Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 42 – The Holiday Edition

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode! Today, Tom and Kristy look back at some of their favorite stories from 2024.

 

Stories this week include:

  • Boeing DPA and Monitor
  • Deere FCPA Enforcement Action
  • TD Bank AML enforcement action
  • McKinsey-Opioid and FCPA resolutions
  • Elon Musk’s pay package and corporate governance
  • Musings from the bottom of the world
  • DOJ has received 200 tips since launching the whistleblower program (LEGALDIVE)
  • Sam Bankman-Fried and FTX
  • NYC Mayor Eric Adams, his corruption charges, and a possible Trump Pardon
  • The Greatness of Florida Man

Resources:

Kristy Grant-Hart on LinkedIn

Spark Consulting

Prove Your Worth

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Deere FCPA Enforcement Action: Lessons on Post-Acquisition Integration and Investigation in M&A

We recently had a Foreign Corrupt Practices Act (FCPA) enforcement action that reminded me that everything old is new again in anti-corruption compliance. The Securities and Exchange Commission (SEC) FCPA enforcement action involving Deere has bribery schemes that were torn literally from the first decade of the 21st century as they involved gifts, travel, and entertainment. In other words, it was about a low set of hanging fruit that any compliance officer would see. Today, I want to conclude my multipart look at the case and see what lessons the enforcement action can provide to the 2024 compliance professional.

Deere offers valuable insights for compliance professionals tasked with ensuring that corruption risks are identified, mitigated, and resolved during the post-acquisition phase of M&A. This post will explore the key lessons from the Deere FCPA enforcement action, focusing on post-acquisition integration and investigation. As organizations expand through acquisitions, especially in foreign markets, the compliance team is critical in safeguarding the company from inheriting liabilities that could have been avoided with effective post-acquisition measures.

Deere, a multinational corporation known for its agricultural machinery, faced FCPA enforcement following its acquisition of a foreign company, the Wirtgen Group, which operates in regions with high corruption risks, specifically in Thailand. The Wirtgen Group-Thailand had engaged in corrupt practices, including the bribery of foreign officials to win contracts. After the acquisition, these activities continued for a period, undetected by Deere’s compliance team, which had not yet fully integrated the acquired company into its compliance program.

This case is a cautionary tale for compliance professionals on the importance of swift and effective post-acquisition integration and investigation processes. The lesson here is clear: post-acquisition efforts cannot be an afterthought. They must be a central part of the compliance strategy from day one.

Establish a Post-Acquisition Integration Plan from the Start

One key takeaway from the Deere FCPA enforcement action is the need for a well-defined post-acquisition integration plan with a robust compliance component. All too often, post-acquisition focuses on operational integration, with compliance being pushed down the priority list. However, Deere’s case demonstrates that failing to integrate compliance programs immediately can result in ongoing illegal activities that expose the acquiring company to FCPA violations.

Compliance professionals must ensure that the integration plan includes the following.

Immediate roll-out of the parent company’s compliance policies and procedures to the acquired entity.

  • Compliance training for all acquired company employees, focusing on FCPA and anti-corruption standards.
  • Review and revise the acquired entity’s third-party relationships to ensure compliance with the company’s standards and the FCPA.
  • Enhanced monitoring of high-risk activities, particularly interactions with foreign officials or government contracts.

Had Deere implemented these steps immediately post-acquisition, it could have identified and halted the corrupt practices sooner, avoiding the costly consequences of prolonged illegal activities.

Prioritize Post-Acquisition Investigations

Post-acquisition investigations are crucial in identifying undisclosed or ongoing corrupt activities within the acquired entity. The Deere case highlights how important it is for compliance professionals to conduct thorough investigations after the acquisition to ensure that any risks missed during the pre-acquisition phase are uncovered.

Key components of a post-acquisition investigation include:**

  • Forensic reviews of financial transactions, particularly payments to third parties, to detect any suspicious or abnormal patterns that could indicate bribery or corruption.
  • Employee interviews at various levels of the acquired entity to gather information about day-to-day operations, compliance culture, and potential risks.
  • Contracts and business deals are reviewed to ensure no irregularities or unethical practices, particularly in jurisdictions with high corruption risks.
  • 3rd-party audits of key suppliers, agents, and intermediaries who may have been involved in transactions with government entities or foreign officials.

In Deere’s case, a thorough post-acquisition investigation could have identified the ongoing corrupt practices early, allowing the company to take corrective action before it became the subject of an FCPA enforcement action.

