to the company’s business, such as the nature of its products or services, how the products or services get to market, the nature of its workforce; the degree of regulation; the extent of its government interaction; and the degree to which it has operations in countries with a high risk of corruption.

This was supplemented in the 2020 Update with a pair of pointed questions: whether a company has made a significant investigation into its internal controls and whether they have been tested, then remediated based upon the testing?

The bottom line is that internal controls are just good financial controls. The internal controls that detail requirements for third-party representatives in the compliance context will help detect fraud, which could lead to bribery and corruption. As an exercise, map your existing internal controls to the Ten Hallmarks of an Effective Compliance Program or some other well-known anti-corruption regime to see where gaps may exist. This will help you to determine whether adequate compliance internal controls are present in your company. From there, you can move to see if they are working in practice.

Three key takeaways:

  1. Effective internal controls are required under the FCPA
  2. Internal controls are a critical part of any best practices compliance program
  3. There are four significant controls for the compliance practitioner to implement initially. (a) Delegation of authority (DOA); (b) Maintenance of the vendor master file; (c) Contracts with third parties; and (d) Movement of cash/currency.
Categories
Compliance Into the Weeds

Compliance Issues & Events We Are Looking at for 2023

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I consider a list of compliance issues and events worth watching in the next 12 months, likely to happen in the coming year, that will be most consequential for corporate compliance and audit professionals.

For 2023 (at least at this point), it is the following:

·      SEC rules on greenhouse gases.

·      PCAOB enforcement.

·      The FTC and privacy enforcement.

·      Fallout from the Oracle FCPA enforcement action.

·      New DOJ corporate crime enforcement policies.

·      An ESG controller.

·      Crash and burn of Elon Musk-style corporate governance.

 Resources

Matt Kelly in Radical Compliance

Categories
Blog

Profit Sharing as Bribery: The Honeywell FCPA Enforcement Action: Part 3 – The Comeback

To close out 2022 in Foreign Corrupt Practices Act (FCPA) enforcement actions, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced settlements of FCPA enforcement actions with Honeywell UOP, a US-based subsidiary of Honeywell International Inc. For its actions, Honeywell agreed to a criminal penalty of about $79 million, with the DOJ crediting up to $39.6 million of the criminal penalty for Honeywell’s payments to authorities in Brazil in related proceedings. The company agreed to pay the SEC $81.5 million in disgorgement and prejudgment interest and the SEC provided for an offset of up to $38.7 million for payments to Brazilian authorities. Today, I want to conclude with some lessons learned.

Honeywell’s Comeback

  1. Overcoming a Failure of Culture

When the underlying facts of this enforcement action began, Honeywell had one of the most corrupt cultures you could have imagined. As I noted yesterday, the bribery scheme in Brazil began with the business unit outright lying to the compliance function about a corrupt agent. But do not absolve the company’s compliance function as apparently they performed no due diligence or did even the bare minimum for agents in a clear high-risk jurisdiction. Unfortunately, this outright corruption and/or malfeasance only went downhill from there. There was a profit-sharing agreement with the corrupt Petrobras agent which clearly showed malfeasance from Honeywell’s finance folks for paying such a scheme where there was no written agreement or any other evidence which warranted payments of over $10 million. The bribery scheme in Algeria involved the corrupt third-party Unaoil and once again bribe payments were approved all the way up the business and compliance line with Honeywell Belgium finance signing off as well.

Yet even with this clear culture of corruption, Honeywell received a 25% discount off the minimum fine and penalty under the US Sentencing Guidelines. They did this without self-disclosing. Once again since Unaoil was involved, it would be a logical assumption, the Unaoil executive brought to the US and given immunity proved the initial information on Honeywell’s corruption. Honeywell did turn things around so that in addition to the 25% discount, they were not required to sustain a monitor. All in all, quite a comeback.

