In corporate compliance, some very basic compliance lessons are destined to be repeated. This was clear from the recently announced Securities and Exchange Commission (SEC) Foreign Corruption Practices Act enforcement action involving Deere (John Deere herein). The $9.9 million settlement between John Deere and the SEC involved FCPA violations at its Wirtgen Group subsidiary. It offers a stark reminder that even the most established companies can stumble over basic compliance principles. For those in the compliance community, this case highlights the importance of robust integration post-acquisition and serves as a throwback to classic FCPA pitfalls that should have been avoided.
The John Deere Case: A Synopsis
According to the SEC Press Release announcing the resolution, “From at least late 2017 through 2020, Wirtgen Thailand employees bribed Thai government officials with the Royal Thai Air Force, the Department of Highways, and the Department of Rural Roads to win multiple government contracts and also bribed employees of a private company to win sales to that company. The order finds that the bribes included cash payments, massage parlor visits, and international travel for government officials and private company employees. According to the SEC’s order, Wirtgen Thailand made approximately $4.3 million in profits” from these bribes. The improper payments were inaccurately recorded as legitimate expenses in Deere’s books and records.
The settlement resulted in John Deere paying $9.9 million in penalties and disgorgements. While the case details could easily be mistaken for a compliance nightmare from the early 2000s, it happened just last year, making it a timely cautionary tale for compliance professionals today.
The Importance of Post-Acquisition Integration
One of the most glaring issues in this case was John Deere’s failure to integrate Wirtgen’s operations into its compliance program swiftly. This lapse is a textbook example of the risks arising when companies fail to prioritize compliance during and after mergers and acquisitions. The SEC’s settlement order emphasized this point, making it clear that Deere’s delay in extending its compliance framework to Wirtgen created an environment where bribery and corruption could thrive unchecked.
This raises critical questions for compliance professionals: How quickly can we realistically integrate an acquired company into our compliance program? What resources are needed to ensure this integration happens efficiently? The answers to these questions are theoretical; they have real-world implications for preventing violations and avoiding costly enforcement actions.
The Role of Internal Controls and Red Flags
The SEC’s order also highlighted several internal control failures and red flags Deere’s compliance team should have caught regarding gifts, travel, and entertainment (GTE). Expense reports with round numbers, lack of detail in expense documentation, and including non-existent employees to justify expenses are all classic indicators of fraud and bribery. Yet, these obvious signs were missed—or worse, ignored. What makes all of this even more egregious is that the rules around gifts, travel, and entertainment for clients have long been known, since at least 2007 when the Department of Justice (DOJ) issued Opinion Releases 07-01 and 07-02, which detailed the DOJ’s expectations for GTE going forward.
This oversight suggests a deeper issue: a lack of robust internal audit and compliance mechanisms within Deere at the time. It is a stark reminder that strong internal controls are not just a regulatory requirement but essential tools for detecting and preventing unethical behavior. The lesson for compliance officers is to continually assess and strengthen these controls, ensuring they can identify red flags before they escalate into full-blown violations.
The Perennial Importance of Pre-Acquisition Due Diligence
Another critical aspect of this case is the apparent need for thorough pre-acquisition due diligence. The SEC’s order does not mention evidence of John Deere conducting such due diligence before acquiring Wirtgen, raising serious concerns about the company’s risk assessment process. In high-risk markets like Thailand, where corruption is pervasive, skipping or skimping due diligence can be costly.
Compliance professionals should take this as a reminder to prioritize comprehensive due diligence in any acquisition, especially when the target operates in regions of corruption risks. This includes reviewing the target’s compliance program and understanding its business practices, key relationships, and potential vulnerabilities. As Deere’s case demonstrates, failure to do so can expose a company to significant legal and financial liabilities.
Positive Steps and Root Cause Analysis
While the case against John Deere is filled with the company’s missteps, the company’s response post-settlement also offers some positive lessons. John Deere has enhanced its internal audit and compliance programs, including launching an in-house compliance podcast and a bi-monthly compliance newsletter. These initiatives reflect an effort to improve the company’s tone at the top and engage employees in ongoing compliance education.
Moreover, Deere’s commitment to conducting a root cause analysis is particularly noteworthy. We saw this set out by the DOJ in its enforcement action involving SAP earlier this year. Understanding the root causes of compliance failures is crucial for preventing future violations. In this case, the root cause seems to stem from a failure to integrate Wirtgen into John Deere’s compliance framework rather than from deficiencies in accounting or transparency. This distinction highlights the need for companies to identify compliance gaps and address the underlying issues that allow those gaps to exist in the first place.
For compliance professionals, the takeaway is clear: a robust root cause analysis is a vital component of any remediation effort. Whether conducted by the compliance team, internal audit, or an external party, this analysis should be thorough and inform subsequent risk assessments and program improvements.
Learning from the Past
In many ways, the John Deere case feels like a throwback to the early days of FCPA enforcement, when companies were still learning the ropes of anti-bribery compliance. The violations at Wirtgen Thailand are reminiscent of the kind of misconduct that the DOJ and SEC have warned against for over a decade, with the GTE issues mandated nearly 15 years ago. Yet, here we are in 2024, still grappling with the same basic issues.
The John Deere enforcement action serves as a sobering reminder that the fundamentals of compliance—strong internal controls, thorough due diligence, timely post-acquisition integration, and ongoing risk assessment—are as relevant today as they were 20 years ago. The challenge for compliance professionals is ensuring that these fundamentals are understood and deeply embedded in the company’s culture and operations.
Ultimately, the John Deere case is a call to action for the compliance community. It reminds us that even large, sophisticated companies can falter if they lose sight of the basics. It prompts us to revisit those basics in our organizations, ensuring that we are not just keeping up with the latest trends in compliance but also mastering the fundamentals that will protect our companies from tomorrow’s risks.