Leverage Internal and External Resources for Compliance Integration

Deere’s failure to quickly integrate its compliance program into the acquired entity highlights the need for compliance professionals to leverage internal and external resources to accelerate the integration process. Post-acquisition compliance integration is often resource-intensive, especially when acquiring companies with operations in high-risk regions.

Key steps include the following.

  • Internal audit teams will be utilized to conduct a deep-dive assessment of the acquired entity’s financial and operational controls, focusing on FCPA compliance.
  • Engaging external forensic auditors and FCPA specialists to assist with investigations in high-risk jurisdictions where corruption is more likely to occur.
  • Establishing cross-functional teams that include representatives from compliance, legal, finance, and operations to ensure that compliance integration is holistic and touches every aspect of the acquired business.

Deere could have benefited from engaging external experts to help accelerate the compliance integration process and identify areas of concern within the newly acquired entity. By failing to do so, the company allowed corrupt practices to continue, resulting in significant FCPA penalties.

Monitor and Reassess Compliance Risks Regularly

Post-acquisition compliance efforts don’t end with the initial integration. Continuous monitoring and reassessment of compliance risks are essential to ensure that the acquired entity remains aligned with the parent company’s standards and the requirements of the FCPA. This is particularly important in industries and regions where corruption is more prevalent.

Continuous monitoring should include the following.

  • Regular audits of financial transactions and third-party payments.
  • Ongoing risk assessments that factor in changes in business operations, market conditions, and regulatory environments.
  • Compliance reporting mechanisms, such as whistleblower hotlines, allow employees of the acquired entity to report any concerns anonymously.
  • Periodic reviews of the acquired entity’s compliance culture are needed to ensure that employees adhere to the company’s anti-corruption policies.

In Deere’s case, ongoing monitoring could have helped identify and mitigate corruption risks earlier in the post-acquisition phase. The absence of regular monitoring and reassessments allowed corrupt practices to continue unchecked for an extended period.

Act Swiftly on Red Flags if They Appear

The most critical lesson from the Deere case is quickly identifying red flags. In this case, the acquired entity had numerous warning signs, including operations in high-risk regions, dealings with government officials, and lacking robust internal controls. However, these red flags should have been addressed promptly, allowing illegal activities to persist.

When red flags are identified, take some of the following steps.

  • Launch a formal investigation immediately to determine the scope of the issue.
  • Take corrective action, including terminating contracts with third parties involved in corrupt practices or dismissing employees who engage in illegal activities.
  • Notify regulatory authorities if there is a risk of FCPA violations and work proactively to resolve the issue before enforcement actions are taken.

Had Deere acted swiftly on the red flags within the acquired entity, the company might have been able to avoid the FCPA enforcement action and the associated penalties.

The Deere FCPA enforcement action provides a sobering reminder that compliance efforts cannot end with signing an acquisition deal. For compliance professionals, the real work begins in the post-acquisition phase. By prioritizing compliance integration, conducting thorough post-acquisition investigations, leveraging internal and external resources, continuously monitoring compliance risks, and swiftly acting on red flags, companies can avoid the pitfalls that Deere faced.

In today’s global business environment, with companies expanding through M&A in high-risk jurisdictions, compliance professionals must take a proactive and vigilant approach to post-acquisition compliance. The lessons from Deere remind us that the cost of failure is high, but with the right strategies in place, the risks can be managed effectively.

As a compliance professional, your role is to ensure post-acquisition compliance becomes integral to your company’s M&A strategy, protecting your organization from FCPA risks and safeguarding its reputation in the global marketplace.

Categories
Blog

Deere’s FCPA Enforcement Action: Lessons on Corrupt Payments

We recently had a Foreign Corrupt Practices Act (FCPA) enforcement action that reminded me that everything old is new again in anti-corruption compliance. The Securities and Exchange Commission (SEC) FCPA enforcement action involving Deere has bribery schemes that were torn literally from the first decade of the 21st century as they involved gifts, travel, and entertainment. In other words, it was about a low set of hanging fruit that any compliance officer would see. Yesterday, I laid out the broad strokes of the Deere enforcement action. Today, I want to take a multipart look at the case and see what lessons the enforcement action can provide to the 2024 compliance professional.

