Tag: fraud

Categories
Blog

Lafarge Part 2: The Funding Schemes and Red Flags

We continue our exploration of one of the most public cases of corporate moral bankruptcy where Lafarge SA and its Syria unit Lafarge Cement Syria, or LCS, each pled guilty to a count of conspiring to provide material support to foreign terrorist organizations and will pay a total of $777.78 million.  According to the Plea Agreement, this amount consisted of a total criminal fine of approximately $91 million and forfeiture of $687 million. As I noted in Part 1, this is not a Foreign Corrupt Practices Act (FCPA) enforcement action, but an enforcement action based on USC §2339B for one count of conspiracy to provide material support to one or more foreign terrorist organizations. While this is not a FCPA enforcement action, the mechanisms by which Lafarge paid bribes or otherwise funded the terrorist organizations ISIS and ANF are instructive for the anti-corruption compliance professional. These strategies were laid out in the Statement of Facts.

As noted in the Department of Justice (DOJ) Press Release, “After the start of the Syrian Civil War in 2011, Lafarge and LCS negotiated agreements to pay armed factions in the Civil War to protect LCS employees, to ensure continued operation of the Jalabiyeh Cement Plant, and to obtain economic advantage over their competitors in the Syrian cement market… LCS executives purchased raw materials needed to manufacture cement from ISIS-controlled suppliers; paid monthly “donations” to armed groups, including ISIS and ANF, so that employees, customers and suppliers could traverse checkpoints controlled by the armed groups on roads around the Jalabiyeh Cement Plant; and eventually agreed to make payments to ISIS based on the volume of cement that LCS sold to its customers, which Lafarge and LCS executives likened to paying “taxes.” Lafarge and LCS executives intentionally structured their agreements with ISIS to compensate the terrorist organization based on the amount of cement that LCS was able to sell – effectively, a revenue-sharing agreement – to incentivize the terrorist group to act in LCS’s economic interest.”

From August 2013 through October 2014, Lafarge and LCS paid ISIS and ANF, through intermediaries, the equivalent of approximately $5.92 million, through a variety of schemes. One consisting of fixed monthly “donation” payments to ISIS and ANF. According to the Statement of Facts, “LAFARGE and LCS conspired to make various payments, through intermediaries, to and for the benefit of ISIS and ANF, which the government estimates totaled the equivalent of approximately $5.92 million. These payments consisted, at various times, of flat monthly “donation” payments totaling approximately $816,000.”

There was also a variable payment scheme based on the amount of cement LCS sold that totaled approximately $1,654,466. Under this variable payment scheme, it tied Lafarge’s and LCS’s obligation to pay ANF and ISIS to the amount of cement sold from the plant. This arrangement should ensure “that the payments would be made by LCS’s customer-distributors directly to ANF and ISIS, and to ensure that PYD and ISIS were able to collect the full amount of the payments from the customer-distributors, LCS would provide PYD and ISIS with records of LCS’s sales to its customer-distributors.”

Finally, there were the “payments to ISIS-controlled suppliers to purchase raw materials needed to produce cement that totaled approximately $3,447,528.” These payments were made through intermediary brokered material supply agreements. These ISIS controlled suppliers then paid monies to ISIS based on the amount of their sales to LCS.

Lafarge and LCS executives actively concealed their scheme to provide material support to ISIS and ANF. According to the Press Release:

  • Lafarge and LCS executives required intermediaries to create business entities with names not obviously linked to the intermediaries and created invoices with false descriptions of services rendered for an intermediary to submit to LCS.
  • LCS executives structured the revenue-sharing payments to ISIS so that LCS’s customers would pay ISIS the amounts owed under LCS’s agreement with ISIS, while LCS discounted the prices it charged to the customers to reimburse them. To ensure that LCS’s customers did not underpay ISIS, LCS agreed to provide ISIS with periodic sales reports, which ISIS could use to verify that LCS’s customers were paying the amounts owed under the terms of LCS’s agreement with ISIS.
  • To further conceal the arrangements, Lafarge and LCS executives attempted to require ISIS not to include the name “Lafarge” on the documents memorializing and implementing their agreements.
  • Many of the Lafarge and LCS executives involved in the scheme used personal email addresses, rather than their corporate email addresses, to carry out of the conspiracy.
  • In October 2014, as a condition of paying an intermediary for having negotiated with ISIS and other armed groups, Lafarge and LCS executives required the intermediary to sign an agreement terminating his agreement to provide services to LCS. Critically, the Lafarge and LCS executives backdated the termination agreement to Aug. 18, 2014, a date shortly after the United Nations Security Council had issued a resolution calling on member states to prohibit doing business with ISIS and ANF, to falsely suggest that he had not been negotiating with ISIS on behalf of LCS after the UN resolution.

