Tag: DOJ

Categories
Compliance Into the Weeds

The Danske Bank AML Enforcement Action

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, we consider the Danske Bank AML enforcement action, and the bank recently pled guilty to money-laundering violations through its Estonia subsidiaries.

Some of the highlights included:

  • The background facts.
  • What did the home bank know and when?
  • Did a tech failure set this all in motion?
  • The Bank’s attempts to hide the violations from US authorities.
  • Why is the US and not Denmark bringing an enforcement action against a Danish bank?
  • What about CCO certification?
  • The role of the Danish monitor.

 Resources

Tom in the FCPA Compliance and Ethics Blog

Matt Kelly in Radical Compliance

Categories
Blog

Danske Bank: Part 4 – The Bank’s Response

We are exploring the Danske Bank A/S (Danske Bank), AML enforcement action in which Danske Bank pled guilty this week and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. According to the Department of Justice (DOJ) Press Release, “Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” Danske Bank also settled with the Securities and Exchange Commission (SEC) who said, in their Press Release, the Bank misled investors about its anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

Most probably at this point you are thinking it is a very good thing Danske Bank is the premier financial institution in Denmark, or they might not still exist. But as we have seen right up until today, banks continue to engage in the most egregious behavior and simply are hit with another set of fines and penalties. (Wells Fargo Bank NA fined yet another $3.7 billion, this time by the Consumer Financial Protection Bureau, seeConsent Order.) I suppose it is no surprise that Danske Bank was given “too large and too important to put out of business” designation by Danish regulators. That is also probably one of the key reasons the US government brought this enforcement action. First, because the US had the teeth to do and second, the Danish regulators could simply ‘blame the Americans’.

Of course, Danske Bank itself demonstrated its colors when one of its executives said in an email, [Per the SEC Order] “[W]e should be mindful that we have a really bad case in Estonia, where I believe that all lines of defence failed. . . We should make sure that we don’t create a relationship where [Correspondent Bank 2] suddenly feels the need to share their concerns about Danske with US regulators.” The Order went on to note, “Between September 2015 and January 2016, the Danish FSA sent a draft AML inspection report to Danske which included a reprimand related to Danske’s Board of Directors’ failure to identify and address risks at Danske Estonia. In March 2016, the Danish FSA issued a final inspection report which was provided to Danske senior management in which it reprimanded Danske for its failure to identify critical risks at Danske Estonia and failure to limit these risks and concluded that Danske was not in compliance with the Danish AML Act and that “the conditions at the bank’s branch in Estonia posed a material reputation risk for the bank.””

Danske Bank did not receive credit for self-disclosure, but the bank did receive credit for its cooperation, which included full cooperation and admission of responsibility, providing documents and witnesses to be interviewed, all located outside the US and, perhaps most importantly, a “detailed analysis of cross border transactions.” As remedial steps the Bank closed its “non-residential portfolio”, terminated employees, including senior bank executives who were engaged in the conduct, improved its AML function, including a centralized money laundering financial compliance and financial crime program, hired competent and experienced AML compliance professionals and initiated direct reporting lines to the Board of Directors. The Bank agreed to a best-in-class compliance program and an independent expert appointed by the Danish FSA to oversee implementation of the remedial solution. Interestingly, if this independent expert quits for any reason the DOJ retains the right to appoint a monitor.

Danske Bank agreed to a three-year period of continuing cooperation and reporting to the DOJ. Although there is no Deferred Prosecution Agreement (DPA) since this was a criminal guilty plea it seems to act in the manner of ongoing obligations under a DPA. However, it will require Court approval and ongoing oversight because it is a plea deal and not a DPA. Danske Bank is to meet at least quarterly with the DOJ throughout the three-year term, and to submit annual progress reports to the prosecutors until the agreement expires at the end of 2025. According to Radical Compliance, the first report, due in December 2023, needs to focus on three topics:

  • Complete description of the bank’s remediation efforts to date;
  • Complete description of the testing conducted to evaluate the effectiveness of the compliance program, and the results of that testing; and
  • Proposals to assure that the compliance program is reasonably designed, implemented, and enforced.
  • The next reports, due at the end of 2024 and 2025, respectively, are supposed to cover all the same ground, and incorporate any feedback the Justice Department provides from the prior reports.

Of course, there is the Chief Compliance Officer (CCO) certification. Would you like to be the CCO who has to certify the Danske Bank AML compliance program is “reasonably and effectively designed to deter and prevent violations of money laundering, anti-money laundering, and bank fraud laws throughout the bank’s operations”?

Tomorrow, we conclude with final thoughts and lessons learned.

