Tag: lessons learned

Categories
Blog

The Trafigura FCPA Enforcement Action – Part 4 – Lessons Learned

We conclude our exploration of the resolution of the FCPA enforcement action involving the Swiss trading firm G Trafigura Beheer B.V. (Trafigura), an international commodity trading company with its primary operations in Switzerland. The company pleaded guilty and will pay over $126 million to resolve an investigation stemming from the company’s corrupt scheme to pay bribes to Brazilian government officials to secure business with Brazil’s state-owned and state-controlled oil company, Petróleo Brasileiro S.A. – Petrobras (Petrobras). The matter was resolved via a Plea Agreement. Information detailing the company’s conduct was also issued.

Despite substantial violations of the FCPA and its extension into the corporate offices, Trafigura received the 10% discount noted above. The message from this enforcement action is the cost of failing to self-disclose, creating liability under the FCPA and creating jurisdiction for the DOJ to bring an enforcement action, denial that you have done anything wrong, failure to cooperate (at least initially), and not sanctioning any of the culpable company actors. In other words, there is a bit of reverse logic and analysis in this case. However, as noted several times, the DOJ rewarded Trafigura with some credit and gave them a discount. Most importantly, and perhaps inexorably, Trafigura was not required to retain a monitor.

Remediation 

While most of the remediation is reported as standard, the one item that every compliance professional should consider is that the company proactively discontinued using third-party agents for business origination. This point is perhaps the most significant, as we have now seen the DOJ call out Albemarle and SAP for discontinuing their use of third-party agents.

As Matt Kelly noted in Radical Compliance, in his discussion of Guvnor FCPA enforcement action, “This is the latest in a string of FCPA enforcement cases where we’ve seen a big, structural change to the sale function. Albemarle eliminated its use of third-party sales agents as part of its FCPA settlement last year; SAP eliminated its third-party sales commission model globally as part of its own FCPA settlement announced in January. Now we have a third global enterprise going that same route, reducing its FCPA risk in a deep, permanent way by restructuring its sales operations.” With Trafigura, we now have a fourth.”

As I noted in my review of the Albemarle and SAP enforcement actions, SAP eliminated its third-party sales commission model globally, prohibited all sales commissions for public sector contracts in high-risk markets, and enhanced compliance monitoring and audit programs, including the creation of a well-resourced team devoted to audits of third-party partners and suppliers. Albemarle changed its approach to sales and its sales teams. Guvnor also moved from being a third-party agent to a direct sales force.

Moving to a direct sales force does have its risks, which must be managed, but those risks can certainly be managed with an appropriate risk management strategy, monitoring of the strategy, and improvement; those risks can be managed. Yet there is another reason, and more importantly, a significant business reason, to move towards a direct sales business model. Whenever you have a third-party agent or anyone else between you and your customer, you risk losing that customer because your organization does not have a direct relationship with the customer. A direct sales business model will give your organization more direct access to your customers.

Another exciting aspect of this approach used by Albemarle, SAP, and Trafigura is that it is not an approach laid out in either the 2020 FCPA Resource Guide, 2nd edition, or the 2023 Evaluation of Corporate Compliance Programs. The companies developed all of these strategies based on their own analysis and risk models. It may have come from a realization that the risk involved with 3rd party sales models was too great, that the companies wanted more control over their sales, or another reason. Whatever the reason for the change, the DOJ clearly noted each organization and viewed it affirmatively.

Bribery Schemes

This area is essential for all compliance professionals to take note of. The bribes were initially funded with a $ 0.20 surcharge or uplift for every barrel of oil traded. With the price of oil fluctuating wildly at the time in question, between $60 to $100 per barrel, I am not sure such a small amount would even seem anomalous. It would not rise to a rounding error but generate $19 million in bribes. While I am not sure that the bribery scheme was designed to be so hard to detect, the reality is that no compliance professional could look at the trades and determine if a bribe was baked into the pricing.