2. Extraordinary Cooperation

According to the Deferred Prosecution Agreement (DPA), Honeywell received full credit for its cooperation with the DOJ through its “(i) proactively disclosing certain evidence of which the Fraud Section and the Office were previously unaware; (ii) providing information obtained through its internal investigation, which allowed the government to preserve and obtain evidence as part of its own independent investigation; (iii) making detailed presentations to the Fraud Section and the Office; (iv) voluntarily facilitating interviews of employees; (v) collecting and producing voluminous relevant documents and translations to the Fraud Section and the Office, including documents located outside the United States.” The SEC added in its Order, “Honeywell cooperated in the Commission’s investigation by identifying and timely producing key documents identified in the course of its own internal investigation, providing the facts developed in its internal investigation, and making current or former employees available to the Commission staff, including those who needed to travel to the United States.”

2. Extensive Remediation

Honeywell was given credit by both the SEC and DOJ for its remedial efforts. The SEC said, the “remediation included: (i) strengthening its ethics and compliance organization; (ii) terminating sales directors involved in the misconduct in Brazil and demoting an employee with significant supervisory responsibilities over the misconduct in Brazil; (iii) implementing a program to eliminate UOP’s use of sales agents altogether (as of 3Q 2021, UOP had reduced its sales agent force by two-thirds); (iv) enhancing Honeywell’s policies and procedures including with respect to due diligence of third parties (including consolidating the due diligence process into one automated system and requiring third parties to submit quarterly reports and FCPA certifications); (v) improving Honeywell’s financial controls over third parties (including implementing digital end-to-end controls over payments to third party sales agents and ensuring that payments to sales intermediaries are made by wire transfer to an account belonging to the same party and to a bank account where the sales intermediary resides); and (vi) enhancing training provided to Honeywell employees and sales intermediaries regarding anti-corruption, controls, and other compliance issues.”

The DOJ noted that Honeywell, “(i) commencing remedial measures based on internal investigations of the misconduct prior to the commencement of the Fraud Section’s and the Office’s investigation; (ii) disciplining certain employees involved in the relevant misconduct, including terminating one employee; (iii) strengthening its anti-corruption compliance program by investing in compliance resources, expanding its compliance function with experienced and qualified personnel, and taking steps to embed compliance and ethical values at all levels of its business organization; (iv) substantially reducing its anti-corruption risk profile by taking steps to eliminate the Company’s use of sales intermediaries and, in the interim, rolling out a single, automated sales intermediary due diligence tool that requires responsible managers to provide quarterly compliance certifications for all existing sales intermediaries; (v) establishing monitor and audit processes to regularly review and update the compliance program; and (vi) enhancing its internal reporting, investigations, and risk assessment processes.”

From the SEC Order, the two key changes were: “(iv) enhancing Honeywell’s policies and procedures including with respect to due diligence of third parties (including consolidating the due diligence process into one automated system and requiring third parties to submit quarterly reports and FCPA certifications); (v) improving Honeywell’s financial controls over third parties (including implementing digital end-to-end controls over payments to third party sales agents and ensuring that payments to sales intermediaries are made by wire transfer to an account belonging to the same party and to a bank account where the sales intermediary resides);”. Both of these remediations speak to the use of tech solutions to enhance compliance. Under Prong IV, the implementation of one automated system for third parties.

From the DOJ DPA, the key changes were “(iii) strengthening its anti-corruption compliance program by investing in compliance resources, expanding its compliance function with experienced and qualified personnel, and taking steps to embed compliance and ethical values at all levels of its business organization; (iv) substantially reducing its anti-corruption risk profile by taking steps to eliminate the Company’s use of sales intermediaries and, in the interim, rolling out a single, automated sales intermediary due diligence tool that requires responsible managers to provide quarterly compliance certifications for all existing sales intermediaries;”. Once again, the tech solution noted in Prong IV was critical but also note the language found in Prong III about have ‘experienced and qualified [compliance] personnel.

By putting these remedial actions in place, Honeywell was able to avoid a monitor. This means the company not only put the changes in place but have also tested them to the satisfaction of the DOJ and SEC. But more than setting out what Honeywell did to make its comeback; these  remedial efforts of Honeywell provide a clear set of guidelines for the compliance professional to review in looking at your own program. This enforcement actions seems a fitting end for the year 2022 in FCPA enforcement.

