In today’s edition of Daily Compliance News:
Tag: SEC
Earlier this week, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action, involving the waste management company, Stericycle, Inc. (Stericycle). According to the Information and Deferred Prosecution Agreement(DPA), Stericycle entered into a three-year DPA. The company was charged with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Under the DPA, Stericycle agreed to a criminal penalty of $52.5 million of which the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings. According to the SEC Cease and Desist Order (Order), Stericycle violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC Order also provided for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities. In today’s post we will consider the bribery schemes.
The Problem
According to the Order, Stericycle got into FCPA hot water when it initially entered the Latin America market in 1997 and then rapidly expanded through the acquisition of many local businesses in Argentina, Brazil, and Mexico. Stericycle operated through wholly-owned subsidiaries in Brazil (“Stericycle Brazil”), Mexico (“Stericycle Mexico”), and Argentina (“Stericycle Argentina”). The prior local business owners continued to run the operations in each country. Each country had an executive team that reported to, among others, a former Stericycle executive responsible for all of Latin America (the “LatAm Executive”). The LatAm Executive reported directly to executives at Stericycle’s corporate headquarters. If all of this sounds familiar to readers of this blog, it was this similar fact pattern which brought the UK company WPP to FCPA grief as well.
Moreover, as the company grew in Latin America through acquisition, it failed to implement even the most basic internal controls for compliance. The Order noted, “the accounting processes and systems remained mostly decentralized with neither uniformity nor proper oversight, resulting in internal control deficiencies.” To top it all off, “Stericycle had no centralized compliance department and failed to implement its FCPA policies or procedures prior to 2016.” Clearly compliance was not something that was of the least interest to the company and it clearly contributed to an overall culture of corruption as a business practice. Finally, the corporate office, in the form of the LatAm Executive, “signed and transmitted numerous sub-certification letters in which they falsely stated that they were not aware of any actual or potential material event in their region, including any actual or alleged violation of any applicable law.”
The Bribery Schemes
The bribe payments were allegedly hidden through the use of code words for bribery. ‘Little pieces of chocolate in Brazil’, ‘IP’ or incentive payments in Argentina and ‘cookies’ in Mexico. In Brazil, the bribes paid were usually a percentage of the contract value, although occasionally it was a simple fixed fee. The DPA noted, “as part of the scheme, Stericycle Brazil employees agreed upon bribe payments in return for receiving payment priority on certain invoices owed under contracts with government agencies; the bribe payments were typically a percentage of the invoice amount owed or a fixed amount. The entire Brazilian business unit was apparently in on the scam as Stericycle Brazil sales employees, who used the cash to make bribe payments to government officials in different regions.” But it was not the BD folks who were running this bribery, as the “Stericycle Brazil finance employees prepared bank orders in the names of the Stericycle Brazil sales employees, who would retrieve the money from the bank and deliver the cash funds—often through an intermediary—to government officials associated with government customers.”
But it did not even stop there. According to the Order, in 2012, “Stericycle Brazil executives formed a sham third-party vendor that purportedly provided accounts receivable collection services to Stericycle Brazil, which were never provided. Rather, the sham third-party vendor issued false invoices that Stericycle Brazil used to support the bribe payments in its books and records. Each month, Stericycle Brazil finance employees estimated the amount of cash withdrawals attributable to the bribe payments. At the end of the month, Stericycle Brazil finance employees requested false invoices from the sham third-party vendor in the amount of the preceding month’s estimated cash withdrawals used for bribes. These invoices for purported debt collection services concealed the true purpose of the payments. The invoiced amounts were recorded in Stericycle’s general ledger, and the cash withdrawals appeared in company bank statements. In 2015, a Stericycle Brazil executive formed two other sham third-party vendors to continue the same scheme.”
To top it all off, all of the above was documented in company books and records. The finance employees “maintained spreadsheets which identified the government customers receiving bribes and the corresponding amount (either a set percentage of revenue or fixed amount), and the Stericycle Brazil employee responsible for retrieving the cash and delivering the bribe payments either directly or through a third-party intermediary. The spreadsheets contained entries, organized by month and region, of both the total amount of bribes paid and the amounts of the fake invoices used to provide cover for cash withdrawals. The Stericycle Brazil finance employees stored these spreadsheets on Stericycle’s servers, and the Stericycle Brazil executives and the LatAm Executive had knowledge of the payments by, among other things, receiving one or more copies of these spreadsheets.”