Once again there are multiple compliance lessons from this recitation. The use of ‘donations’ to cover the payments to ISIS should have been a glaring red flag for anyone looking. The lack of due diligence on the intermediaries and suppliers is also a glaring oversight. The attempts to hide the nature of the transactions by Lafarge’s executives by requiring the intermediaries to create entities with names not associated is another red flag. Of course, the fraudulent descriptions for services should also be considered. Finally, there was the deletion of the name of Lafarge of LCS from its written contracts with ISIS.

There is one other area that bears consideration by the compliance professional. It is in the area of internal communications. As noted, “Many of the Lafarge and LCS executives involved in the scheme used personal email addresses, rather than their corporate email addresses, to carry out of the conspiracy.” In September, the Securities and Exchange Commission (SEC) announced “charges against 15 broker-dealers and one affiliated investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders, acknowledged that their conduct violated recordkeeping provisions of the federal securities laws, agreed to pay combined penalties of more than $1.1 billion, and have begun implementing improvements to their compliance policies and procedures to settle these matters.”

Now consider that whopping fine and enforcement action in the context of the fraud of Lafarge executives. They were using communication tools outside standard communication channels to facilitate their crimes with ISIS and ANF. While in this matter, the emails were preserved (and made a part of the Statement of Facts); compliance professionals need to work with their corporate IT folks to make sure no executives or employees are using tools outside standard communications channels like AOL accounts or Gmail.

Join us tomorrow for some final thoughts on this sordid matter.

Categories
Daily Compliance News

September 21, 2022 the Cheating in Chess Edition

In today’s edition of Daily Compliance News:

  • Morgan Stanley to pay $35MM for mishandling customer data. (Reuters)
  • More on the cheating in chess scandal. (FT)
  • 47 persons were charged with theft from a child’s food program. (WaPo)
  • Former USC Dean pleads guilty to corruption charges. (Channel 7 News)
Categories
Daily Compliance News

September 14, 2022 the Is Twitter Lying Edition

In today’s edition of Daily Compliance News:

  • Ideanomics announces FCPA investigation. (FCPA Clearinghouse)
  • Who is responsible for client losses? (Bloomberg)
  • Mudge says Twitter lying about security flaws. (NYT)
  • Google loses EU anti-trust appeal. (Reuters)
Categories
Daily Compliance News

August 18, 2022 the More KPMG Woes Edition

In today’s edition of Daily Compliance News:

·       Tokyo Olympic organizer arrested on bribery charges. (Bloomberg)

·       More fines for KPMG. (WSJ)

·       Frozen Karimova cash returned to Uzbekistan. (OCCRP)

·       Would you rent a used house from this man? (Reuters)

Categories
Daily Compliance News

August 15, 2022 the Too Little Too Late edition

In today’s edition of Daily Compliance News:

  • Another former Platinum Partners exec was convicted of fraud. (Reuters)
  • Deshaun Watson, now sorry. (ESPN)
  • TikTok is facing legal and regulatory scrutiny over national security concerns. (NYT)
  • Paraguayan VP to resign. (WaPo)
Categories
Daily Compliance News

July 28, 2022 the Take the SFO Seriously edition

In today’s edition of Daily Compliance News:

  • UK needs to take SFO (and fraud) seriously. (FT)
  • Neymar (et al) to stand trial for fraud in transfer to Barca. (ESPN)
  • Credit Suisse to conduct a strategic review. Will it include compliance? (WSJ)
  • Musk wants more time to prepare for trial (yet again). (Reuters)
Categories
Blog

Biotronik Anti-Kickback Enforcement Action: Bribery Schemes and Lessons Learned

Today we conclude our series on a Federal Anti-Kickback enforcement action which was announced last week, involving the Oregon based medical device manufacturer Biotronik Inc. (Biotronik). Today, I want to consider the corruption schemes and the lessons learned for the compliance professional. As stated in the Settlement Agreement, Biotronik “knowingly caused the submission of false claims for payment to federal healthcare programs by providing remuneration to physicians to induce them to use Biotronik’s CRM devices in violation of the Anti-Kickback Statute, 42 U.S.C. § 1320a-7b(b).”