Yet there was even a deeper part of the bribery scheme. Executives at Trafigura and corrupt traders at Petrobras prearranged the oil trading prices rather than letting the market determine them. The information noted, “The Trafigura Executive 2 and Brazilian Official 1 agreed to prices for trades of oil products and bribe amounts for each trade. After determining the price, Trafigura Executive 2 instructed Trafigura traders to negotiate with Petrobras, which Trafigura Executive 2 knew to be a sham, to arrive at the pre-agreed price.” [emphasis supplied]

Finally, another set of bribes was funded through an unrelated business unit. This occurred when one of the two corrupt Trafigura executives involved in the bribery scheme was transferred to run the company’s Singapore business unit. From there, this corrupt executive had a corrupt third party in Hong Kong bill the Singapore business unit for non-existent consulting services related to the Chinese market for $500,000. This money funded additional bribes to corrupt Petrobras employees. This extra step would require someone in compliance to connect the dots between a corrupt third-party bribery scheme in Singapore and China and the corruption at Petrobras in Brazil.

Lack of a Monitor

The following DOJ Memo governs the decision of whether a company needs a monitor: Revised Memorandum on Selection of Monitors in Criminal Division Matters, released in March 2023. The memo has 10 factors a prosecutor must consider.

  1. Did the corporation voluntarily self-disclose?
  2. At the time of the resolution and after a thorough risk assessment, has the company implemented an effective compliance program and sufficient internal controls to detect and prevent similar misconduct in the future?
  3. At the time of the resolution, the company had adequately tested its compliance program and internal controls to demonstrate that they would likely detect and prevent similar misconduct.
  4. Whether the underlying criminal conduct was long-lasting or pervasive across the business organization or was approved, facilitated, or ignored by senior management, executives, or directors (including through a corporate culture that tolerated risky behavior or misconduct or did not encourage open discussion and reporting of possible risks and concerns),.
  5. Whether the underlying criminal conduct involved exploiting an inadequate compliance program or system of internal controls.
  6. Did the conduct involve the active participation of compliance personnel?
  7. Did the company take adequate investigative or remedial measures to address the underlying criminal conduct, including terminating business relationships and practices that contributed to it?
  1. At the time of the resolution, the company’s risk profile had substantially changed.
  2. Whether the corporation faces any unique risks or compliance challenges.
  3. Is the company subject to other oversight?

A review of the Information and Plea Agreement reveals no self-disclosure. Equally significantly, there is no information about whether the company has implemented an effective compliance program or sufficient controls, let alone tested them. According to the data, the conduct was long-lasting across multiple business units. If there were internal controls in place, they were undoubtedly inadequate. There does not appear to be involvement in the compliance function. The only positive factor from the resolution documents is that Trafigura did terminate its use of third parties to initiate and foster business development, but that appears to be the only factor they have met.

Writing again in Radical Compliance, Matt Kelly said, “Either way, these cases send mixed messages to the compliance community. It looks like you can get away with not self-disclosing misconduct and perhaps even slow-rolling your cooperation if you’re prepared to invest lots in a newly invigorated compliance program and tolerate the Fraud Section as your new BFFs for the next three years of a settlement agreement.”

If the DOJ has discontinued its monitoring program or changed the requirements, it is undoubtedly its prerogative to do so. It would be helpful if they communicated that change to the compliance community.

Categories
The Compliance Life

Scott Garland – Lessons Learned in Ethics and Going Forward

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, I am joined by Scott Garland, Managing Director at AMI. Scott came to AMI from the DOJ, where he held the role of Professional Responsibility Officer. As he described, it was akin to a CCO role for the US Attorney’s Office for Massachusetts.

Some of the key lessons Garland learned in the role of Professional Responsibility Officer, which apply to the skill set needed to be a CCO, include; (1) Always do the right thing, but it is not always obvious what that is; (2) the issue you are presented might not be the real issue, or the sole real issue, (3) being calm and nonjudgmental helps people open up, (4) try and balance analysis with action, pragmatism with principles, using tenets of risk management, (5) craft advice that is simple, clear, and unambiguous. (6)Do not just say what not to do; also say what to do and when to come back for more help, (7)  admit mistakes as soon as possible, and (8) good people make mistakes. Most people will forgive a mistake if done unintentionally; you are forthright about it and try to fix it.

Garland recently joined Affiliated Monitors, Inc. as Managing Director – Sanctions, Cyber, Fraud, and Ethics Compliance & Monitoring. One of the reasons he did so was to help companies strengthen their compliance operations in these areas in a couple of areas. The first is before the government comes knocking by proactively assessing a company’s compliance operations and ethical culture and recommending improvements. The second is after the government knocks, acting as an independent monitor of the company’s compliance with a plea agreement, settlement agreement, consent decree, court or administrative order; emphasize not playing gotcha or playing the blame game, but rather with helping the company improve through lasting change.