As compliance professionals, we are all too familiar with the risks posed by bribery and corruption, especially in high-risk jurisdictions. The case involving Wirtgen Thailand’s bribery of government officials through direct cash payments and third-party agents is a stark reminder of how corrupt practices can infiltrate even well-established companies. Between 2018 and 2020, Wirtgen Thailand’s Managing Director and Finance Manager conspired to pay bribes to government officials in Thailand’s Department of Highways (DOH), Department of Rural Roads (DRR), and the Royal Thai Air Force (RTAF) to secure lucrative contracts, ultimately reaping illicit profits of $2.7 million.

This case offers valuable lessons for compliance professionals on the importance of monitoring, oversight, and due diligence—especially when dealing with third-party agents. In this blog post, I’ll summarize the key compliance lessons learned from the Wirtgen Thailand case and discuss actionable steps compliance officers can take to mitigate similar risks.

The Role of Leadership in Facilitating Bribery

One of the most glaring aspects of this case is the direct involvement of Wirtgen Thailand’s Managing Director. From instructing the Finance Manager to withdraw cash for bribes to coordinating payments with a third-party consultant, the Managing Director was a central figure in orchestrating the scheme. This demonstrates how misconduct at the leadership level can significantly increase the risk of non-compliance.

A key lesson for Compliance Professionals is that senior leadership buy-in is critical for an effective compliance program. When senior management is involved in unethical practices, it undermines the entire compliance framework. Compliance professionals must ensure that leaders are aware of the company’s anti-bribery policies and held accountable. This requires a top-down approach where ethics and compliance are ingrained in the corporate culture. Regular training for executives and a clear tone at the top are essential.

Cash Payments and Red Flags in Internal Communication

In this case, the Managing Director in Thailand explicitly instructed the Finance Manager to prepare envelopes filled with cash for government officials. The internal communication between the two, including text messages referencing “candy money” and specific instructions on how much to withdraw, left a clear paper trail of bribery.

The lesson for Compliance Professionals is that internal communications can provide early indicators of corrupt activities. Compliance officers should work closely with IT and HR departments to implement systems for monitoring suspicious communications, especially when they involve terms that could be euphemisms for illicit activities (e.g., “candy money”). It is also important to encourage employees to report any unusual communication patterns they observe through anonymous whistleblower channels.

Regular internal communications audits, especially in high-risk regions, can help detect bribery schemes early. Additionally, it is crucial to ensure that finance and accounting departments are well-trained on red flags, such as unusual cash withdrawals.

Third-Party Risks and Sham Commission Agreements

In this case, one of the most common methods of paying bribes was through a third-party consultant. Wirtgen Thailand signed sham commission agreements with a consultant who provided no legitimate services but acted as a conduit for bribes. These agreements facilitated payments of nearly $285,129 to government officials under the guise of commissions.

The lesson for Compliance Professionals in this area is that (once again) using third-party agents is one of the most significant risks in international business operations, particularly in jurisdictions where corruption is prevalent. Third-party consultants often act as intermediaries in bribery schemes, allowing companies to maintain plausible deniability. This makes third-party due diligence essential.

Compliance programs should include a thorough vetting process for third parties, including background checks, reputational risk assessments, and an analysis of the legitimacy of services provided. Red flags include vague service descriptions in contracts, unusually high commission fees, and the need for proper documentation.

But once again, appropriate vetting is not the end of the equation. It is crucial to establish ongoing monitoring of third-party relationships, including periodic reviews of commission payments and ensuring that the services provided match the fees being paid. This ongoing scrutiny can prevent third-party intermediaries from being used to facilitate bribery.

False Documentation and Fraudulent Reporting

Wirtgen Thailand’s Managing Director and Finance Manager created false documentation, including sham commission agreements and expense reports, to cover up their bribery scheme. They also submitted Applications for Approval of Commissions to other managers in Thailand to authorize these illicit payments.

Unfortunately, the lesson from Compliance Professionals is that fraudulent documentation is a common tactic used to conceal bribery and other forms of corruption. Compliance programs should include regular audits and reviews of documentation related to third-party payments, contracts, and expense reports. Any inconsistencies, missing information, or vague descriptions should be flagged for further investigation.

Furthermore, employees responsible for approving third-party payments or commissions should be trained to spot red flags and have clear guidelines on what constitutes a legitimate business expense versus a suspicious transaction. Compliance teams must also ensure that finance departments are fully integrated into the anti-bribery framework and are regularly monitored for compliance with anti-corruption policies.

