Tag: SEC

Categories
FCPA Compliance Report

MTS Foreign Corrupt Practices Act Enforcement Action: Part II-the Bribery Schemes

In a stunning resolution to one of the longest running bribery, corruption and money-laundering sagas on the international stage, the Department of Justice and Securities Exchange Commission both announced settlement of a Foreign Corrupt Practices Act (FCPA) enforcement action against the Russian telecom company, Mobile TeleSystems PJSC (MTS). This podcast continues a five-part series will examine the background facts of the case, provide a detailed review of the bribery schemes involved, the compliance failures of MTS and its actions during the investigation which contributed to the size of the penalty, the individual criminal prosecutions brought by the Department of Justice as a part of this action and the key lessons learned by the compliance practitioner. In this Part 2, I consider the bribery schemes used by MTS to pay the bribes and Karimova to receive the bribe payments.
The documents which are the subject of this series are:
  1. MTS Deferred Prosecution Agreement (DPA);
  2. MTS Criminal Information (MTS Information);
  3. SEC Cease and Desist Order (Order);
  4. Karimova and Akhmedov Indictment (Indictment);
  5. Kolorit Dizayn Ink LLC Plea Agreement (Plea Agreement); and
  6. Kolorit Dizayn Ink Information (Kolorit Information);
  7. DOJ Press Release and
  8. SEC Press Release.
For additional reading see the blog post, “MTS FCPA Settlement and Karimova Indictment: Part II – The Bribery Schemes
Categories
FCPA Compliance Report

MTS Foreign Corrupt Practices Act Enforcement Action: Part I-Introduction


In a stunning resolution to one of the longest running bribery, corruption and money-laundering sagas on the international stage, the Department of Justice and Securities Exchange Commission both announced settlement of a Foreign Corrupt Practices Act (FCPA) enforcement action against the Russian telecom company, Mobile TeleSystems PJSC (MTS). The FCPA enforcement action came in at $850 million which makes it Number 3 in the Top 10 of all-time FCPA settlements. This podcast opens a multi-part series will examine the background facts of the case, provide a detailed review of the bribery schemes involved, the compliance failures of MTS and its actions during the investigation which contributed to the size of the penalty, the individual criminal prosecutions brought by the Department of Justice as a part of this action and the key lessons learned by the compliance practitioner. In this Part 1, I begin with a review of the background facts, the parties and players and the fine and penalty of the MTS Foreign Corrupt Practices Act enforcement action.
The enforcement action was the third involving the same individual from the same country. That individual was Gulnara Karimova, the daughter of the former President of Uzbekistan. If that name sounds familiar to compliance professionals it is because she was also involved in the receipt of bribes paid in two other Top 10 FCPA enforcement actions; VimpelCom (now VEON Ltd.) and Telia Company AB. Contemporaneously with FCPA enforcement action involving MTS, there was a criminal indictment filed against Karimova and Bekhzod Akhmedov, a former MTS executive based in Uzbekistan. Akhmedov was charged with violating the FCPA for paying bribes to or for the benefit of Karimova and Karimova was charged she with laundering the money received as bribes.
The documents which are the subject of this series are:

  1. MTS Deferred Prosecution Agreement (DPA);
  2. MTS Criminal Information (MTS Information);
  3. SEC Cease and Desist Order (Order);
  4. Karimova and Akhmedov Indictment (Indictment);
  5. Kolorit Dizayn Ink LLC Plea Agreement (Plea Agreement); and
  6. Kolorit Dizayn Ink Information (Kolorit Information);
  7. DOJ Press Release and
  8. SEC Press Release.

For additional reading see the blog post, “MTS FCPA Settlement and Karimova Indictment: Part I-Introduction“.

Categories
This Week in FCPA

This Week in FCPA-Episode 146 – Ides of March (formerly St. Patty’s Day) edition

On this Ides of March tAs the St. Patrick’s Day weekend is upon, and we are all Irish at least for a day, Tom and Jay are joined by our favorite Irishman (and the Coolest Guy in Compliance), Matt Kelly to take a look at some of this week’s top compliance and ethics stories which caught their collective eyes this week.

  1. Massive corruption scandal rocks college admissions across the country. Dana Goldstein and Jack Healy in the NYT. Douglas Belkin and Jennifer Levitz in the WSJ. Nick Anderson in the Washington Post.
  2. FARA, FARA, FARA. Katie Brenner in the NYT. Dan Packel in Law.com.
  3. Former KPMG national practice leader convicted in PCAOB scandal. Michael Rapaport reports in the Wall Street Journal.
  4. Will the US finally clamp down on shell companies? Matthew Stephenson is cautiously optimistic in the Global Anti-Corruption Blog. General David Petraeus and Sheldon Whitehouse explain why it’s a national security issue in an Op-Ed piece in the Washington Post.
  5. Head coaches behaving badly as LSU head basketball coach suspended indefinitely in NCAA recruiting scandal. Ross Dellenger reports in Sports Illustrated.
  6. DOJ quietly modifies Corporate FCPA Enforcement Policy. Clare Hudson and Adam Dobrik report in GIR. (sub req’d) DOJ policy of self-disclosure making headway. Mingqi Sun in the WSJ Risk and Compliance Journal.
  7. Did Oracle violate the FCPA? (Tech Central)
  8. 1MDB scandal back in the news as former Goldman Sachs banker Timothy Leissner and Roger Ng banned from banking industry for life. David Simpson reports in Law360. (sub req’d) Also-did Jho Low contribute to Trump campaign? Tom Wright and Bradley Hope in the Wall Street Journal.
  9. How can you engage a BOD on cyber risks? Deloitte’s Khalid Kark, Tonie Leatherberry and Debbie McCormack in the Harvard Law School Forum on Corporate Governance.
  10. Tom continues with fan fav podcast series this week, the Adventures in Compliance this week.Check out the following: Part 1-The Red Circle; Part 2-The Abbey Grange; Part 3– The Priory School; Part 4-The Six Napoleons; and Part 5-The Empty House. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Panoply and YouTube. The Compliance Podcast Network is now also on Spotify. It is now on Corporate Compliance Insights.
  11. In a special guest segment, Matt Kelly reports on the highlights from Ethisphere’s Global Business Ethics Summit, which was held this past week in New York.
  12. Check out the latest edition of Popcorn and Compliance where Tom and Jay look at Captain Marvel. It posts Saturday, March 16 on the Compliance Podcast Network.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is       Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

Categories
Everything Compliance

Everything Compliance-Episode 43, the Cohen Testifies edition-Part 2

Welcome to the only roundtable podcast in compliance. This episode is the conclusion of a special two-part episode. Today, in Episode 43 Jonathan Armstrong and Matt Kelly weigh in on issues that are on their collective minds. Last week, in Episode 42 Mike Volkov and Jay Rosen sounded off. Shout outs (and no rants) followed Part 1 in Episode 42.

  1. This week, Jonathan Armstrong discusses the UK Serious Fraud Office’s conclusion of its this week, Matt Kelly considers the continued taunting tweets from Elon Musk, the SEC’s request for a federal court to hold Musk in contempt from his prior SEC settlement over the ‘funding secured’ tweet and what all this may mean for the SEC going forward.
  2. This week, Matt Kelly considers the continued taunting tweets from Elon Musk, the SEC’s request for a federal court to hold Musk in contempt from his prior SEC settlement over the ‘funding secured’ tweet and what all this may mean for the SEC going forward.
  1. Last week Mike Volkov used the Cohen testimony to the House Oversight Committee to explain the process of Congressional oversight, including how a company or witness is called to testify, the testimony preparation process and the testimony process.
  1. Last week, Jay Rosen talked about the DOJ focus on new industries for FCPA investigations including Major League Baseball teams and universities and colleges.

The members of the Everything Compliance panelist are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.
For additional reading see: Cordery Compliance client alert Rolls Royce Case Sends a Strong Signal

Categories
Everything Compliance

Everything Compliance-Episode 42, the Cohen Testifies edition-Part 1

Welcome to the only roundtable podcast in compliance. This episode is Part 1 of a special two-part episode. Today, in Episode 42 Mike Volkov and Jay Rosen sound off. Next week, in Episode 43 Jonathan Armstrong and Matt Kelly weigh in on issues that are on their collective minds. Shout outs (but no rants) follow this episode only after the commentators say their peace.

  1. Mike Volkov uses the Cohen testimony to the House Oversight Committee to explain the process of Congressional oversight, including how a company or witness is called to testify, the testimony preparation process and the testimony process. Volkov then flips it around to evaluation the questioning and interrogation style of the Representatives. Volkov gives his first ‘in-anticipation’ shout out to OFAC who is coming out with its recommendations on a best practices compliance program.
  2. Jay Rosen talks about the DOJ focus on new industries for FCPA investigations including Major League Baseball teams and universities and colleges. Jay shouts out to the podcast “The Dropout” which tells the tale of disgraced and fallen Theranos founder, Elizabeth Holmes.
  3. Next week Jonathan Armstrong will discuss the UK Serious Fraud Office’s conclusion of its investigation into the individuals at Rolls Royce and GSK. Jonathan shouts out to the Dutch anti-corruption investigators and enforcers who have recently increased not only their collective vigilance but their investigations and prosecutions.
  4. Next week, Matt Kelly will consider the continued taunting tweets from Elon Musk, the SEC’s request for a federal court to hold Musk in contempt from his prior SEC settlement over the ‘funding secured’ tweet and what all this may mean for the SEC going forward. Matt shouts out to Lyft and Uber who are offering list price stock to a select group of long-time employees in their respective IPO debuts.

The members of the Everything Compliance panelist are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.
For additional reading see: David Chaikin and Kurt Wolfe’s article in Law360, entitled, “Potential New FCPA Enforcement Targets Come Into Focus”.
Check out the podcast from Jay’s shout out, The Drop Out.

Categories
Daily Compliance News

Daily Compliance News: March 1, 2019-Lion or Lamb? edition

MARCH 1, 2019 BY TOM FOX

In today’s edition of Daily Compliance News:

Categories
Compliance Into the Weeds

Compliance into the Weeds – Episode 47

SEC Chair Clayton Talks Compliance Costs. Will the new administration gut SOX and Dodd-Frank compliance requirements?

Categories
Blog

Day 22 Of One Month to More Effective Internal Controls-Lessons in Failures of Internal Controls

Cease and Desist Order also covered former employee Jeannot Lorenz, and the SEC spelled out a bribery scheme facilitated by both a failure and override of company internal controls. The matter involved Halliburton’s work in Angola with the national oil company Sonangol, which had a local content requirement. The nefarious acts giving rise to the FCPA violation involved a third-party agent for Halliburton’s contracts with the state-owned enterprise. According to the SEC Press Release, this matter initially began in 2008 when officials at Sonangol, Angola’s state oil company, informed Halliburton management it had to partner with more local Angolan-owned businesses to satisfy local content regulations. The company was successful in meeting the requirement for the 2008 contracting period. However, when a new round of oil company projects came up for bid in 2009, Sonangol indicated, “Halliburton needed to partner with more local Angolan-owned businesses to satisfy content requirements.” Halliburton’s prior work on local content was deemed insufficient, and “Sonangol remained extremely dissatisfied” with the company’s efforts. Sonangol backed up this dissatisfaction with a potential threat to veto further work by Halliburton for Sonangol. Under this backdrop, the local business team moved forward with a lengthy effort to retain a local Angolan company (Angolan agent) owned by a former Halliburton employee who was a friend and neighbor of the Sonangol official who would ultimately approve the award of the business to Halliburton. In each of these attempts, the company bumped up against its internal controls around third parties, both on the sales side and through the supply chain. The first attempt to hire the Angolan agent was as a third-party sales agent, which under Halliburton parlance is called a “commercial agent.” In this initial attempt, internal control was held as the business folks abandoned their efforts to contract with the Angolan agent. The first attempt to hire the Angolan agent was rejected because the local Business Development (BD) team wanted to pay a percentage fee based, in part, upon work previously secured under the 2008 contract and not new work going forward. Additional fees would be paid on new business secured under the 2009 contract. This payment scheme for the Angolan agent was rejected as the company generally paid commercial agents for work they helped obtain and not work secured in the past. Further, the company was not seeking to increase its commercial agents during this time frame (Halliburton had entered into a Deferred Prosecution Agreement (DPA) for FCPA violations in December 2008 for the actions of its subsidiary KBR in Nigeria). Finally, “As outlined by Halliburton’s legal department, to retain the local Angolan company as a commercial agent, it would be required to undergo a lengthy due diligence and review process that included retaining outside U.S. legal counsel experienced in FCPA compliance to conduct interviews. Halliburton’s in-house counsel noted that “[t] he is undoubtedly a tortuous, painful administrative process, but given our company’s recent US Department of Justice/SEC settlement, the board of directors has mandated this high level of review.” In other words, the internal controls held and were not circumvented or overoverriddene Angolan agent was then moved from commercial agent status to supplier so the approval process would be easier. The proposed reason for this switch in designations was that the Angolan agent would provide “real estate maintenance, travel, and ground transportation services” to the company in Angola. However, the internal controls process around using a supplier also had rigor as they required a competitive bidding process which would take several months to complete. Over-riding this internal control, the local business team could contract with the Angolan agent for these services in September 2009 and increase the contract price without the Angolan agent going through the internal procurement controls. A second internal control overridden was the procurement requirement that the supplier procurement process begins with “an assessment of the critically or risk of a material or services”; not with a particular supplier and certainly not without “competitive bids or providing an adequate single source justification.” However, as the Order noted, the process was taken backward, with the Angolan agent selected and then “backed into a list of services it could provide.” Finally, a separate internal control required “contracts over $10,000 in countries with a high risk of corruption, such as Angola, to be reviewed and approved by a Tender Review Committee.” Inexplicably this internal control was also circumvented or overoverriddent. This arrangement was not deemed sufficient local content by Sonangol officials. After all of this and further negotiations, Halliburton entered into another agreement with the Angolan agent, where the company would lease commercial and residential real estate and then sublease the properties back to Halliburton at a substantial markup and also provide real estate transaction management consulting services (the “Real Estate” contract). This Real Estate contract also had to go through an internal control process. Initially, there were questions the company about the Real Estate contract as a single source for the procurement function, the upfront payment terms to the Angolan agent, the high costs, and the rationale for entering into subleases for properties that would cost less if leased directly from the landlord. Indeed, “One Finance & Accounting reviewer at headquarters noted that he could not think of any legitimate reason to pay the local Angolan company over $13 million under the Real Estate Transaction Management Agreement and that it would not have cost that much to run Halliburton’s entire real estate department in Angola.” Halliburton’s internal controls required that it had to be justified when the company used a single source. This justification would require a showing of preference for quality, technical, execution, or other reasons, none of which were demonstrated by the Angolan agent. Finally, if such a single source was used, the reasons had to be documented in Halliburton’s internal controls language “identified and justified.” The company documented none. Finally, as the internal controls were either circumvented or over-ridden, “As a consequence, internal audit was kept in the dark about the transactions, and its late 2010 yearly review did not examine them.” This was yet another internal control failure built on the previous failures noted above. So how many internal controls failures can you spot? Whatever the number, the lesson for the compliance practitioner is that you must do more than have internal controls. They must be followed and be effective. If you are doing business in high-risk regions, you have to test the controls and back up your testing by seeing if payments are being made in those regions. Perhaps the best concept would be Reaganian, trust but verify.  

Three Key Takeaways

  1. Internal controls must be shown to be effective.
  2. Circumvention and management override of internal controls must be documented to pass muster.
  3. Internal controls must be tested, and that testing must be verified with an independent source of investigation.

Internal controls must be tested and verified to demonstrate effectiveness. For more information on improving your internal controls management process, visit this month’s sponsor Workiva at workiva.com.

Categories
Blog

Day 20 of One Month to More Effective Internal Controls – Assessing Compliance Internal Controls Under COSO

Internal Controls – Integrated Framework, Illustrative Tools for Assessing Effectiveness of a System of Internal Controls” (herein ‘the Illustrative Guide’), COSO laid out its views on “how to assess the effectiveness of its internal controls.” It went on to note, “An effective system of internal controls provides reasonable assurance of achievement of the entity’s objectives, relating to operations, reporting, and compliance.” Moreover, two over-arching requirements can only be met through such a structured post. First, each of the five components is present and functioning. Second, are the five components “operating together in an integrated approach.” One of the most critical components of the COSO Framework is that it sets internal control standards against those you can audit to assess the strength of your compliance with internal control. As the COSO 2013 Framework is designed to apply to a wider variety of corporate entities, your audit should be designed to test your internal controls. If you have a multi-country or business unit organization, you must determine how your internal compliance controls are interrelated up and down the organization. The Illustrative Guide also realizes that smaller companies may have less formal structures in place throughout the organization. Your auditing can and should reflect this business reality. Finally, if your company relies heavily on technology for your compliance function, you can leverage that technology to “support the ongoing assessment and evaluation” program going forward. The Illustrative Guide suggests using a four-pronged approach in your assessment. (1) Make an overall assessment of your company’s system of internal controls. This should include an analysis of “whether each of the components and relevant principles is present and functioning and the components are operating together in an integrated manner.” (2). There should be a component evaluation. Here you need to evaluate any deficiencies you may have more deeply and whether there are any compensating internal controls. (3) Assess whether each principle is present and functioning. As the COSO 2013 Framework does not prescribe “specific controls that must be selected, developed and deployed,” your task here is to look at the main characteristics of each principle, as further defined in the points of focus, and then determine if a deficiency exists and it so what is the severity of the deficiency. (4) Finally, you should summarize all your internal control deficiencies in a log, so they are addressed on a structured basis. Another way to think through the approach could be to consider “the controls to effect the principle” and would allow internal control deficiencies to be “identified along with an initial severity determination.” A Component Evaluation would “roll up the results of the component’s principal evaluations” and would allow a re-evaluation of the severity of any deficiency in the context of compensating controls. Lastly, an overall Effectiveness Assessment would examine whether the controls were “operating together in an integrated manner by evaluating any internal control deficiencies aggregate to a major deficiency.” This process would then lend itself to an ongoing evaluation. If business models, laws, regulations, or other situations changed, you could assess if your internal controls were up to the new situations or needed adjustment. The Illustrative Guide spent a fair amount of time discussing deficiencies. Initially, it defined ‘internal control deficiency’ as a “shortcoming in a component or components and relevant principle(s) that reduces the likelihood of an entity achieving its objectives.” It defined‘ major deficiency’ as an “internal control deficiency or combination of deficiencies that severely reduces the likelihood that an entity can achieve its objectives.” A major deficiency is a significant issue because “When a major deficiency exists, the organization cannot conclude that it has met the requirements for an effective internal control system.” Moreover, unlike deficiencies, “a major deficiency in one component cannot be mitigated to an acceptable level by the presence and functioning of another component.” Under a compliance regime, you may be faced with known or relevant criteria to classify any deficiency. For example, if written policies do not have, at a minimum, the categories of policies laid out in the FCPA 2012 Guidance, which states “the nature and extent of transactions with foreign governments, including payments to foreign officials; use of third parties; gifts, travel, and entertainment expenses; charitable and political donations; and facilitating and expediting payments,” also formulated in the Illustrative Guide, such a finding would preclude management from “concluding that the entity has met the requirements for effective internal controls by the Framework.”  However, what steps should you take if there are no objective criteria, as laid out in the FCPA 2012 Guidance, evaluate your company’s compliance with internal controls? The Illustrative Guide says that a business’ senior management, with appropriate board oversight, “may establish objective criteria for evaluating internal control deficiencies and for how deficiencies should be reported to those responsible for achieving those objectives.” Together with appropriate auditing boundaries set by either established law, regulation, or standard, or through management exercising its judgment, you can then make a full determination of “whether each of the components and relevant principles is present and functioning and components are operating together, and ultimately in concluding on the effectiveness of the entity’s system of internal control.” The Illustrative Guide has a useful set of templates that can serve as the basis for your reporting results. They are specifically designed to “support an assessment of the effectiveness of a system of internal control and help document such an assessment.” The Document, Document, and Document feature are critical in any best practices anti-corruption or anti-bribery compliance program, whether based upon the FCPA, UK Bribery Act, or some other regulation. With the Illustrative Guide, COSO has given the compliance practitioner a handy road map to begin an analysis of your company’s internal compliance controls. When the SEC comes knocking, they will look for this type of evidence to evaluate if your company has met its obligations under the FCPA’s internal controls provisions. First are some general definitions that you need to consider in your evaluation. An internal compliance control must be both present and functioning. A control is present if the “components and relevant principles exist in the design and implementation of the system of [compliance] internal control to achieve the specified objective.”  An internal compliance control functions if the “components and relevant principles continue to exist in the conduct of the system of [compliance] internal controls to achieve specified objectives.”

Three Key Takeaways:

  1. An effective internal controls system provides reasonable assurance of the entity’s objectives relating to operations, reporting, and compliance.
  2. There are two over-arching requirements for effective internal controls. First, each of the five components is present and functional. Second are the five components operating together in an integrated approach.
  3. You can use the Tem Hallmarks of an Effective Compliance Program for an anti-corruption compliance program as your guide to testing against.

For more information on improving your internal controls management process, visit this month’s sponsor Workiva at workiva.com. The COSO model can be used to structure your assessment of internal controls.

Categories
Everything Compliance

Everything Compliance-Episode 14

Show Notes for Everything Compliance-Episode 14 

Topics from Matt:

  1. Trump Administration & FCPA enforcement— we have two declinations now; maybe a compare-and-contrast and speculation on what a tough Trump Admin enforcement WOULD look like;
  2. EU’s GDPR— Do EU regulators know what they want to do with the enforcement of this law; if they follow the lead of the anti-competition people whacking Google, it could be a big deal;
  3. Hui Chen’s departure from the Justice Department, both her public rebuke of Trump and the substance of how she believes her guidance has been misinterpreted; and
  4. Ethical leadership and the lack thereof; the menace of abusing perks and privilege, connecting my posts about Uber’s leaders and Chris Christie vacationing on a closed beach.

Topics from Jay:

  1. How do the Campaign Finance Laws mirror/or differ from the FCPA?
  2. Will the Russian Collusion Investigation reveal the ultimate FCPA violation?
  3. Regarding Walter Shaub’s departure from the Office of Governmental Ethics (OGE), does it matter? What is OGE supposed to do, and why did it work for the past 40+ years but fall on deaf ears with the Trump administration?
  4. Dovetailing with Matt’s question about a slow H1 for FCPA enforcement and in light of the just-released Gibson Dunn FCPA Mid-Year Report, does the current climate (and lack of vigorous enforcement) provide a perfect storm for companies to look the other way if they fall off the E&C wagon, or do we think that companies are still being vigilant despite a perception of decreased enforcement?

Rants follow this week’s episode. What do the two declinations in 2017 mean? The Everything Compliance panel of experts weighs in.