Categories
31 Days to More Effective Compliance Programs

Day 3 – Leadership’s Conduct at the Top

DAG Lisa Monaco’s speech in September 2022 announcing the Monaco Memo as articulated in the Monaco Doctrine laid out the very basics of compliance; that the key to every company is culture. She stated, “corporate culture matters. A corporate culture that fails to hold individuals accountable or invest in compliance — or worse that thumbs its nose at compliance — leads to bad results.”

From the enforcement perspective, the DOJ will assess companies for their ethical cultures. From the compliance perspective, the ethical tone of a company and accountability all start at the top and, most specifically, senior management. This requirement is more than simply the ubiquitous “tone-at-the-top,” as it focuses on the conduct of senior management. The DOJ wants to see a company’s senior leadership doing compliance. The DOJ asks if company leadership has, through their words and concrete actions, brought the right message of doing business ethically and in compliance to the organization. How does senior management model its behavior on a company’s values, and how is such conduct monitored in an organization?

I once had a Chief Executive Officer (CEO) observe the following, “You want me to be the ambassador for compliance.” I immediately said yes, that is exactly what I need you to do. As an “Ambassador of Compliance,” a CEO can fully model the conduct that senior management engages in going forward. Another area a CEO can forcefully engage an entire company is through a powerful video message about doing business the right way and in compliance. A great example was a CenterPoint Energy video put out in 2015 after the Volkswagen (VW) emissions-testing scandal became public. The video featured Scott Prochazka, CenterPoint Energy President, and CEO. He used the VW scandal to address the culture and values at the company proactively and used the entire scenario as an opportunity to promote integrity in the workplace. But more than simply a one-time video, the company followed up with an additional resource, entitled, Manager’s Toolkit—What does Integrity mean to you? that managers used to facilitate discussions and ongoing communications with employees around the company’s ethics and compliance programs. Finally, the cost for the video was quite reasonable as it was produced internally.

 Three key takeaways:

1. Senior management must do compliance; not simply talk-the-talk of compliance but also walk-the-walk.

2. Use your CEO to talk about current events and how those ethical failures are lessons to be learned for your organization.

3. Your CEO as Compliance Ambassador.

Categories
The Corruption Files

Episode 15 – The ABB Settlement

Establishing trust can greatly affect the outcome of a case. Thomas Fox and Michael DeBernardis talk about ABB’s 2022 bribery case in South Africa, how self-disclosure benefits any situation, the DOJ’s approach on cracking down recidivists, choosing the right people for your team, and being wary of waivers.

▶️ The ABB Settlement with Tom Fox and Mike DeBernardis Background facts to the case. (00:00:29)

Tom lays out the facts of the ABB settlement. Michael points out the DOJ’s plans for penalizing recidivists and ABB’s biggest compliance misstep. (00:07:07)

Tom emphasizes the importance of compliance oversight, being vigilant of billing in high-risk jurisdictions, and the benefit of ABB’s “almost” self-disclosure. (00:12:08)

Mike discusses the impact of trust and incentivizing other recidivists to come forward and the risks of going off of real-time information. (00:18:27)

Tom mentions how having someone with experience concluding resolutions in the DOJ can make a difference. Even with a fairly low penalty, ABB is still required to report on its compliance program. (00:24:22)

Mike prefers having an independent monitor in place. However, he highlights ABB’s trust in their team to do a thorough job of reporting. (00:27:31)

Mike gives credit to ABB’s swift actions and extensive remediation, describing the DOJ’s outcome as “threading the needle”. Thomas believes the case is still a win for compliance. Michael drives home how doubling down on compliance pays off.

—————————————————————————-

Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.