Just to reiterate, the finance team was preparing fraudulent money orders for employees to cash to create a pot of money to pay a bribe. Additionally, business unit executive themselves created a sham vendor to generate false invoices to also create pots of money to pay bribes, all of which was documented in the company’s books and records. This is not some pedestrian bribery scheme. This is a business unit which has systematized bribery as a business process.
In Mexico, this same basic format was used but with a twist. There was not a sham vendor or vendors. Here the corrupt LatAm Executive formed a joint venture (JV) which the company entered into to form Stericycle Mexico. It was all documented by spreadsheets which “identified invoices from approximately 45 third-party vendors which purported to provide otherwise undocumented consulting and market research services. The spreadsheets linked invoices to payments to government officials, including the name of the customer and calculation of the bribe as a fixed amount or percentage of the customer’s invoice value. Some spreadsheets also detailed the recipient of the bribe and method of delivery (cash versus wire transfer). These spreadsheets were sent to, among others, the LatAm Executive and a Stericycle Mexico executive on Stericycle’s servers.”
In Argentina, the specific method of how the cash was generated to pay the bribes was not report. The DPA noted, the “Argentina Country Management calculated and approved bribe payments, which were typically paid in cash by Stericycle Argentina sales employees. For example, on occasions when a bribe needed to be paid, a Stericycle Argentina sales employee emailed an estimate of the bribe payment, which was typically a percentage of the underlying contract payment. Upon approval of the payment, the Stericycle Argentina sales employee obtained cash from the Stericycle Argentina office in Buenos Aires and subsequently delivered the bribe payment to the foreign official.” These payments were called “alfa” and “alfajores”, a traditional cookie popular in Argentina.
Join us tomorrow where we look at the fallout and then the comeback.
Welcome to the only roundtable podcast in compliance. In 2021, Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the quintet of Jay Rosen, Jonathan Armstrong, Jonathan Marks, Karen Woody and Matt Kelly. We conclude with our fan favorite Shout Outs and Rants.
1. Jay Rosen discusses the increased antitrust enforcement by the DOJ in the healthcare arena. Rosen shouts out to Rachael Smith, Gilnet Sainvil and High-Five Man which reminded Rosen of Johnny Bank from his childhood
2. Matt Kelly takes a deep dive into the SEC proposed rules cyber security disclosure. Kelly gives a ‘mild’ rant to the SEC for proposing companies should have to disclose with 4 days after a cyber breach even if law enforcement asks a company not to do so.
3. Jonathan Armstrong looks data transfers from the EU to US and UK. Armstrong goes on his most epic rant ever using 2 funerals and a birthday party to excoriate Tory Politicians to not simply talk the talk but follow the rules when it comes to Covid-19 protocols.
4. Karen Woody wades into Elon Musk and his dalliances about investing in and potentially buying Twitter. Woody rants about the recent Declination with Disgorgement given to a MarshMac subsidiary in the UK, the Jardine Group Holdings and says this is simply a NPA and should be monikered as such.
5. Jonathan Marks discusses the difference between Tone at the Top and Conduct at the Top and why so many companies are falling short in the latter. Marks shouts out to Phillies 3rd baseman Alec Bohm who went from Phillies’ fan goat to hero with a mea culpa and SF Giants assistant coach Alyssa Nakken, who became the first female to take the field and coach in the history of MLB.
6. Fox shouts out to author Margaret Atwood and in her book The Handmaiden’s Tale, which is not a dystopian novel but a prophecy of current Texas in 2022.
The members of the Everything Compliance are:
• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
• Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
• Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
• Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
• Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.
The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action. To say that the respondent company, Stericycle, Inc. (Stericycle) had a culture of non-compliance throughout its entire Latin American (LATAM) business unit belies those companies which only have a dysfunctional culture. Stericycle had a culture of corruption burned into the DNA of the LATAM business unit which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM.
Yet even with this corrupt culture, Stericycle also demonstrated how a company can take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the criminal penalty reflects a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.