Categories
Blog

Danske Bank: Part 2 – Jurisdiction

We finally have the big one in money laundering. That, of course, is Danske Bank A/S (Danske Bank), a global financial institution headquartered in Denmark, which pled guilty this week and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. According to the Department of Justice (DOJ) Press Release, “Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” Danske Bank also settled with the Securities and Exchange Commission (SEC) who said, in their Press Release, the Bank misled investors about its anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

One might reasonably ask why the US government is bringing this action. I think there are two key reasons. First, only the US has the cache to bring such a massive enforcement action against any bank, wherever they are domiciled, which threatens the world’s financial integrity through multiple years of facilitating money laundering. The second is that as the world’s principal financial leader, the US government sees itself as the protector and enforcer of that system. While many outside the US may decry these realities, it is clear that only the US can lead such an action. There certainly were other countries which participated, as both the DOJ and SEC Press Releases noted the cooperation of Denmark and Estonia in this enforcement action but at the end of the day, it had to be led by the US.

Jurisdiction

Even if the US feels that it should lead an enforcement effort in this affront to international law, there still must be jurisdiction to bring these enforcement actions. According to the SEC Complaint, “Danske is a Danish multinational banking and financial services corporation headquartered in Copenhagen, Denmark. At all relevant times, Danske was the largest bank in Denmark and a major retail bank in Northern Europe, with offices in countries outside Denmark.” However, I was somewhat surprised to learn that “Danske’s shares traded in Denmark on the OMX Copenhagen and in the United States over-the- counter (“OTC”) as American Depositary Receipts (“ADRs”) listed in U.S. dollars, and U.S. investors constituted a significant portion of Danske’s shareholders. Between 2009 and 2018, U.S. shareholders held as much as 18% of Danske’s stock.”

This stock sold in the US warranted regulatory protection of US investors. The SEC Complaint went on to note that Danske Bank “engaged in deceptive acts, including misleading Danish regulators and U.S. correspondent banks, to conceal its AML and KYC deficiencies. Danske stopped providing services to its high risk customers by April 2016 but failed to timely disclose to investors known misconduct and widespread AML failures.” These failures to inform investors took the form of “a variety of reports, including annual, interim, corporate governance, and risk management reports, in English on its corporate website for the benefit of and made available to, inter alia, actual and prospective U.S. investors. Certain of these reports contained representations to investors about Danske’s risk management processes and disciplines related to the banks systems and controls. Such systems and controls would include Danske’s policies and procedures to detect, prevent and mitigate risks to the bank from financial crime, including money laundering.” Finally, the harm from the illegal conduct hit US investors as “between September 2017 and November 1, 2018, Danske’s share price dropped by approximately 49% as the full extent of Danske’s misconduct became apparent.”

The only reference to US jurisdiction from the DOJ came in the Plea Agreement which obliquely noted Danske Bank “engaged in suspicious transactions through U.S. banks.”

We rarely take a deep dive into the jurisdiction which allows a Foreign Corrupt Practices Act (FCPA) or other similar action to be brought in the US. However, the Danske Bank AML enforcement action makes clear that simply because a company is domiciled outside the US, if it does business internationally, there may be multiple US jurisdiction points which could allow US authorities to bring an enforcement action.

Tomorrow, where did it all start and what were the AML compliance program failures?

Categories
FCPA Compliance Report

Scott Garland and Zach Hafer – Practice After the DOJ

Welcome to the award-winning FCPA Compliance Report, the most senior podcast in compliance. I have double trouble in this episode as I welcome Scott Garland and Zach Hafer. They worked together for many years at the US Attorney’s Office for the District of Massachusetts. Both are now in private practice, Garland as a Managing Director at Affiliated Monitors, Inc. and Hafer as a Partner at Cooley LLP in Boston.

Some of the highlights include:

In this podcast, we consider DOJ corporate enforcement through the mechanisms of DPAs and NPAs based upon Hafer’s tenure as the Criminal Chief. They discussed the need to balance approving prosecutions for general impact vs. based on the case’s merits. We also consider how, if at all, the Monaco Memo changes DOJ focus. Garland leads us through a discussion of compliance issues within a prosecutor’s office, why your compliance philosophy is so critical, and some of the biggest issues and situations they both confronted while in the US Attorney’s Office for the District of Massachusetts. We conclude this section with a discussion of receiving compliance advice: what worked and what did not.

We conclude with a discussion of transitioning from DOJ to private practice, and both Zach and Scott summarize some of the key questions they are getting from clients. Garland opines on key issues he sees for monitors after Monaco Memo, and we conclude with why proactive monitoring can be such a powerful tool.