Categories
Blog

Profit Sharing as Bribery: The Honeywell FCPA Enforcement Action: Part 2 – The King and Bribery Schemes

To close out 2022 in Foreign Corrupt Practices Act (FCPA) enforcement actions, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced settlements of FCPA enforcement actions with Honeywell UOP, a US-based subsidiary of Honeywell International Inc. For its actions, Honeywell agreed to a criminal penalty of about $79 million, with the DOJ crediting up to $39.6 million of the criminal penalty for Honeywell’s payments to authorities in Brazil in related proceedings. The company agreed to pay the SEC $81.5 million in disgorgement and prejudgment interest and the SEC provided for an offset of up to $38.7 million for payments to Brazilian authorities. Yesterday we laid out the broad outlines of the enforcement action. Today, I want to take a deep dive into the bribery schemes.

Bribery Schemes

 1. Brazil and Petrobras

Honeywell’s culture was so corrupt in 2010, when the facts around this matter began, that the business unit dealing with Petrobras could openly lie to the corporate compliance function. As stated in the Deferred Prosecution Agreement (DPA), “On or about May 27, 2010, two Honeywell UOP employees submitted a form requesting that Honeywell’s compliance department approve Brazil Sales Company to serve as Honeywell UOP’s sales agent. To increase the likelihood of receiving internal approvals, the Honeywell UOP employees lied on the request form, stating that Brazil Sales Company had been “known to” Honeywell UOP and a Honeywell UOP employee for two years, when, in fact, the companies had no common history and the Honeywell UOP employee had no prior knowledge of Brazil Sales Company.”

Let’s unpack this for a minute. This is a statement in the DPA, and it speaks to not only how poorly the compliance function was thought of internally but a sales function that openly used lying, cheating and fraud as part of their business practices. But not all blame lies with the business unit as where was the corporate compliance function in their trust but verify role? Apparently non-existent. When you wed a business strategy based on corruption and fraud both internally and externally, you can see where this was headed. By 2010, the corruption rot in Petrobras was well-known literally across the globe and there is no way that the Honeywell compliance function did not know doing business with Petrobras was not high risk.

It was at this early junction that the profit-sharing focus as the basis for the bribe payment was structured, “Honeywell Employee 1 and Intermediary 2 offered to pay Petrobras Official 1 one percent of the expected revenue from the Premium Refinery Contract, or approximately $4 million, in exchange for Petrobras Official 1 using his influence to help Honeywell UOP win the contract. They agreed to use a portion of Brazil Sales Company’s expected three-percent sales commission (approximately $12 million) from Honeywell UOP to pay the $4 million bribe. They also agreed that the remaining $8 million from the sales commission paid to Brazil Sales Company would be divided equally between the Intermediary 1 and Intermediary 2.”

Profit sharing with a cap was the basis for the bribe payment. Capitalism at its finest, only topped by the code name given to the corrupt Petrobras employee, the King. The King provided inside information to Honeywell on pricing and terms which the company used to bring in their bid so it would be the winning bid and Honeywell’s profit sharing with the King could commence.

Just how corrupt (or even more charitably inept) was Honeywell during this time frame? Consider the payment mechanisms outlined in the SEC Order. From 2011 to 2014, the Honeywell “employee responsible for processing the Brazil Agent’s commission payments calculated the Brazil Agent’s commission using numbers from UOP’s invoice and neither asked for nor included an invoice from the Brazil Agent before forwarding the payment request to Honeywell’s accounting group. The payment requests lacked relevant information and when the Brazil Agent changed his company’s name and wanted the commission payments routed to a Swiss bank account in the new company’s name, she forwarded the payment requests without question.” Honeywell was paying from US to Swiss bank accounts to parties with no reported due diligence or even contracts with Honeywell. This was not the compliance function making the payments but corporate accounts payable. Just how big an internal controls failure was this?

3. Algeria and Sonatrach

 This bribery scheme involved Honeywell Belgium and the well-known corrupt third-party agent Unaoil. In 2011, Honeywell Belgium hired Unaoil to help facilitate its relationship with Sonatrach. According to the SEC Order, right out of the box, Unaoil officials received “a panicked phone call from the HPS [Honeywell Belgium] Regional GM asking him to make a pass-through payment to a group of people in Europe who purportedly had helped Honeywell Belgium secure a contract with Sonatrach.” Things only got worse from there for Honeywell Belgium. Unaoil, “on behalf of Honeywell Belgium, paid the Sonatrach official $50,000 from a Swiss bank account and an additional $25,000 from the same Swiss bank account on December 28, 2011.”