I. The Bribery Schemes

 a. Abuse of Training Programs

The Settlement Agreement alleges “Biotronik knowingly paid excessive payments to physicians with a purpose of inducing and rewarding their use of Biotronik’s pacemakers, defibrillators, and other cardiac devices. One of ways the company did so was through “its new employee training program (“Training Program”) by knowingly paying some of its physician customers (“Training Physicians”) to provide excessive employee trainings.” Under this scheme, the Training Physicians were to be paid a fixed fee of approximately $400.00 each time a Biotronik employee trainee received training during one of the Training Physician’s CRM implant procedures. For instance, under the Training Program implant procedure, the “Training Physician was supposed to educate the employee trainee on Biotronik’s devices and teach how to assist a physician during an implant procedure.”

However, it was the sales team which set up these training programs. Biotronik’s compliance and training functions warned that “Biotronik’s salespeople had too much influence in the selection of Training Physicians, that the Training program and resulting payments were being over- utilized, and that the goal of educating Biotronik employees could be achieved without paying Training Physicians.” However, “Biotronik permitted trainees to attend an excessive number of training procedures for which Training Physicians received payment from Biotronik without first conducting an adequate assessment of the trainee’s need for additional training.”

To further line the pockets of the Training Physicians, “salespeople, including managers, intentionally prevented otherwise qualified trainees from successfully completing the Training Program, not because they needed additional training, but rather as a means of ensuring that the trainee could attend more trainings, thereby purportedly justifying additional payments to Training Physicians.” Biotronik also knowingly paid Training Physicians for some trainings that either never occurred or was of little or no value to trainees. This included paying one “Training Physician for certain trainings for which there was no trainee physically present to observe the implant procedure.”

b.  Lavish Entertainment

The Settlement Agreement also alleged that “Biotronik knowingly paid for lavish meals, entertainment, and travel for certain physicians who are known to Biotronik and the United States (hereinafter the “Subject Physicians”) with a purpose of inducing and rewarding their use of Biotronik’s pacemakers, defibrillators, and other cardiac devices.” The company “did not require sign in sheets for lavish meals with physicians and did not use adequate methods to verify the number or identity of attendees or to confirm whether the meals were for a legitimate business purpose.”

This led to  some Biotronik employees falsifying “receipts and participant lists, making it possible to exceed the company’s compliance spending limit per attendee.” These meals and outings often included little or no legitimate business discussion. There was also the amount of the entertainment expense, which included “winery tours, annual office holiday parties, and lavish meals with certain Subject Physicians and their guests at high-end restaurants.” Yet another example of spending far too much on entertainment was “one Subject Physician’s international business class airfare and honoraria in the thousands of dollars for a short, 30-minute talk at an international conference.”

II. Biotronik Remediation

No doubt one of the reasons Biotronik did receive the settlement amount was that, at some point, it recognized the issues and instituted remediation. With the training programs “beginning in 2017, Biotronik added new compliance measures and oversight of the Training Program, limited the number of Training Program events, and reduced payments made in connection with such Training Program events.” In April 2021, Biotronik hired a new Vice President of Compliance and was able to get the lavish entertainment under control by adding “new compliance measures related to the provision of meals and travel to healthcare providers which provided additional employee training, imposed new restrictions, and improved oversight to identify and prevent meal and travel policy violations.”

III. Lessons Learned

There are multiple lessons here for the compliance professional outside the laws under which Biotronik ran afoul. Perhaps the clearest and foremost is that compliance not only needs visibility into areas of risk about also some modicum of control. In the area of Physician Training, the Settlement Agreement specifically noted that the Biotronik compliance function “warned that Biotronik’s salespeople had too much influence in the selection of Training Physicians, that the Training program and resulting payments were being over-utilized, and that the goal of educating Biotronik employees could be achieved without paying Training Physicians.” Here a control should have been put in place which required compliance approval before payments and reimbursements were made for the training. This is similar to a compliance oversight and control of expenses paid or reimbursed to foreign government officials in a Foreign Corrupt Practices Act (FCPA) compliance program.