 Resources

Scott Garland at Affiliated Monitors

Zach Hafer at  Cooley LLP

Categories
Blog

Danske Bank: Part 1 – Introduction

We finally have the big one in money laundering. That, of course, is Danske Bank A/S (Danske Bank), a global financial institution headquartered in Denmark, which pled guilty this week and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. According to the Department of Justice (DOJ) Press Release, “Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” Danske Bank also settled with the Securities and Exchange Commission (SEC) who said, in their Press Release, the Bank misled investors about its anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

On the criminal side of things, Danske Bank pled guilty to one count of conspiracy to commit bank fraud. Under the terms of the plea agreement, the company has agreed to criminal forfeiture of $2.059 billion. Danske Bank will also enter into separate criminal or civil resolutions with domestic and foreign authorities. As a part of the overall fine and penalty, the DOJ will credit nearly $850 million in payments that Danske Bank makes to resolve related parallel investigations. Danske Bank agreed to pay $413 million to settle the SEC’s charges related to other domestic and foreign authorities.

What The Said

Deputy Attorney General Lisa Monaco said, “Today’s guilty plea by Danske Bank and two-billion-dollar penalty demonstrate that the Department of Justice will fiercely guard the integrity of the U.S. financial system from tainted foreign money – Russian or otherwise. Whether you are a U.S. or foreign bank, if you use the U.S. financial system, you must comply with our laws. We expect companies to invest in robust compliance programs – including at newly acquired or far-flung subsidiaries – and to step up and own up to misconduct when it occurs. Failure to do so may well be a one-way ticket to a multi-billion-dollar guilty plea.”

Assistant Attorney General Kenneth A. Polite added “Danske Bank lied to U.S. banks about its deficient anti-money laundering systems, inadequate transaction monitoring capabilities, and its high-risk, offshore customer base in order to gain unlawful access to the U.S. financial system. Danske Bank accepted responsibility for defrauding U.S. financial institutions and funneling billions of dollars in suspicious and criminal transactions through the United States. As part of its guilty plea, Danske Bank will forfeit over $2 billion and implement significant changes to its compliance program and AML controls. This coordinated resolution with the Securities and Exchange Commission (SEC) and Danish authorities sends a clear message that the Department of Justice stands ready to work with our partners around the world to investigate corporate wrongdoing and hold bad actors accountable for their criminal conduct.”

Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, said in the SEC Press Release, “Corporations that raise money from the public must disclose information that is material to investors, who then get to decide what risks they want to take. That’s the basic bargain of our securities laws and it extends to foreign issuers like Danske Bank, which sought to access our capital markets, even though its securities were not registered with the Commission. But as alleged in our complaint, Danske Bank repeatedly broke that bargain by misrepresenting to its shareholders, including U.S. investors, that it had strong anti-money laundering controls while hiding its significant control deficiencies and compliance failures.”

The Illegal Conduct

According to the DOJ, between “2008 and 2016, Danske Bank offered banking services through its branch in Estonia, Danske Bank Estonia. Danske Bank Estonia had a lucrative business line serving non-resident customers known as the NRP. Danske Bank Estonia attracted NRP customers by ensuring that they could transfer large amounts of money through Danske Bank Estonia with little, if any, oversight. Danske Bank Estonia employees conspired with NRP customers to shield the true nature of their transactions, including by using shell companies that obscured actual ownership of the funds. Access to the U.S. financial system via the U.S. banks was critical to Danske Bank and its NRP customers, who relied on access to U.S. banks to process U.S. dollar transactions. Danske Bank Estonia processed $160 billion through U.S. banks on behalf of the NRP.”

According to the SEC, “when Danske Bank acquired its Estonian branch in 2007, it knew or should have known that a substantial portion of the branch’s customers were engaging in transactions that had a high risk of involving money laundering; that its internal risk management procedures were inadequate to prevent such activity; and that its AML and Know-Your-Customer procedures were not being followed and did not comply with applicable laws and rules. The SEC alleges that, from 2009 to 2016, these high-risk customers, none of whom were residents of Estonia, utilized Danske Bank’s services to transact billions of dollars in suspicious transactions through the U.S. and other countries, generating as much as 99 percent of the Estonian branch’s profits. The complaint further alleges that, although Danske Bank knew of these high-risk transactions, it made materially misleading statements and omissions in its publicly available reports stating that it complied with its AML obligations and that it had effectively managed its AML risks. As the full extent of Danske Bank’s AML failures became apparent, its share price dropped precipitously.”

What Does it Mean for Compliance

The Danske Bank enforcement action presents multiple lessons learned for the compliance professional, both in AML compliance and anti-corruption compliance. Over the next several blog posts, we will be looking at the illegal schemes and internal control failures in some detail. I hope you will join me for the exploration.

Tomorrow, where did it all start to go wrong?

Categories
Blog

ABB FCPA Resolution: Part 5 – A Win for Compliance

We conclude our exploration of the latest resolution of a Foreign Corruption Practices Act (FCPA) violation involving the Swiss construction giant, ABB Ltd. There have been several reference documents used this week and they include the Securities and Exchange Commission Complaint (SEC Order); the Department of Justice (DOJ) Press Release. Plea Agreement (ABB Plea Agreement) and Deferred Prosecution Agreement(DPA), the ABB South Africa Plea Agreement and Criminal Information, the ABB Management Services Plea Agreement and Criminal Information.