Thereafter, Honeywell Belgium and Unaoil agreed to a commission structure of 4.5% for contracts landed by Unaoil with Sonatrach with an amount not to exceed $500,000. While no such work was delivered by Unaoil, it billed Honeywell Belgium a lump sum of $300,000 which was approved internally and paid by finance and “falsely recorded as a sales commission. Through a series of intermediary transfers, the Monaco Agent used a portion of the money from Honeywell Belgium to repay the Consultant who had paid the $75,000 in bribe payments to the Sonatrach official. The series of intermediary transfers involved multiple U.S. correspondent banks located in New York. The Monaco Agent admitted that it recorded the payments with internal codes the Monaco Agent sometimes used for bribe payments.”

Join me tomorrow where I conclude with some lessons learned from this final FCPA enforcement action from 2022.

Categories
Blog

Profit Sharing as Bribery: The Honeywell FCPA Enforcement Action: Part 1 – Introduction

To close out 2022 in Foreign Corrupt Practices Act (FCPA) enforcement actions, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) both announced settlements of FCPA enforcement actions with Honeywell UOP, a US-based subsidiary of Honeywell International Inc. For its actions, Honeywell agreed to a criminal penalty of about $79 million, with the DOJ crediting up to $39.6 million of the criminal penalty for Honeywell’s payments to authorities in Brazil in related proceedings. The company agreed to pay the SEC $81.5 million in disgorgement and prejudgment interest and the SEC provided for an offset of up to $38.7 million for payments to Brazilian authorities.

US Attorney Alamdar S. Hamdani for the Southern District of Texas said in the DOJ Press Release,  “This case exemplifies corporate misconduct on a global level. Prosecuting and investigating this type of crime is an important role our office takes seriously in order to ensure fair and equal playing fields for U.S. companies and consumers. We will continue our efforts to aggressively investigate and prosecute those who violate the FCPA and combat corrupt practices in order to preserve the integrity of our nation’s business dealings here and abroad.”

According to the DOJ Press Release, “between 2010 and 2014, Honeywell UOP conspired to offer an approximately $4 million bribe to a then-high-ranking executive of Petróleo Brasileiro S.A (Petrobras) in Brazil. Specifically, Honeywell UOP offered the bribe to secure improper advantages in order to obtain and retain business from Petrobras in connection with Honeywell UOP’s efforts to win an approximately $425 million contract from Petrobras to design and build an oil refinery called Premium.” The company also ran into trouble in Algeria, as was noted in the SEC Press Release which stated, “in 2011, employees and agents of Honeywell’s Belgian subsidiary paid more than $75,000 in bribes to an Algerian government official to obtain and retain business with the Algerian state-owned entity Sonatrach.”

In Brazil, Honeywell entered into an agency agreement with a sales agent for the purpose of funding and paying the $4 million bribe to the high-ranking Petrobras executive. Interestingly, the corrupt Petrobras executive was paid a percentage of the contract value, which was funded with the full knowledge of Honeywell’s US corporate office. In exchange for the bribe payments and after obtaining business advantages, including inside information and secret assistance from the Petrobras executive, Honeywell won the contract. Honeywell earned approximately $105.5 million in profits from the corruptly obtained business. The Algerian bribes were paid by Honeywell Belgium through the well-known corrupt entity Unaoil and were made via a pass-through payment to a group of people in Europe who purportedly had helped Honeywell Belgium secure a contract with Sonatrach.