Resources

Scott Garland’s Profile on AMI

Categories
Blog

Would You Buy a New Car From Them? Part 2 – Lessons for Compliance

Over this series, I am reviewing the corruption enforcement action Involving the company formerly known as Chrysler Group LLC, now FCA US LLC (Chrysler or the company herein) which was criminally sentenced to pay a fine of over $96 million and a forfeiture money judgment over $203 million. These amounts were above a previous civil penalty of $310 million. All of this was for designing a vehicle emissions system for the company’s Jeep Grand Cherokee and Ram 1500 that would evade federal emissions standards for diesel vehicles and then lying about it to federal authorities. It was a different type of corruption from a Foreign Corrupt Practices Act (FCPA) enforcement action but corruption, nonetheless. Today, I want to consider some of the lessons for the anti-corruption compliance professional.

The actions by the company are instructive for what not to do in any corruption investigation. The Plea Agreement specified that the company did not receive credit for self-disclosure as it did not self-disclose its criminal conduct or fraud. The company did receive some cooperation credit for cooperating during the scope of the investigation but did not receive any credit for failures in both taking timely remedial action and for failing to discipline senior executives who were involved in or had knowledge of the criminal action and fraud. (Recall that one executive involved directly in the fraud was with the company until 2020.)

All these actions were very costly to the company in terms of how it was evaluated under the US Sentencing Guidelines. Under Section 8(C)2.5(g)(2) a company can receive credit of up to five (5) points for cooperating in the investigation and affirmatively accepting responsibility for it’s conduct. The company only received a two (2) point discount. Since the Plea Agreement specified the company did cooperate in the investigation, it clearly did not accept responsibility for its conduct. The lack of those three points in discount cost the company somewhere in the estimated range of $20 to $30 million in additional fines and penalties.

The Plea Agreement also specified for the first time the Monaco Doctrine of evaluating past conduct as a part of the overall evaluation of the company. The Plea Agreement detailed that the company had a prior criminal conviction for bribery and corruption under the National Labor Relations Act (NLRA) for bribing union officials. However, it is not clear how that worked into the overall fine and penalty except to note that the company paid the maximum under the US Sentencing Guidelines, after credit for the civil penalty.

Additionally, while there is no requirement for a monitor in this resolution of the criminal action, there was a such a requirement in the Consent Decree from the civil action. It mandated an Independent Compliance Auditor for a period of three years from the resolution of the civil matter, which was May 2019.

Lessons Learned

There are multiple lessons for the anti-corruption compliance professional from this enforcement action. Obviously, the need to engage in robust remediation for the matter at issue and your compliance program is critical. Moreover, and once again the Department of Justice (DOJ) criticized a company for tardiness in disciplining those who were involved in the fraud or those who were aware of it. As I noted in Part 1, multiple former company employees were criminally indicted for their conduct in this sordid affair. Yet some of them were with the company until 2019 and 2020 and not all were terminated, some left the company in voluntary separations, which sounds suspiciously like retirements. Such actions could save your organization literally millions of dollars.

One of the clearest, which was not stated in any of the resolution documents, was that every Chief Compliance Officer (CCO) needs to read the newspapers and stay abreast of current events in their industry. It was September 2015 that the Volkswagen (VW) emissions-testing scandal became public. It was by far the largest scandal in emissions-testing and cost VW billions in investigative and remediation costs, fines, penalties, buy-backs, market share loss and reputational damages. To say that anyone at the company was not aware of it is to simply defy belief.

Beyond just the CCO, every Board member was no doubt aware of the VW emissions-testing scandal. Under the current state of the Caremark Doctrine, there may well be a duty to make an inquiry by the Board of auto manufacturers to senior management to investigate if they have been involved in similar conduct. Here we do not know how the scandal got to the attention of the DOJ, but it was clear from the Plea Agreement, it was not from self-disclosure. CCOs and Boards need to be much more proactive when competitors get into trouble about investigating similar products or services which could lead to criminal and civil fines and penalties.

This matter warrants consideration by every CCO in every US public and private company. Every CCO can also use the case as instruction and training for both senior management and their company Board of Directors.