Over this blog post series, we have been exploring these key questions: How did ABB obtain such a superior resolution? And, as a three-time FCPA violator, how did the company avoid a monitor? Today, we celebrate how this most unusual FCPA enforcement action is a huge victory for compliance.

How did ABB obtain such a superior resolution?

There appears to be three components to ABB’s avoidance of a monitor. It all began with ABB’s attempt to self-disclose. Please note this attempt was not successful as the South African press broke the story of ABB’s bribery and corruption between the time ABB called to set up meeting and actually sat down with the DOJ. Yet the DOJ was impressed enough with ABB’s intent or at least desire to self-disclose that it spent a considerable amount of ink in the resolution documents detailing how ABB got close but missed timely self-disclosing.

Yet this putative failure at self-disclosure laid the groundwork for everything that followed, eventually leading to the stunning result. As the DOJ stated in the DPA, “in evaluating the appropriate disposition of this matter-including the appropriate form of the resolution-considered evidence that, within a very short time of leaning of the misconduct, the Company contacted the Fraud Section and scheduled a meeting to discuss matters under investigation by the Fraud Section and the Company. The Company did not specifically identify the South Africa misconduct in that meeting request, but it disclosed the South Africa misconduct during the scheduled meeting, subsequently presented evidence to the Offices that it intended to disclose the misconduct related to South Africa during the scheduled meeting and did not know of any imminent media reports when the meeting was scheduled.”

The second component is the above-noted discussion about ABB’s near self-disclosure. While it could have amounted to an own goal, given the lengthy DOJ discussion in the settlement documents, it appears the DOJ received ABB’s near miss more favorably. The second point is something every Chief Compliance Officer (CCO) and outside counsel need to understand; that being truly extraordinary.

Matt Kelly identified the one piece of information which took what is now this standard recitation of extraordinary cooperation to a truly high level of ‘extraordinary’. In a blog post, Kelly pointed out that in the SEC Order, it stated, “ABB’s cooperation included real-time sharing of facts learned during its own internal investigation.” This meant “ABB was sharing information with regulators as quickly as it found those facts, without necessarily knowing how such admissions might affect its overall case and settlement chances.” He then opined, “When you don’t know the full extent of your sins and the punishment to follow, but you cooperate with regulators anyway — that’s an impressive commitment to the culture of compliance that the Justice Department wants to see.”

Next were the actions by ABB in their remediation. The Plea Agreement reported that ABB “engaged in extensive remedial measures, including hiring experienced compliance personnel and, following a root-cause analysis of the conduct described in the Statement of Facts, investing significant additional resources in compliance testing and monitoring throughout the organization; implementing targeted training programs, as well as on-site supplementary case-study sessions; conducting continuing monitoring and testing to assess engagement with new training measures; restructuring of reporting by internal project teams to ensure compliance oversight; and promptly disciplining employees involved in the misconduct.” This final point was expanded on in the SEC Order which reported that all employees involved in the misconduct were terminated.

As a three-time FCPA violator, how did the company avoid a monitor?

ABB essentially created its own monitorship around testing its compliance program and reporting to the DOJ. In a section entitled “Written Work Plans, Reviews and Reports”, ABB agreed to conduct a first review and prepare a first report, followed by at least two follow-up reviews and reports. But more than simply reporting, ABB agreed to create and submit for review a workplan for this ongoing testing of its compliance program, as the program was detailed in the DPA. The DPA specified, “No later than one (I) year from the date this Agreement is executed, the Company shall submit to the Offices a written report setting forth:

  • a complete description of its remediation efforts to date;
  • a complete description of the testing conducted to evaluate the effectiveness of the compliance program and the results of that testing; and
  • its proposals to ensure that its compliance program is reasonably designed, implemented, and enforced so that the program is effective in deterring and detecting violations of the FCPA and other applicable anti-corruption laws.”

ABB also agreed to meet with the DOJ quarterly to submit and discuss the results of its ongoing testing. While I am sure many other companies have made a similar proposal to the DOJ, through its actions during the pendency of the investigation, ABB convinced the DOJ it could be trusted to follow through with its commitment.

How does all of this work into the DOJ decision not to require a monitor? There is now a 10-factor test that was laid out in the Monaco Memo. Factor 1 is whether the company self-disclosed the incident at issue. Factors 4-6 all relate to conduct and actions when the illegal activity occurred, not after discovery and self-disclosure. Factor 4 relates to the length or pervasiveness of the conduct and whether senior management was involved. Factor 5 reviews “the exploitation of an inadequate compliance program or system of internal controls.” Factor 6 asks if compliance personnel were involved or were basically negligent in failing to “appropriately escalate or respond to red flags.” Factors 7-10 considered ABB’s actions post-reporting, how the company became aware of the matter, its root cause analysis, its remedial actions and overall reduction in the company’s risk profile. While there was no substantive discussion of these factors in the any of the resolution documents, it appears the DOJ criteria for a monitor was not met.