Interestingly, the Department of Justice (DOJ) also discussed a more nuanced approach to determining if the Physician’s Training is both initially warranted and then continues to be warranted. This is ongoing monitoring. Obviously for Biotronik, one of their risks was when the company paid for training provided by doctors who could also prescribe the company’s products and services. The risk to the company is similar to the risk of an internationally focused company doing business with foreign governments or state-owned enterprises, under the FCPA. If you are paying out monies for training and that puts you in a high-risk category, you need to make sure those receiving the training are required to receive it or even need it.

Under the lavish spending on entertainment and travel, the same type of analysis can apply. The key is both “reasonable spending and business purpose.” The amount spent must be reasonable for the time, locale and participants. There should also be an articulated business purpose for the dinner or other event.

Under the FCPA, there is no threshold that a Company can establish a value for business entertainment. However, I believe there are clear guidelines which should be incorporated into your business expenditure policy, which should include the following:

  • A reasonable balance must exist for bona fide business entertainment during an official business trip.
  • All business entertainment expenses must be reasonable.
  • The business entertainment expense must be commensurate with local custom and practice.
  • The business entertainment expense must avoid the appearance of impropriety.
  • The business entertainment expense must be supported by appropriate documentation and properly recorded on the company’s book and records.

The incorporation of these concepts into a compliance policy is a good first step towards preventing potential violations from arising, but it must be emphasized that they are only a first step. There must be procedures to implement these policies. At a minimum, you must require a business justification from the business representative requesting to provide the gift or business entertainment. Next it should be reviewed and approved by a front-line compliance professional. Then, depending on the amount and nature of the request, it may need Chief Compliance Officer (CCO) approval. Finally, if there is a Compliance Committee it should go to that Committee for a final check to make sure everything is in order.

These guidelines must be coupled with active training of all personnel, not only on a company’s compliance policy, but also on the corporate and individual consequences for violation of the policy. Lastly, it is imperative that all such business entertainment be properly recorded, as required by the books and records component of the FCPA.

And, as always, do not forget the gut check test.

Categories
Compliance Into the Weeds

The Wild and Wacky World of Control Failures

Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we dive deeply into the recent story of an in-house attorney who was disbarred for fraudulent activities in creating fraudulent claims and settlements.  Highlights include:

·      Background facts.

·      Conflicts of Interests.

·      What were the internal control failures?

·      Were they material?

·      Lessons for the compliance professional.

Resources

Matt in Radical Compliance

Categories
Daily Compliance News

July 20, 2022 the Going to Trial edition


In today’s edition of Daily Compliance News:
·       Twitter-Musk trial set for October.   (WSJ)
·       Italian prosecutor drops ENI acquittal appeal.  (MarketWatch)
·       Layoffs hit crypto compliance personnel. (WSJ)
·       DOJ puts Amazon and civil litigants in ‘Time Out’. (WaPo)

Categories
Blog

EY Fined $100 Million

In a stunning announcement, the SEC announced an enforcement action against the international auditing firm EY. The enforcement action could not have been more directly in the ethical wheelhouse, with significant compliance implications. In its Press Release the SEC stated, it had “charged Ernst & Young LLP (EY) for cheating by its audit professionals on exams required to obtain and maintain Certified Public Accountant (CPA) licenses, and for withholding evidence of this misconduct from the SEC’s Enforcement Division during the Division’s investigation of the matter.”

Gurbir S. Grewal, Director of the SEC’s Enforcement Division, said in the Press Release, “This action involves breaches of trust by gatekeepers within the gatekeeper entrusted to audit many of our Nation’s public companies. It’s simply outrageous that the very professionals responsible for catching cheating by clients cheated on ethics exams of all things. And it’s equally shocking that Ernst & Young hindered our investigation of this misconduct. This action should serve as a clear message that the SEC will not tolerate integrity failures by independent auditors who choose the easier wrong over the harder right.

In an agreed Order, EY admitted that “over multiple years, a significant number of EY audit professionals cheated on the ethics component of CPA exams and various continuing professional education courses required to maintain CPA licenses, including ones designed to ensure that accountants can properly evaluate whether clients’ financial statements comply with Generally Accepted Accounting Principles.” But EY’s conduct did not stop there as the accounting firm also admitted “during the Enforcement Division’s investigation of potential cheating at the firm, EY made a submission conveying to the Division that EY did not have current issues with cheating when, in fact, the firm had been informed of potential cheating on a CPA ethics exam. EY also admits that it did not correct its submission even after it launched an internal investigation into cheating on CPA ethics and other exams and confirmed there had been cheating, and even after its senior lawyers discussed the matter with members of the firm’s senior management. And as the Order finds, EY did not cooperate in the SEC’s investigation regarding its materially misleading submission.” For all of these actions, EY was fined $100 million.