Impact of Bribery on Business Outcomes

From 2018 to 2020, Wirtgen Thailand obtained $4.67 million in business from bribery, reaping illicit profits of approximately $2.7 million. While these figures may seem like a short-term business win, the long-term consequences—including legal penalties, reputational damage, and loss of shareholder trust—far outweigh any financial gains.

Compliance Professionals understand this final lesson but only sometimes articulate so the business folks understand the invidiousness of bribery and corruption. While bribery might provide a short-term competitive edge, the long-term damage to a company’s reputation and bottom line can be catastrophic. Compliance officers must work to foster a corporate culture that prioritizes ethical behavior over quick wins. This includes educating employees on the long-term risks of bribery, such as criminal penalties under anti-corruption laws, hefty fines, and the possibility of debarment from future government contracts. It is important to consistently communicate that ethical conduct is the right thing to do and the most sustainable business strategy.

The Wirtgen Thailand bribery case serves as a cautionary tale for compliance professionals. It underscores the importance of robust third-party due diligence, the need for strong leadership oversight, and the critical role that compliance programs play in preventing bribery and corruption. By learning from the failures in this case, compliance officers can better protect their companies from similar risks and reinforce a culture of integrity and ethical behavior across the organization.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Lesson from The John Deere FCPA Enforcement Action – Gifts, Travel and Entertainment

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

The basics of GTE have been in place since 2007, in opinion Release 07-01. Pressure tests your GTE policies and procedures to make sure your compliance program still meets them.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Everything Old is New Again: The John Deere FCPA Enforcement Action

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today we review the basics of the John Deere enforcement action and why it is so instructive for compliance professionals.

 

Categories
Blog

The John Deere’s FCPA Case: A Throwback to Compliance Fundamentals

In corporate compliance, some very basic compliance lessons are destined to be repeated. This was clear from the recently announced Securities and Exchange Commission (SEC) Foreign Corruption Practices Act enforcement action involving Deere (John Deere herein). The $9.9 million settlement between John Deere and the SEC involved FCPA violations at its Wirtgen Group subsidiary. It offers a stark reminder that even the most established companies can stumble over basic compliance principles. For those in the compliance community, this case highlights the importance of robust integration post-acquisition and serves as a throwback to classic FCPA pitfalls that should have been avoided.

The John Deere Case: A Synopsis

According to the SEC Press Release announcing the resolution, “From at least late 2017 through 2020, Wirtgen Thailand employees bribed Thai government officials with the Royal Thai Air Force, the Department of Highways, and the Department of Rural Roads to win multiple government contracts and also bribed employees of a private company to win sales to that company. The order finds that the bribes included cash payments, massage parlor visits, and international travel for government officials and private company employees. According to the SEC’s order, Wirtgen Thailand made approximately $4.3 million in profits” from these bribes. The improper payments were inaccurately recorded as legitimate expenses in Deere’s books and records.

The settlement resulted in John Deere paying $9.9 million in penalties and disgorgements. While the case details could easily be mistaken for a compliance nightmare from the early 2000s, it happened just last year, making it a timely cautionary tale for compliance professionals today.

The Importance of Post-Acquisition Integration

One of the most glaring issues in this case was John Deere’s failure to integrate Wirtgen’s operations into its compliance program swiftly. This lapse is a textbook example of the risks arising when companies fail to prioritize compliance during and after mergers and acquisitions. The SEC’s settlement order emphasized this point, making it clear that Deere’s delay in extending its compliance framework to Wirtgen created an environment where bribery and corruption could thrive unchecked.

This raises critical questions for compliance professionals: How quickly can we realistically integrate an acquired company into our compliance program? What resources are needed to ensure this integration happens efficiently? The answers to these questions are theoretical; they have real-world implications for preventing violations and avoiding costly enforcement actions.

The Role of Internal Controls and Red Flags

The SEC’s order also highlighted several internal control failures and red flags Deere’s compliance team should have caught regarding gifts, travel, and entertainment (GTE). Expense reports with round numbers, lack of detail in expense documentation, and including non-existent employees to justify expenses are all classic indicators of fraud and bribery. Yet, these obvious signs were missed—or worse, ignored. What makes all of this even more egregious is that the rules around gifts, travel, and entertainment for clients have long been known, since at least 2007 when the Department of Justice (DOJ) issued Opinion Releases 07-01 and 07-02, which detailed the DOJ’s expectations for GTE going forward.