The ABB FCPA resolution represents one of the biggest wins for corporate compliance that we have seen in recent memory. A now thrice-recidivist received a discount on its overall fine and penalty and avoided a monitor through truly exception work after the bribery and corruption was uncovered. Every compliance officer should thoroughly study this matter to see the specific steps ABB engaged in, starting with their first phone call to the DOJ. During your investigation, embrace the DOJ’s need for speed in communicating new and salient facts as they are uncovered, perform a root cause analysis and then remediate, remediate, and remediate. ABB is to be commended and indeed celebrated for its success in this matter.

Categories
Blog

ABB FCPA Resolution: Part 4 – ABB Shines

We continue our exploration of the latest resolution of a Foreign Corruption Practices Act (FCPA) violation involving the Swiss construction giant, ABB Ltd. The most obvious significance is from the fact that ABB is now the first three-time convicted violator of the FCPA, having prior FCPA resolutions in 2004 and 2010. The moniker of a three-time FCPA violator is certainly not one that any corporation wants to claim, yet here we are. The total fine and penalty for the violation was $315 million, with credited amounts going to South Africa, Switzerland, and Germany for ABB’s violations of those country’s anti-corruption laws. There was also a $75 million fine credited to the Securities and Exchange Commission (SEC). In addition to the SEC Order, the DOJ Press Release and Plea Agreement are also available. Conspicuously missing at this point are resolution documents from South Africa, Switzerland, and Germany.

We are exploring this FCPA enforcement action to see what lessons might be garnered from it. While we are doing so, please keep three key questions in mind: (1) How did ABB obtain such a superior resolution? (2) As a three-time FCPA violator, how did the company avoid a monitor? (3) Why was there no requirement for Chief Compliance Officer (CCO) certification? Today, we consider how ABB was able to obtain such a superior result.

Initially, I should note that question 3 which I have posed all week was answered in the Deferred Prosecution Agreement (DPA), released Wednesday. There is a CCO certification. It was not referenced in the DOJ Press Release or the ABB Plea Agreement.

The (almost) Self-Disclosure

The FCPA Corporate Enforcement Policy discounts up to and including a full declination on self-disclosure. But now, it is about  a ‘timely’ self-disclosure. When announcing the Monaco Memo, Deputy Attorney General Lisa Monaco emphasized not only the requirement for self-disclosure but the need for speed in self-disclosure. The DOJ wants speed as well because, “If disclosures come too long after the misconduct in question, they reduce the likelihood that the government may be able to adequately investigate the matter in time to seek appropriate criminal charges against individuals. The expiration of statutes of limitations, the dissipation of corroborating evidence, and other factors can inhibit individual accountability when the disclosure of facts about individual misconduct is delayed.” Additionally, the first factor the DOJ uses in making a determination of whether a monitor will be assigned is “Whether the corporation voluntarily self-disclosed the underlying misconduct in a manner that satisfies the particular DOJ unit or sections component’s self-disclosure policy.”

The sequence around this issue of self-disclosure is every company’s nightmare, a press report comes out and blindsides an organization (think the New York Times (NYT) breaking the Walmart FCPA story.) The detail provided in the Plea Agreement is as insightful as it is instructive. It details that although “within a very short time of learning of the misconduct, the Parent Company [ABB] contacted the Fraud Section and scheduled a meeting to discuss matters under investigation by the Fraud Section and the Parent Company. The Company did not specifically identify the South Africa misconduct in that meeting request, but it disclosed the South Africa misconduct during the scheduled meeting, subsequently presented evidence to the Offices that it intended to disclose the misconduct related to South Africa during the scheduled meeting and did not know of any imminent media reports when the meeting was scheduled. However, before the scheduled meeting occurred and prior to making any such disclosure to the Fraud Section, a media report was published related to the misconduct.”

While I doubt ABB would have been given a full declination if they had timely self-disclosed, this lengthy discussion in the Plea Agreement clearly focuses on the DOJ’s desire for a timely self-disclose. It was also equally probable that it was a factor in the lack of assignment of a monitor. We do not know the length of time between initial notice of the bribery and corruption to the corporate headquarters of the Board, we do know the gold standard for self-reporting which was Cognizant Technology Solutions, who self-disclosed two weeks after the initial report to the company’s Board of Directors. (Also recall that Cognizant had C-Suite involvement in the bribery scheme.)