Why does all this sound so familiar? It is because KPMG was caught engaging in similar conduct back in 2091. I wrote at the time, “How bad was KPMG’s conduct? … the conduct outlined in the Order is so egregious, detailing a culture which is completely unmoored from any ethical foundation, that any company using KPMG as an auditor must ask some very serious questions about not only the quality of the services they have received but also the very foundation of those services.” KPMG was fined $50 million.

Yet the EY fine was double the KPMG fine. Why? One clue comes from the Order which stated, “This case involves Ernst & Young’s failures to act with the integrity required of a public company auditor. Over multiple years, a significant number of EY audit professionals cheated on the ethics component of the Certified Public Accountant (CPA) exam, as well as on a variety of other examinations required to maintain their CPA licenses. As this was ongoing, EY withheld this misconduct from SEC staff conducting an investigation of potential cheating at the firm. EY audit professionals’ repeated cheating on exams and the firm’s misrepresentations to the SEC violated ethics and integrity standards and discredited the accounting profession.” In other words, as bad as cheating on exams is, withholding information from the SEC, while it is conducting an investigation on that issues is equally if not worse conduct.

Regarding this additional misconduct, the Order stated, “EY withheld this misconduct from the SEC during an investigation about cheating at the firm. In June 2019, the SEC’s Division of Enforcement sent EY a formal request for information about complaints the firm had received regarding cheating on training exams. On the same day EY received this request, the firm received a tip that an audit professional had shared an answer key to a CPA ethics exam. EY did not disclose this information to the SEC. To the contrary, its submission indicated that the firm did not have any current issues with cheating. In light of the tip it had received, EY’s June 20 submission was materially misleading. But EY never corrected its submission. Even after the firm began an internal investigation, confirmed there had been cheating, and the matter was discussed among senior lawyers at the firm and with members of the firm’s senior management, EY still did not correct its misleading submission.”

The SEC’s ire was reflected in the remedy which mandated not one but three oversight roles on an ongoing basis. The EY oversight requires EY to evaluate the sufficiency and adequacy of its quality controls, policies, and procedures relevant to ethics and integrity and to responding to Information Request to determine whether they are designed and implemented in a manner that provides reasonable assurance of compliance with all professional standards, including those relating to ethics and integrity applicable to accountants and attorneys, in the following areas:

  1. The adequacy and sufficiency of ethics and integrity training and guidance,
  2. Whether EY’s culture is supportive of ethical and compliant conduct and maintaining integrity,
  3. Whether EY has designed and implemented appropriate policies and procedures relating to responding to Information Requests, and
  4. Whether EY has designed and implemented appropriate policies and procedures and deploys proper resources and oversight to comply with all professional standards relating to (i) monitoring to detect non- compliance; (ii) having appropriate reporting lines, compensation, and rewards; (iii) assigning responsibility for overseeing compliance to senior executives and managers with access to relevant information and personnel; and (iv) ensuring consistent discipline.

Even more damning is the requirement for two external monitors (called Independent Consultants). The first is review EY Policies and Procedures and issue a detailed written report: (i) summarizing its work; (ii) making recommendations, as the Policies and Procedures IC deems appropriate, reasonably designed to ensure that EY’s Policies and Procedures are adequate and sufficient to provide reasonable assurance of compliance with all professional standards. The second Independent Consultant is to review EY’s conduct relating to the Commission staff’s June 2019 Information Request, including whether any member of EY’s executive team, General Counsel’s Office, compliance staff, or other EY employees contributed to the firm’s failure to correct its misleading submission. They are to recommend discipline. Does that sound like the SEC trust EY to follow through with its obligations about now?

EY, like KPMG before it, acted as gatekeepers in the eyes of the law and the SEC. To see this level of fraud and then hiding of it is extremely disconcerting. Perhaps it is no wonder EY is about to split into two different entities: auditing and consulting. I wonder how many EY audits will be reviewed through the eyes of this Order.