This oversight suggests a deeper issue: a lack of robust internal audit and compliance mechanisms within Deere at the time. It is a stark reminder that strong internal controls are not just a regulatory requirement but essential tools for detecting and preventing unethical behavior. The lesson for compliance officers is to continually assess and strengthen these controls, ensuring they can identify red flags before they escalate into full-blown violations.

The Perennial Importance of Pre-Acquisition Due Diligence

Another critical aspect of this case is the apparent need for thorough pre-acquisition due diligence. The SEC’s order does not mention evidence of John Deere conducting such due diligence before acquiring Wirtgen, raising serious concerns about the company’s risk assessment process. In high-risk markets like Thailand, where corruption is pervasive, skipping or skimping due diligence can be costly.

Compliance professionals should take this as a reminder to prioritize comprehensive due diligence in any acquisition, especially when the target operates in regions of corruption risks. This includes reviewing the target’s compliance program and understanding its business practices, key relationships, and potential vulnerabilities. As Deere’s case demonstrates, failure to do so can expose a company to significant legal and financial liabilities.

Positive Steps and Root Cause Analysis

While the case against John Deere is filled with the company’s missteps, the company’s response post-settlement also offers some positive lessons. John Deere has enhanced its internal audit and compliance programs, including launching an in-house compliance podcast and a bi-monthly compliance newsletter. These initiatives reflect an effort to improve the company’s tone at the top and engage employees in ongoing compliance education.

Moreover, Deere’s commitment to conducting a root cause analysis is particularly noteworthy. We saw this set out by the DOJ in its enforcement action involving SAP earlier this year. Understanding the root causes of compliance failures is crucial for preventing future violations. In this case, the root cause seems to stem from a failure to integrate Wirtgen into John Deere’s compliance framework rather than from deficiencies in accounting or transparency. This distinction highlights the need for companies to identify compliance gaps and address the underlying issues that allow those gaps to exist in the first place.

For compliance professionals, the takeaway is clear: a robust root cause analysis is a vital component of any remediation effort. Whether conducted by the compliance team, internal audit, or an external party, this analysis should be thorough and inform subsequent risk assessments and program improvements.

Learning from the Past

In many ways, the John Deere case feels like a throwback to the early days of FCPA enforcement, when companies were still learning the ropes of anti-bribery compliance. The violations at Wirtgen Thailand are reminiscent of the kind of misconduct that the DOJ and SEC have warned against for over a decade, with the GTE issues mandated nearly 15 years ago. Yet, here we are in 2024, still grappling with the same basic issues.

The John Deere enforcement action serves as a sobering reminder that the fundamentals of compliance—strong internal controls, thorough due diligence, timely post-acquisition integration, and ongoing risk assessment—are as relevant today as they were 20 years ago. The challenge for compliance professionals is ensuring that these fundamentals are understood and deeply embedded in the company’s culture and operations.

Ultimately, the John Deere case is a call to action for the compliance community. It reminds us that even large, sophisticated companies can falter if they lose sight of the basics. It prompts us to revisit those basics in our organizations, ensuring that we are not just keeping up with the latest trends in compliance but also mastering the fundamentals that will protect our companies from tomorrow’s risks.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Everything Old is New Again – The John Deere FCPA Enforcement Action

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the recent Securities and Exchange Commission FCPA enforcement action involving John Deere.

The case centers on a $10 million civil penalty imposed by the SEC for bribery activities in the Thailand office of a newly acquired subsidiary, Wirtgen Group. This transgression spanned from 2017 to 2020, and despite having a code of business conduct, Wirtgen employees flouted rules by falsifying expenses, entertaining government officials at massage parlors, and engaging in a luxury sightseeing tour under the guise of a factory visit.

A critical issue was John Deere’s delayed integration of Wirtgen into its compliance program, leading to internal control lapses and obvious red flags in expense reports. Although Deere has since taken significant remedial actions, including firing culpable employees and enhancing its compliance and internal audit programs, the situation underscores persistent compliance challenges even for large, sophisticated firms. This episode serves as a reminder of the essential compliance lessons from past decades that firms must steadfastly adhere to.

Key Highlights:

  • Details of the Bribery Scheme
  • Internal Control Violations
  • Pre- and Post-Acquisition Due Diligence Issues
  • Remedial Steps and Improvements
  • Root Cause Analysis and Lessons Learned

Resources:

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn