Categories
From the Editor's Desk

October and November in Compliance Week

Welcome to From the Editor’s Desk, a podcast where co-hosts Tom Fox and Kyle Brasseur, EIC at Compliance Week, unpack some of the top stories which have appeared in Compliance Week over the past month, look at top compliance stories upcoming for the next month, talk some sports and generally try to solve the world’s problems.

In this month’s episode, we look back at top stories in CW from October around the Lafarge criminal action, the former Uber CISO convicted criminally for attempting to hide a data breach, and the agreement between Google and the DOJ for the company to create a position of a legal compliance monitor. We previewed some of the stories CW will look at in November, including the current state of SEC rulemaking, and Kyle teased out some findings from the CW ‘Inside the Mind of the CCO’ survey, which recently concluded.

We conclude with a look at some of the top sports stories, including a look at a Red Sox fan’s view of the 2022 World Series, ask about a quarterback controversy in New England and overreact to the first week of the NBA season.

Categories
Blog

Lafarge Part 3: Final Thoughts

We conclude our exploration of one of the most public cases of corporate moral bankruptcy where Lafarge SA and its Syria unit Lafarge Cement Syria, or LCS, each pled guilty to a count of conspiring to provide material support to foreign terrorist organizations and will pay a total of $777.78 million.  According to the Plea Agreement, this amount consisted of a total criminal fine of approximately $91 million and forfeiture of $687 million. As previously noted, this is not a Foreign Corrupt Practices Act (FCPA) enforcement action, but an enforcement action based on USC §2339B for one count of conspiracy to provide material support to one or more foreign terrorist organizations. While this is not a FCPA enforcement action, the mechanisms by which Lafarge paid bribes or otherwise funded the terrorist organizations ISIS and ANF are instructive for the anti-corruption compliance professional. These strategies were laid out in the Statement of Facts and considered in Part 2 of this series.

The Costs of Corruption

One clear message from this matter is the cost of moral bankruptcy and corruption. As noted in the Statement of Facts, “From August 2013 through October 2014, Lafarge and LCS paid ISIS and ANF, through intermediaries, the equivalent of approximately $5.92 million.” For that amount of corruption, through the funding of terrorist and terrorism, Lafarge will pay a total fine of $777.78 million. About the only FCPA matter which comes close to this disparity in the amount of the bribe and penalty was the Avon FCPA enforcement action where bribes totaling $8 million led to led to a reported total penalty of $135 million. By the time of the resolution, Avon also had reported over $300 million in investigative costs.

At the times of the incidents in questions, 2012 to 2014, Lafarge had annual sales in the range of $2 billion plus and annual revenues in the range of $400 to $435 million. Very clearly the bribes paid by Lafarge were not material in the financial accounting sense. That may have been why no one seemed to be looking at the company. However, it drives home the point that a relatively small amount of corporate outgo can generate huge costs in the form of a $777.78 million fine. We have not begun to discuss the pre-resolution costs but in FCPA cases they are in the range of two to six times the final fine. Even if the pre-resolution costs were 1X the fine, that would still drive the all-in cost over $1.5 billion.

Monitoring Non-Standard Communications

One of the areas that bears consideration by the compliance professional is that of internal communications, as, “Many of the Lafarge and LCS executives involved in the scheme used personal email addresses, rather than their corporate email addresses, to carry out of the conspiracy.” In September, the Securities and Exchange Commission (SEC) announced “charges against 15 broker-dealers and one affiliated investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders, acknowledged that their conduct violated recordkeeping provisions of the federal securities laws, agreed to pay combined penalties of more than $1.1 billion, and have begun implementing improvements to their compliance policies and procedures to settle these matters.”

In a recent speech (Miller speech), Principal Associate Deputy Attorney General Marshall Miller said, after the announcement of the Monaco Doctrine, in a section entitled “Meeting the Compliance Challenges of Communications Technology”, “Now let me turn to an area that we recognize is a big challenge for all organizations — employees’ use of personal devices and third-party messaging platforms for work-related communications… particularly as to detecting their use for misconduct. However a company chooses to address their use for business communications, the end result must be the same: companies need to prevent circumvention of compliance protocols through off-system activity, preserve all key data and communications and have the capability to promptly produce that information for government investigations.”

Now consider that whopping fine and enforcement action in the context of the fraud of Lafarge executives. The Miller speech focused on both messaging apps and other forms of corporate communications. In the Lafarge matter, the communications were very basic, on company computers using non-company emails through channels like AOL or Gmail. The Lafarge executives were using these outside of standard communication channels to facilitate their crimes with ISIS and ANF. This part of the enforcement action has not received much scrutiny but is something every compliance professional needs to consider – are your employees (or execs) using non-company emails or other forms of communication tools outside of standard company communication methods? The compliance function needs to work with their corporate IT folks to make sure no executives or employees are using such channels for communications and to monitor them if they are.

Failures in M&A Due Diligence

The final area for consideration is that of Mergers and Acquisitions (M&A). The Statement of Facts noted, “LAFARGE and certain of its executives, in fact, failed to disclose LCS’s dealings with ISIS and ANF to Holcim throughout discussions of the transaction and after completion of the deal. LCS had ceased producing cement in Syria by the time the transaction with Holcim was completed, and in the approximately seven months between the completion of the acquisition and the emergence of public allegations regarding the misconduct in Syria, Holcim did not conduct post-acquisition due diligence about LCS’s operations in Syria.”

Not only did the Lafarge executives not disclose this corruption to Holcim, but they also actively discussed continuing the corruption payment so as not to derail the transaction. Moreover, Holcim apparently did not conduct due diligence into LCS or any of these matters. Perhaps the non-material nature of the payments was a factor. Whatever the excuse for this pre-acquisition due diligence failure, it cost Holcim dearly. Even if Holcim was not assessed the fine, they were the entity which bore the administrative and emotional costs of the investigation leading up to the resolution. Dan Chapman once told me that in an all-encompassing investigation, it could take up to 25% of senior executives time. Given the number of investigations across the globe on this matter, that figure might be lower. All of these factors bear witness to the extraordinary costs for the failure of an acquiring company to perform compliance due diligence prior to closing.

We are now at the end of this short blog series. The Lafarge case is perhaps the first corporate matter since the oil-for-food cases where complete corporate moral bankruptcy has played such a factor. We can only hope that it will be that long until we see the next such example.

Categories
Compliance Into the Weeds

Lafarge and the Cost of Moral Bankruptcy

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, we consider the recent guilty plea by Lafarge, the French cement giant now owned by Holcim, for paying bribes and protection money to ISIS and doing business in Syria with ISIS. Highlights include:

  • What are the background facts?
  • What were the bribery and payment schemes?
  • What are the compliance lessons learned?
  • How will the victim status play out?
  • Who will guarantee compliance of Lafarge with the Plea Agreement?

 Resources

Tom in the FCPA Compliance and Ethics Blog

Categories
Blog

Lafarge Part 2: The Funding Schemes and Red Flags

We continue our exploration of one of the most public cases of corporate moral bankruptcy where Lafarge SA and its Syria unit Lafarge Cement Syria, or LCS, each pled guilty to a count of conspiring to provide material support to foreign terrorist organizations and will pay a total of $777.78 million.  According to the Plea Agreement, this amount consisted of a total criminal fine of approximately $91 million and forfeiture of $687 million. As I noted in Part 1, this is not a Foreign Corrupt Practices Act (FCPA) enforcement action, but an enforcement action based on USC §2339B for one count of conspiracy to provide material support to one or more foreign terrorist organizations. While this is not a FCPA enforcement action, the mechanisms by which Lafarge paid bribes or otherwise funded the terrorist organizations ISIS and ANF are instructive for the anti-corruption compliance professional. These strategies were laid out in the Statement of Facts.

As noted in the Department of Justice (DOJ) Press Release, “After the start of the Syrian Civil War in 2011, Lafarge and LCS negotiated agreements to pay armed factions in the Civil War to protect LCS employees, to ensure continued operation of the Jalabiyeh Cement Plant, and to obtain economic advantage over their competitors in the Syrian cement market… LCS executives purchased raw materials needed to manufacture cement from ISIS-controlled suppliers; paid monthly “donations” to armed groups, including ISIS and ANF, so that employees, customers and suppliers could traverse checkpoints controlled by the armed groups on roads around the Jalabiyeh Cement Plant; and eventually agreed to make payments to ISIS based on the volume of cement that LCS sold to its customers, which Lafarge and LCS executives likened to paying “taxes.” Lafarge and LCS executives intentionally structured their agreements with ISIS to compensate the terrorist organization based on the amount of cement that LCS was able to sell – effectively, a revenue-sharing agreement – to incentivize the terrorist group to act in LCS’s economic interest.”

From August 2013 through October 2014, Lafarge and LCS paid ISIS and ANF, through intermediaries, the equivalent of approximately $5.92 million, through a variety of schemes. One consisting of fixed monthly “donation” payments to ISIS and ANF. According to the Statement of Facts, “LAFARGE and LCS conspired to make various payments, through intermediaries, to and for the benefit of ISIS and ANF, which the government estimates totaled the equivalent of approximately $5.92 million. These payments consisted, at various times, of flat monthly “donation” payments totaling approximately $816,000.”