The Stericycle enforcement action also provides insights into how the DOJ will implement the remarks made by Lisa Monaco last October on their new approach to FCPA enforcement. Finally, Stericycle agreed to a two-year corporate monitor under both the DOJ and SEC settlements. In short, there is much to unpack from this enforcement action which I will do so over the next few blog posts.
According to the Information and Deferred Prosecution Agreement (DPA), Stericycle entered into a three-year DPA. Stericycle agreed to a criminal Information, which charged the company with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Stericycle agreed to a criminal penalty of $52.5 million. According to the DOJ Press Release, the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings, including an amount of approximately $9.3 million to resolve investigations by the Controladoria-Geral da União (CGU) and the Advocacia-Geral de União (Attorney General’s Office). According to the SEC Press Release, Stericycle consented to the SEC’s cease-and-desist order that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA, and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC’s order provides for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities.
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division said in the DOJ Press Release, “Stericycle today accepted responsibility for its corrupt business practices in paying millions of dollars in bribes to foreign officials in multiple countries. The company also maintained false books and records to conceal corrupt and improper payments made by its subsidiaries in Brazil, Mexico, and Argentina. Today’s resolution demonstrates the Department of Justice’s continuing commitment to combating corruption and protecting the international marketplace.”
Assistant Director Luis Quesada of the FBI’s Criminal Investigative Division said, “Today’s resolution with Stericycle shows that the FBI and our international law enforcement partners will not allow corruption to permeate domestic or international markets. The consequences of violating the FCPA are clear: Companies that bribe foreign officials for business advantage will be held accountable.” Finally, Eric I. Bustillo, Director of the SEC’s Miami Regional Office, said in the SEC Press Release, “Stericycle rapidly expanded in Latin America without any meaningful oversight or compliance measures, as evidenced by widespread bribery schemes lasting for many years in most of its Latin America operations. Companies in pursuit of global expansion cannot disregard the need for appropriate controls.” Damning words all but they had lessons for the compliance professional from this matter.
As part of the DPA, Stericycle has agreed to continue to cooperate with the department in any ongoing or future criminal investigations relating to this conduct. This could well mean additional criminal charges may be brought against any number of individuals known to the DOJ, as identified in the Information. In Brazil, the following persons, Stericycle LATAM Executives 1 & 2, Stericycle Brazilian Executives 1-3, and Stericycle Argentina Executive 1 were named in the Information. Also interesting was the active assistance of sister anti-corruption enforcement groups in Brazil and Mexico, which were both identified by the DOJ and SEC as helping.
It was also interesting to note that under the DOJ Press Release, it noted that while “Stericycle has taken extensive remedial measures, it has not fully implemented or tested its enhanced compliance program, necessitating the imposition of an independent compliance monitor for a term of two years. Stericycle agreed to continue to enhance its compliance program and to retain an independent compliance monitor for two years, followed by self-reporting to the department for the remainder of the term.”
Regarding the final settlements with the DOJ and SEC; they both agreed to their respective resolutions with Stericycle based on several factors, including, among others, the company’s failure to voluntarily and timely disclose the conduct that triggered the investigation and the nature, seriousness, and pervasiveness of the offense. Although Stericycle did not self-disclose their illegal conduct to the DOJ or SEC, they did receive full credit for cooperation with both the agency investigations and engaged in extensive remedial measures. As noted above, this led to a 25% discount off the range suggested under the Sentencing Guidelines, saving Stericycle between $25 million to $30 million from their final criminal fine.
Finally, the Stericycle FCPA enforcement action is notable for the company’s use of code words to discuss bribery in its routine emails and other business correspondence. While chocolates and incentive payments (IPs) have been used before by other companies, cookies are now added to the bribery lexicon as a moniker for payment bribes.
Join us in our next blog where we consider the bribery schemes.
Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom are joined by Karen Woody and Jonathan Marks to consider the SEC’s recent proposed rules for disclosure of cyber breaches. Highlights include:
· What was in the proposals? The 60-day comment period is running.
· The 4-day disclosure requirement for material breaches.
· The corporate governance issues around Board reporting.
· What is the SEC trying to accomplish?
· Should your company have a cyber-risk committee? If so, who should be on it.
As the NY Mets have the best record in baseball and we prepare for the celebrations of Easter and Passover, Tom and Jay are back to look at some of the week’s top compliance and ethics stories in the Ng Convicted edition.
Stories
-
- Roger Ng was convicted. Tom in the FCPA Compliance and Ethics Blog.
- Lessons from DOJ’s first cyber fraud settlement? Annie Hudgins in the FCPA Blog.
- Depression as corporate materiality issue. Dick Cassin in the FCPA Blog.
- Should CCOs be required to certify compliance programs? Mike Volkov in Corruption Crime and Compliance.
- CEO fined by SEC for impeding whistleblower. Aaron Nicodemus in Compliance Week. (sub req’d) Matt Kelly in Radical Compliance.
- How much BOD oversight of compliance is enough? Jeff Kaplan in Conflict of Interest Blog.
- Compliance in recessionary times. Jim DeLoach in CCI.
- Water and corruption. Rick Messick in GAB.
- Why should an organization disclose diversity information? Antinuke Adrian in Harvard Law School Forum on Corporate Governance.
- Data governance best practices. Eray Eliaçik in Data Economy.
Podcasts and More
- Tom visits with Matt Galvin and Dan Kahn over a 2-part podcast series. In Part 1, they talk about dealing with the DOJ during an FCPA investigation and thereafter.
- Into Star Trek, then join Tom and John Champion, who is on a 15-year mission to do a podcast on every episode of Star Trek, television, movie, and animated show on the podcast MissionLogPodcast.com. In Part 1, from TOS up to the start of TNG. In Part 2, from TNG to today.
- This month on the Compliance Life, I visit with Susan Divers, Director of Thought Leadership at LRN. In Part 1, academic life and early professional career. In Part 2, she moves to the corporate world.
- Why should you attend Compliance Week 2022? Find out on this episode of From the Editor’s Desk. Listeners get a $200 discount to CW 2022 with the code Fox200. More here.
- Join Tom and Jay at ECI Impact 2022. Listeners to this podcast can save 20% off registration
by entering discount code: TOM20 at checkout. - Welcome back, Sam Rubenfeld.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take on the strange comings and goings of Elon Musk and his participation on the Twitter Board of Directors. Highlights include:
· When and how did Musk become Twitter’s largest shareholder?
· Why was he asked to come on to the Board?
· SEC filing requirement issues?
· What role did the various stakeholder groups, including employees, have in Musk turning down the Twitter Board seat?
· What are the compliance and governance issues to be learned?
Categories
Episode 97-the ESG Edition
Welcome to the only roundtable podcast in compliance. The entire gang was also recently honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Karen Woody and Matt Kelly. We conclude with our fan favorite Shout Outs and Rants.
1. Jay Rosen discusses the connection an ethics and compliance corporate culture survey and an ESG culture survey. Rosen also discusses what companies can do to improve overall ESG culture. Rosen rants the Academy of Motion Picture snubbing of the Director of Dune for Best Director when the picture won 6 other Oscars.
2. Matt Kelly takes a deep dive into the SEC proposed rules on climate risk disclosure and their impact on the compliance profession. Kelly shouts out to the Golden Raspberry Foundation, who award the ‘Razzie’s’ for withdrawing their previously created award of Worst Performance by Bruce Willis in a Bruce Willis movie after the actor retired due to Aphasia.
3. Jonathan Armstrong looks at greenwashing and how companies which are trying to do the right thing often get in trouble by doing it the wrong way. Armstrong shouts out to Tina Turner for advancing the cause of GDPR and explaining once and for all time ‘what’s love got to do with it.’
4. Karen Woody explains the SEC rule making process and how it can be challenged and responds to SEC Commissioner Peirce’s dissent to the proposed rules. Woody shouts out to the magic of Harry Potter World in Orlando have what she described as ‘awesome’ roller coaster rides, well worth the 3-hour wait in line.
5. Tom Fox rants Academy of Motion Picture Arts and Sciences for their incompetent response to Will Smith slapping Chris Rock at the Oscars and reminds us that workplace violence is never acceptable.
The members of the Everything Compliance are:
• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
• Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
• Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
• Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
• Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.
SEC issues proposed rules on climate impact disclosures; requests public comment.