This fact pattern also demonstrates why the need for speed in self-disclosure is so critical. A company can never know in what forum, who or how information about bribery and corruption will be made public. In Walmart’s case it was above the fold, on the front page of the Sunday NYT. In addition to the DOJ’s prescription for timely reporting, this matter demonstrates the public relations disaster which will befall a company which sits on a self-disclosure. Imaginably the answer is the one suggested by Matt Kelly, writing in Radical Compliance, who said, “So perhaps the lesson here is that when you have an FCPA issue, just announce it on Twitter and [hash] tag the Criminal Division.”

Extensive Cooperation

This component of the FCPA Corporate Enforcement Policy is a bit harder to suss out as the Plea Agreement stated that ABB received credit for extraordinary cooperation based on the following: “(i) promptly providing information obtained through its internal investigation, which allowed the Offices to preserve and obtain evidence as part of their own independent investigation; (ii) making regular and detailed factual presentations to the Offices; (iii) voluntarily making foreign-based employees available for interviews in the United States; (iv) producing relevant documents located outside the United States to the Offices in ways that did not implicate foreign data privacy laws; and (v) collecting, analyzing, and organizing voluminous evidence and information that it provided to the Offices, including the translation of certain foreign language documents.”

However, once again, it was Kelly who identified the one piece of information which took what is now this standard recitation of extraordinary cooperation to a truly high level of ‘extraordinary’. He pointed out that in the SEC Order, it stated, “ABB’s cooperation included real-time sharing of facts learned during its own internal investigation.”  This meant “ABB was sharing information with regulators as quickly as it found those facts, without necessarily knowing how such admissions might affect its overall case and settlement chances.” He then opined, “When you don’t know the full extent of your sins and the punishment to follow, but you cooperate with regulators anyway — that’s an impressive commitment to the culture of compliance that the Justice Department wants to see.”

It also ties directly into what DAG Monaco said in the Monaco Doctrine, which noted, “it is imperative that Department prosecutors gain access to all relevant, non­ privileged facts about individual misconduct swiftly and without delay.” [emphasis supplied] This now means, “to receive full cooperation credit, corporations must produce on a timely basis all relevant, non-privileged facts and evidence about individual misconduct such that prosecutors have the opportunity to effectively investigate and seek criminal charges against culpable individuals.” If a company fails to meet this burden, it will “place in jeopardy their eligibility for cooperation credit.” The DOJ goes the next step by placing the burden on companies to demonstrate timeliness, stating they “bear the burden of ensuring that documents are produced in a timely manner to prosecutors.”

Extensively Remediate

Finally, were the actions by ABB in their remediation. The Plea Agreement reported that ABB “engaged in extensive remedial measures, including hiring experienced compliance personnel and, following a root-cause analysis of the conduct described in the Statement of Facts, investing significant additional resources in compliance testing and monitoring throughout the organization; implementing targeted training programs, as well as on-site supplementary case-study sessions; conducting continuing monitoring and testing to assess engagement with new training measures; restructuring of reporting by internal project teams to ensure compliance oversight; and promptly disciplining employees involved in the misconduct.” This final point was expanded on in the SEC Order which reported that all employees involved in the misconduct were terminated.

At this point, there are not many specific components of the ABB remediation available, but we do know that ABB was given credit for hiring “experienced compliance personnel,” starting with the hiring of Natalia Shehadeh, SVP and Chief Integrity Officer, and then allowing Shehadeh to hire a dream team of compliance professionals to work with her. I would go so far as to say Shehadeh and her team are Compliance Dream Team II as the first (which Shehadeh was a part of) was the Compliance Dream Team created by Billy Jacobson at Weatherford to get that company through its FCPA and Oil-For-Food enforcement actions.

Join us tomorrow where we conclude our look at the ABB FCPA resolution and posit why it is a complete win for compliance.

Categories
Compliance Into the Weeds

ABB FCPA Resolution

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, we consider the ABB Foreign Corrupt Practices Act resolution. We deep dive into the case and ask three key questions: (1) How did ABB obtain such a superior resolution? (2) As a three-time FCPA violator, how did the company avoid a monitor? (3) Why was there no requirement for Chief Compliance Officer (CCO) certification?

Some of the highlights included:

  • The background facts.
  • The corrupt supplier’s ABB used to facilitate their bribery and corruption.
  • The convoluted self-disclosure in this matter. (Should they have used Twitter with the notation #committedbribery?)
  • What constituted extraordinary cooperation during the pendency of the investigation?
  • What are the implications of real-time sharing during an investigation?
  • What were the steps which demonstrated the exception remediation?
  • A root cause analysis is a basic Hallmark of an effective compliance program. Why was it separately called out?
  • Did the DOJ change its policy from mandatory CCO certification to discretionary?

 Resources

Tom has a five-part series in the FCPA Compliance and Ethics Blog

Matt Kelly in Radical Compliance

Categories
Blog

ABB FCPA Resolution: Part 3 – The Bribery Schemes

We continue our exploration of the latest resolution of a Foreign Corruption Practices Act (FCPA) violation involving the Swiss construction giant, ABB Ltd. The most obvious significance is from the fact that ABB is now the first three-time convicted violator of the FCPA, having prior FCPA resolutions in 2004 and 2010. The moniker of a three-time FCPA violator is certainly not one that any corporation wants to claim, yet here we are. The total fine and penalty for the violation was $315 million, with credited amounts going to South Africa, Switzerland, and Germany for ABB’s violations of those country’s anti-corruption laws. There was also a $75 million fine credited to the Securities and Exchange Commission (SEC). In addition to the SEC Order, the DOJ Press Release and Plea Agreement are also available. Conspicuously missing at this point are resolution documents from South Africa, Switzerland, and Germany.

We are exploring this FCPA enforcement action to see what lessons might be garnered from it. While we are doing so, please keep three key questions in mind: (1) How did ABB obtain such a superior resolution? (2) As a three-time FCPA violator, how did the company avoid a monitor? (3) Why was there no requirement for Chief Compliance Officer (CCO) certification? Today, we consider the bribery schemes used by ABB to fund the bribes.

Bribery Pre-Payment

One of the things we rarely see is the pre-payment of a bribe for a contract to be awarded corruptly in the future as usually there is a quid pro quo or payment made after a contract is corruptly awarded. Perhaps the corrupt Eskom official who awarded the contract to ABB saw their actions in passing on internal and confidential information, which ABB used to secure the contract, as worthy of payment, perhaps the Eskom official wanted a show of ‘good-faith’. Whatever the reason, the corrupt Eskom official wanted an upfront, pre-payment for the corruption award of the contract to ABB.

As I detailed previously the corrupt Subcontractor 1 who was the lead bribe facilitator was awarded a contract worth $7.2 million and then paid, according to the Plea Agreement, $798,000 as an ‘advanced payment’ ($720,000 according to the SEC Order) and that money was to be paid to the corrupt Eskom official. However corrupt Subcontractor 1 balked at making the payment and kept the money for themselves. ABB’s answer was to bring in a corrupt Subcontractor 2 to facilitate this pre-payment to the corrupt Eskom official.

Funding Through Variation Orders

Because of the original contract with the corrupt Subcontractor 1, ABB had to come up with another mechanism to fund the bribe payments to the corrupt Eskom official. The solution was elegantly simple, the ‘Variation Order’. Under this, “The scheme was effectuated through the abuse of “variation orders” provided for in the contract between ABB-South Africa and Eskom. These provisions allowed Eskom to make changes to the contract and resulted in ABB-South Africa claiming additional costs from Eskom. Eskom Official and Capture Team Lead agreed upon a target price, which ABB-South Africa would then quote based on proposals that included inflated, unnecessary, or unjustified costs and Eskom would officially approve. An official at Service Provider B then ensured that money was transmitted to Eskom Official and his family members from the payments.”

The Variation Orders were not based on the value of additional work but were costed out by the corrupt Eskom official and ABB jointly. They would figure out how much the bribe needed to be and then would hit on a “target price” for the Variation Order. In less than two years, from 2016-2017, ABB corruptly paid some $37 million in bribes to the corrupt Eskom official. As the SEC Order somewhat dryly noted, “The various payments to Service Provider B, much of which was intended as bribes for Eskom Official, were inaccurately reflected in ABB-South Africa’s books and records as legitimate engineering services and involved the use of false purchase orders and contracts. ABB-South Africa’s books and records were consolidated into ABB’s for purposes of Commission filings.”

While these bribery schemes were not all that sophisticated, they do point out a key issue for compliance professionals. In high-risk jurisdictions, there must be continual monitoring of billings from and payments to government and state-owned entity customers. As previously detailed the mechanisms by which corrupt Subcontractors 1 and 2 were onboarded clearly presented red flags which were not followed up on by ABB compliance. These funding mechanisms also demonstrated significant red flags which should have been more scrupulously reviewed as well. Compliance does not stop when the contract is signed, it must be an ongoing prevention, detection, and remediation program.

In short, there is much to unpack in this matter. Join us tomorrow where we look at the ABB self-disclosure, investigative and remedial responses which led to its superior result.

Categories
Blog

ABB FCPA Resolution: Part 2 – The Corruption Partners

We continue our exploration of the latest resolution of a Foreign Corruption Practices Act (FCPA) violation involving the Swiss construction giant, ABB Ltd. The most obvious significance is from the fact that ABB is now the first three-time convicted violator of the FCPA, having prior FCPA resolutions in 2004 and 2010. The moniker of a three-time FCPA violator is certainly not one that any corporation wants to claim, yet here we are. The total fine and penalty for the violation was $315 million, with credited amounts going to South Africa, Switzerland, and Germany for ABB’s violations of those country’s anti-corruption laws. There was also a $75 million fine credited to the Securities and Exchange Commission (SEC). In addition to the SEC Order, the DOJ Press Release and Plea Agreement are also available. Conspicuously missing at this point are resolution documents from South Africa, Switzerland, and Germany.