Honeywell was able to secure a Deferred Prosecution Agreement (DPA) from the DOJ and although the company did not self-disclose its conduct and therefore did not receive any discount for doing so, the company did receive a 25% discount through for its cooperation with the Fraud Section’s and the Office’s investigation “by, among other things, (i) proactively disclosing certain evidence of which the Fraud Section and the Office were previously unaware; (ii) providing information obtained through its internal investigation, which allowed the government to preserve and obtain evidence as part of its own independent investigation; (iii) making detailed presentations to the Fraud Section and the Office; (iv) voluntarily facilitating interviews of employees; (v) collecting and producing voluminous relevant documents and translations to the Fraud Section and the Office, including documents located outside the United States.” The SEC Order stated, “Honeywell cooperated in the Commission’s investigation by identifying and timely producing key documents identified in the course of its own internal investigation, providing the facts developed in its internal investigation, and making current or former employees available to the Commission staff, including those who needed to travel to the United States.”

Interestingly, while the DPA does require Chief Compliance Officer (CCO) certification, it does not mandate a monitor. According to Attachment F in the DPA, the Chief Executive Officer (CEO) and CCO are both aware of the compliance obligations of Honeywell as laid out in the DPA, and “based on a review of the Companies’ reports submitted to the Department of Justice, Criminal Division, Fraud Section and the United States Attorney’s Office for the Southern District of Texas pursuant to Paragraph 12 of the Agreement, the reports are true, accurate, and complete.” Moreover, both the CEO and CCO must certify that, based on their “review and understanding of Companies’ anti-corruption compliance programs, the Companies have implemented anti-corruption compliance programs that meet the requirements set forth in Attachment C to the Agreement. The undersigned certifies that such compliance programs are reasonably designed to detect and prevent violations of the anti-corruption laws throughout the company’s operations.”

Finally, as noted herein, the case was truly international both in the scope of the bribes paid and in the use of the well-known corrupt energy industry agent Unaoil by Honeywell. The Unaoil connection was most probably how the DOJ was first notified about Honeywell’s bribery and corruption. Enforcement was also international in scope with a part of both the DOJ and SEC fines and penalties credited to payments made by Honeywell based upon the investigation in Brazil by the Controladoria-Geral da União (CGU), the Ministério Público Federal (MPF), and the Advocacia-Geral de União (Attorney General’s Office).

Join me tomorrow where I take a deep dive into the bribery schemes, or profit sharing with a King.

Categories
31 Days to More Effective Compliance Programs

Day 2 – Continuous Monitoring and Continuous Improvement

Continuous monitoring and improvement are two of the most important phrases for any compliance program. These twin concepts were perhaps the biggest modifications in the 2020 Update to the Evaluation of Corporate Compliance Programs. In 2021 and 2022, all companies’ risks changed as we moved from Working From Home to Return To Office and now a hybrid work model. Of course the great resignation has also played a part.These changes in our basic work location drove home perhaps the most prescient comment I heard during the pandemic, which was by Jed Gardner, who said, “We have moved from disaster recovery to business continuity to business as usual.” This means that risks will change in ways you may not see at speeds you do not anticipate. Your compliance program must be ready to respond to whatever those risks might be going forward.

In the 2020 Update, the DOJ began to address this from the compliance program perspective with several questions. “Is the risk assessment current and subject to periodic review? Is the periodic review limited to a “snapshot” in time or based upon continuous access to operational data and information across functions? Has the periodic review led to updates in policies, procedures, and controls? Do these updates account for risks discovered through misconduct or other problems with the compliance program?”

The next area for continuous monitoring and improvement was an area of compliance that is not normally associated with those concepts, Policies, and Procedures. Here questions included “When was the last time your policies and procedures were updated? Perhaps more importantly, under the 2020 Update, what was your process for doing so? Was there any rigor around your process? Did that rigor include incorporating information and data collected through continuous monitoring, real-time monitoring, or continuous access to operational data and information across functions?”

The final area in the 2020 Update for consideration is called Continuous Improvement, Periodic Testing, and Review. The question included the following, “How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular risk areas are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries? Does the company review and adapt its compliance program based on lessons learned from its misconduct and/or other companies facing similar risks?”

Three key takeaways:

1. How has your company’s risks changed over the past year?
2. What is your process for continuous monitoring and improvement?
3. What sources of information do you use that come from outside your organization?