Resources

DOJ Press Release

Information

Plea Agreement

Consent Decree from the civil action

Categories
Blog

Cookies, Chocolates and IP: The Stericycle FCPA Enforcement Action – Part IV

Last week, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action, involving the waste management company, Stericycle, Inc. (Stericycle). According to the Information and Deferred Prosecution Agreement (DPA), Stericycle entered into a three-year DPA. The company was charged with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Under the DPA, Stericycle agreed to a criminal penalty of $52.5 million of which the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings. According to the SEC Cease and Desist Order (Order), Stericycle violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC Order also provided for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities. Today we consider the lessons learned.
Rapid Expansion
Similar to what we saw in the WPP enforcement action, Stericycle engaged in rapid expansion in a series of foreign jurisdiction. In this case it was Latin America. Stericycle does not seem to have made the same mistakes as WPP in holding back part of the overall acquisition payout to the owners in the locales where they purchased entities and thereby incentivizing corruption to meet sales goals. Under Stericycle, there was nothing about this same type of incentive plan used by WPP. However, Stericycle did appear to keep the former owners on as the executives in these new foreign subsidiaries without taking into account how those former owners may have done business or the risk model it entailed.
Which brings us to pre-acquisition due diligence, which is not simply looking at the financial issues involved but also considering the potential purchase from the compliance perspective. How did the companies which were purchased to form the foreign subsidiaries in Latin America do business before they were purchased? Did Stericycle review those companies from the compliance standpoint?
Moreover, and as Candice Tal, founder of Infortal, continually reminds us, due diligence is more than simply a site investigation or a couple of interviews. It should include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other lawsuits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publicly.” Clearly, Stericycle did not engage in this level of due diligence in either the acquisitions of the entities which became Stericycle subsidiaries in Latin America, nor in their key personnel. Employees up and down the chain of an organization do not simply wake up one day and decide to engage in bribery and corruption and create a full set of records so the effectiveness of your bribery-based business process can be evaluated. 
Impact of the FCPA Corporate Enforcement Policy
The Stericycle enforcement action once again demonstrates how the FCPA Corporate Enforcement Policy can benefit even the most corrupt organization and allow a significant reduction of the overall fine and penalty under the US Sentencing Guidelines. According to the DPA, Stericycle received a 25% discount off the bottom of the applicable Sentencing Guidelines fine range for its cooperation during the pendency of the investigation and the extensive remediation.
I have previously estimated Stericycle saved between $25 million to $30 million from their final criminal fine. That is certainly a significant amount and one every Chief Compliance Officer (CCO) needs to have ready to submit to your CEO to demonstrate the power of committing time and resources to both internal investigations and remediation during the pendency of the investigation.
Impact from the Lisa Monaco Doctrine
a. The Monitor
The is first FCPA enforcement action to show the full impact of the change in DOJ enforcement priorities after the Lisa Monaco speech of October 2021, in a variety of ways. The first is the imposition of a monitor. It was required under both the DPA and the Order. Interestingly, even though the company was long aware of its compliance and ethical failures and even though it had been investigating this matter since at least 2016; the company could not seem to get its collective act together enough to fully implement and test the new compliance regime set out in the DPA. The DPA stated, “despite its extensive remedial measures described above, the Company to date has not fully implemented or tested its enhanced compliance program, and thus the imposition of an independent compliance monitor for a term of two years, as described more fully below and in Attachment D, is necessary to prevent the recurrence of misconduct.” [Emphasis supplied] Clearly the DOJ (and SEC) did not trust that the company would follow through with its resolution documents obligations and was “necessary to prevent the recurrence of misconduct.”
b. Culture
One part of the Monaco speech which drew much criticism from the White-Collar defense bar and others were her remarks around culture and that the DOJ would start assessing corporate culture in the context of other fines, penalties and regulatory enforcement actions from outside the FCPA context. Many articulated fears that conduct completely unrelated to a FCPA enforcement action could form the basis of a FCPA enforcement action. Those fears were alleviated in the Stericycle DPA which stated, “the Company has some history of prior civil and regulatory settlements, but no prior criminal history”. At least at this point, no unrelated civil or regulatory actions were assessed in the context of a FCPA enforcement action.
There was and continues to be much to consider and learn from the Stericycle FCPA enforcement action. I am sure we will be revisiting it in the future.