We are exploring this FCPA enforcement action to see what lessons might be garnered from it. While we are doing so, please keep three key questions in mind: (1) How did ABB obtain such a superior resolution? (2) As a three-time FCPA violator, how did the company avoid a monitor? (3) Why was there no requirement for Chief Compliance Officer (CCO) certification? Today, we consider the corrupt partners that ABB brought into the deal with Eskom to facilitate the company’s bribery and corruption.

Capture Team and Sales Shark

In reading the resolution documents, one can only wonder at the culture of corruption which permeated ABB in the 2014-2017 timeframe. After finding out a business opportunity existed in South Africa with the national power company Eskom, ABB created a ‘Capture Team’ which was staffed largely by executives in the corporate headquarters as “The capture team did not possess confidence in personnel at ABB-South Africa to get access to the people at Eskom that would be making the decisions in regard to the C&I contract. As a result, Executive B, who had experience with obtaining business from Eskom with a previous employer, became directly involved in coordinating the efforts to win the business.” In other words, the corporate office did not believe the ABB South African operation was corrupt enough to get the job done so they stepped in to do so.

Thereafter, “at the suggestion of Executive B that a ‘sales shark’ was needed in pursuing the C&I contract, the capture team appointed Capture Team Lead, “a highly experienced sales expert” with a reputation for non-transparency about how he went about interactions with clients.” That is exactly what ABB commenced to do as thereafter Capture Team Lead, Executive B, brought in the ABB South Africa, Local Senior Manager to “set up private meetings and sent clandestine communications with Eskom officials to obtain and share confidential information regarding the Kusile C&I tender, including Eskom’s budget price and ABB’s schedule.”

 Corrupt Subcontractor 1 and Bribe Pre-Payment

This led to a business relationship with corrupt Subcontractor 1, whose sole function was to funnel bribe payments to corrupt Eskom executive(s) to facilitate ABB South Africa winning the contract. But there was a problem as the corrupt Subcontractor 1 did not meet the required business criteria to work with ABB. Indeed, “A supply chain manager at ABB-South Africa, who was not aware of the bribery scheme, raised concerns that Service Provider A was unqualified for the work for which it was being considered and that its proposed price was excessive. Given that Executive B and Capture Team Lead were part of the bribe scheme, the concerns went unaddressed by ABB management in South Africa and Switzerland.” Just to demonstrate that Subcontractor 1 was brought in to facilitate the payment of bribes, when Subcontractor 1 joined the bid team, the cost immediately went up by some $9 million. Finally, to top how unusual the arrangement with Subcontract 1 had become “ABB-South Africa signed its subcontract with Service Provider A for approximately $7.2 million which, contrary to internal company policy, was awarded without competitive bidding. The subcontract included a provision for an advanced payment of ten percent, as Eskom Official wanted an upfront payment.”

Corrupt Subcontractor 1 did their job in the corruption scheme by passing on internal and confidential information from their corrupt contact at Eskom, which ABB used to secure the contract. The Eskom official wanted an upfront, pre-payment for the corruption award of the contract to ABB. As odd as all of this was, or perhaps to demonstrate there is no honor among thieves, Subcontractor 1 decided it wanted to keep all the monies to be made as the pre-payment to the corrupt Eskom official. According to the SEC Order, “The bribe scheme nearly came undone when Service Provider A’s chair refused to share the spoils with the Eskom Official due to an apparent falling out between them. In order to save the illicit arrangement, Capture Team Lead attempted to broker a peace between the two, going so far as arranging a face-to-face meeting, but the efforts were unsuccessful.” This put the ABB bid at risk.

Corrupt Subcontractor 2 and a Waiver

The answer was simply to retain another corrupt South African business partner, who was a friend of a close friend of the corrupt Eskom official. (Reminds me of a great line from Dr. No – I like friends who have friends.) Once again, the problem was that corrupt Subcontractor 2 did not meet ABB’s internal requirements to become a business partner. This required an internal ABB waiver. ABB corporate arranged a US ABB employee from a US office, “who specialized in the SCM processes, travel to South Africa to manage the course of obtaining one. During the second week of February 2016, after spending a number of days in South Africa, the American employee was able to secure for [corrupt Subcontractor 2] a formal waiver premised on its working through two specific sub-subcontractors who were qualified for the job.” However, all of this was ruse and sham corrupt Subcontractor 2 was already on the worksite “and the message from ABB-South Africa was that Service Provider B was required to be used by Eskom, the American employee felt he had no choice but to arrange this waiver” corrupt Subcontractor 2.

In short, there is much to unpack in this matter. Join us tomorrow where we look at the bribery schemes.