There was also a variable payment scheme based on the amount of cement LCS sold that totaled approximately $1,654,466. Under this variable payment scheme, it tied Lafarge’s and LCS’s obligation to pay ANF and ISIS to the amount of cement sold from the plant. This arrangement should ensure “that the payments would be made by LCS’s customer-distributors directly to ANF and ISIS, and to ensure that PYD and ISIS were able to collect the full amount of the payments from the customer-distributors, LCS would provide PYD and ISIS with records of LCS’s sales to its customer-distributors.”

Finally, there were the “payments to ISIS-controlled suppliers to purchase raw materials needed to produce cement that totaled approximately $3,447,528.” These payments were made through intermediary brokered material supply agreements. These ISIS controlled suppliers then paid monies to ISIS based on the amount of their sales to LCS.

Lafarge and LCS executives actively concealed their scheme to provide material support to ISIS and ANF. According to the Press Release:

  • Lafarge and LCS executives required intermediaries to create business entities with names not obviously linked to the intermediaries and created invoices with false descriptions of services rendered for an intermediary to submit to LCS.
  • LCS executives structured the revenue-sharing payments to ISIS so that LCS’s customers would pay ISIS the amounts owed under LCS’s agreement with ISIS, while LCS discounted the prices it charged to the customers to reimburse them. To ensure that LCS’s customers did not underpay ISIS, LCS agreed to provide ISIS with periodic sales reports, which ISIS could use to verify that LCS’s customers were paying the amounts owed under the terms of LCS’s agreement with ISIS.
  • To further conceal the arrangements, Lafarge and LCS executives attempted to require ISIS not to include the name “Lafarge” on the documents memorializing and implementing their agreements.
  • Many of the Lafarge and LCS executives involved in the scheme used personal email addresses, rather than their corporate email addresses, to carry out of the conspiracy.
  • In October 2014, as a condition of paying an intermediary for having negotiated with ISIS and other armed groups, Lafarge and LCS executives required the intermediary to sign an agreement terminating his agreement to provide services to LCS. Critically, the Lafarge and LCS executives backdated the termination agreement to Aug. 18, 2014, a date shortly after the United Nations Security Council had issued a resolution calling on member states to prohibit doing business with ISIS and ANF, to falsely suggest that he had not been negotiating with ISIS on behalf of LCS after the UN resolution.

Once again there are multiple compliance lessons from this recitation. The use of ‘donations’ to cover the payments to ISIS should have been a glaring red flag for anyone looking. The lack of due diligence on the intermediaries and suppliers is also a glaring oversight. The attempts to hide the nature of the transactions by Lafarge’s executives by requiring the intermediaries to create entities with names not associated is another red flag. Of course, the fraudulent descriptions for services should also be considered. Finally, there was the deletion of the name of Lafarge of LCS from its written contracts with ISIS.

There is one other area that bears consideration by the compliance professional. It is in the area of internal communications. As noted, “Many of the Lafarge and LCS executives involved in the scheme used personal email addresses, rather than their corporate email addresses, to carry out of the conspiracy.” In September, the Securities and Exchange Commission (SEC) announced “charges against 15 broker-dealers and one affiliated investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders, acknowledged that their conduct violated recordkeeping provisions of the federal securities laws, agreed to pay combined penalties of more than $1.1 billion, and have begun implementing improvements to their compliance policies and procedures to settle these matters.”

Now consider that whopping fine and enforcement action in the context of the fraud of Lafarge executives. They were using communication tools outside standard communication channels to facilitate their crimes with ISIS and ANF. While in this matter, the emails were preserved (and made a part of the Statement of Facts); compliance professionals need to work with their corporate IT folks to make sure no executives or employees are using tools outside standard communications channels like AOL accounts or Gmail.

Join us tomorrow for some final thoughts on this sordid matter.

Categories
Blog

Lafarge: Part 1 – Corruption at the Top

On April 24, 2017, Holcim Group issued a press release announcing the conclusion of the investigation into the payment of its subsidiary LaFarge to designated terrorist organizations. The Press Release stated in part, “The Board has now concluded the independent investigation and confirmed that a number of measures taken to continue safe operations at the Syrian plant were unacceptable, and significant errors of judgement were made that contravened the applicable code of conduct. The findings also confirm that, although these measures were instigated by local and regional management, selected members of Group management were aware of circumstances indicating that violations of Lafarge’s established standards of business conduct had taken place. . . .”

This statement is but one step in a lengthy and sordid process where LaFarge SA (before it merged with Holcim) made millions of dollars in payments to the terrorist group ISIS so that it could keep its Syrian cement plant open and get all the business it could do so during the Syrian Civil War. The Press Release concluded, “In hindsight any misdeeds may seem clear. However the combination of the war zone chaos and the “can-do” approach to maintain operations in these circumstances may have caused those involved to seriously misjudge the situation and to neglect to focus sufficiently on the legal and reputational implications of their conduct.” Indeed. [Emphasis supplied]

As reported by Law360, “France-based Lafarge and its defunct Damascus, Syria unit Lafarge Cement Syria, or LCS, each pled guilty to a count of conspiring to provide material support to foreign terrorist organizations and will pay a total of $777.78 million.” According to the Plea Agreement, this total amount consisted of a total criminal fine of approximately $91 million and forfeiture of $687 million. Please note this is not a Foreign Corrupt Practices Act (FCPA) enforcement action but an enforcement action based on USC 2339B for one count of conspiracy to provide material support to one or more foreign terrorist organizations. While this is not a FCPA enforcement action, it is a matter about corporate culture, tone at the top, senior executive involvement in corruption; in short it is all about compliance and ethics. This complete failure of compliance and ethics makes it a forceful study of the failings of corporate culture in the starkest way possible.

As laid out in the Statement of Facts, Lafarge finished construction of the Jalabiyeh Cement Plant in northern Syria at a cost of approximately $680 million and began operations in 2010. However, almost immediately “it faced strong competition from cheaper cement imported into northern Syria from Turkey, and in December 2010, Executive 3 sought the assistance of Intermediary 1 to intervene with the Syrian government to control the importation of competing Turkish cement.” In early 2011, the Syrian Civil War broke out and LCS wanted to be the biggest supplier in the soon to be war ravaged country. However, in 2012, ISIS began to gain strength and take over territory near the plant. ISIS also threatened LCS employees through intimidation and kidnapping.

Thereafter, five Lafarge executives from the corporate home office became involved in two-year campaign to pay off ISIS to allow the plant to keep in operation and to not threaten its employees. Beginning in the spring of 2013, Lafarge began paying protection money to ISIS through intermediaries and other third-party suppliers. The reason articulated was laid out in the Statement of Facts, (1) keep the investment in the physical assets (i.e., the plant); (2) keep the investment made in employees; (3) stay in the market to keep out Turkish competitors; and (4) make some profits. The payoffs to ISIS were made through a variety of schemes.

There was the old-fashioned way – cash, in the form of fixed monthly payments. There were payments made through intermediaries. You could not call them sales agents, but they were third parties charged with getting the protection for the bribes paid by LCS. There was a ‘tax’ paid on each truck that went in or out of the plant on roads controlled by ISIS. Eventually, in late 2013, these mechanisms morphed into a new business relationship between LCS and ISIS so that both sides were paid out of the profits from the sale of cement in Syria. For LCS it was simply a cost of doing business. At one point, Intermediary 1 was quoted for the following, “We currently sell for $8 to $10 million per month, with a $2 million profit, and pay less than 1⁄4 for protection. Other factories are paying for protection just to exist, without making the profits we are.”

But it did not simply stop with sales and ROI on paying bribes. LCS also purchased raw materials from ISIS, thereby contributing to international terrorism. The Statement of Facts noted, “Also in or about late 2013, LCS began to use Intermediary 2 to engage directly with ISIS-connected suppliers for the purchase of raw materials and supplies. LAFARGE and LCS retained the services of Intermediary 2 after he had personally met with the then-LAFARGE Group Honorary Chairman and a member of the LAFARGE Board of Directors who was a former LAFARGE Chief Executive Officer on September 16, 2013.”

Over the next few blog posts, I will be looking at the Lafarge enforcement action for lessons for the anti-corruption compliance professional. However, there are two additional points buried in all this corruption which bear noting. The first was reported by Pete Brush, in the Law360 article cited above, who wrote that during the court hearing where US District Judge William F. Kuntz II accepted the company’s guilty plea, he stated “This case impacts the victims of terrorist acts.” This would seem to indicate that any person who may have been the victim of ISIS terrorism could now bring suit against Lafarge (open question as to its successor).

The second item was buried in the Plea Agreement which said, “Lafarge’s commitment, in Attachment B, to guarantee the Defendants’ compliance with the terms of this Agreement.” [Emphasis supplied] Note the language used is not ‘certification’ as articulated in the Monaco Memo but ‘guarantee’ compliance with the terms of the Plea Agreement. How would you like to be the one who made that representation?

Tomorrow, we look at the bribery/payment schemes.