Categories
10 For 10

10 For 10: Top Compliance Stories For The Week Ending February 24, 2024

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes, hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  1. Alexei Navalny was killed in prison. (Bloomberg)
  2. Ohio residents paid the price for FirstEnergy corruption.  (Ohio Capital Journal)
  3. More child labor in the US. (NYT)
  4. A former head of the Bank of China was arrested for corruption. (NikkeiAsia)
  5. The Shadow Insider Trading case goes to trial.  (WSJ)
  6. Former Stericycle executive to plead guilty. (WSJ)
  7. Morgan Stanley is accused of using fake job titles. (FT)
  8. The Wells Fargo Consent Order was terminated. (WaPo)
  9. Deliberations begin in the NRA corruption trial. (The Guardian)
  10. If you can’t answer the question, don’t sit for an interview. (BBC)

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

You can check out the Daily Compliance News for four curated compliance and ethics-related stories each day here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: February 19, 2024 – The President’s Day Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Alexei Navalny was killed in prison. (Bloomberg)
  • Morgan Stanley is accused of using fake job titles. (FT)
  • Former Stericycle executive to plead guilty. (WSJ)
  • Facial recognition at airports: what could go wrong?  (NYT)

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Corruption, Crime and Compliance

Episode 234 – A Deep Dive into the Stericycle FCPA Enforcement Action


The Justice Department ended its FCPA enforcement drought by announcing its first corporate settlement in 2022. In a parallel action, the SEC announced its settlement with Stericycle for $28 million for FCPA violations. The SEC’s settlement was second with a company for 2022 (the first was KT Corp.).Under the settlement, Stericycle resolved investigations being conducted by the Department of Justice, the Securities and Exchange Commission, and Brazil. Stericycle agreed to enter into a three-year deferred prosecution agreement and pay more than $84 million. Stericycle will pay $52.5 million in criminal penalties, $28 million to the SEC in civil penalties and disgorgement, and approximately $9.3 million to Brazilian authorities. DOJ agreed to credit up to one-third of the criminal penalty against the company’s fines to Brazilian authorities. Significantly, the DPA requires Stericycle to obtain an independent compliance monitor for a two-year period and then submit a self-report for the rest of the DPA term. Stericycle is a global waste management company which is headquartered in Illinois. In its factual admission, Stericycle admitted a wide-ranging scheme involving the payment of bribes to foreign officials in Brazil, Mexico, and Argentina. In total, Stericycle paid approximately $10.5 million in bribes to foreign officials in Brazil, Mexico, and Argentina to secure business contracts from which Stericycle profited by at least $21.5 million.
In this episode, Michael Volkov reviews the Stericycle FCPA enforcement action.

Categories
Everything Compliance

Episode 99, the Nobody Wants a Truth Cocktail Edition


Welcome to the only roundtable podcast in compliance. In 2021, Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jay Rosen, Jonathan Marks, Tom Fox and Matt Kelly. We conclude with our fan favorite Shout Outs and Rants.

1. Jay Rosen discusses the hunt for Russian oligarch goods and funds. Rosen shouts out to gaslighters Marjorie Taylor Green and Kevin McCarthy for denying they made comments when the audio was played to them.

2. Matt Kelly takes a deep dive into the Stericycle FCPA enforcement action.  Kelly gives a shout out to the Brooklyn Public Library for offering a free library cards to those from towns where the GOP has banned books.

3. Jonathan Marks looks explores the FirstEnergy corruption case and its continued fallout in Ohio. Marks rants about Comcast which marketed a product which does not exist.

4. Tom Fox looks a provocative piece by Dick Cassin which posits the DOJ has changed enforcement priorities to remediation as the key goal. Fox shouts out to shareholders of Credit Suisse who revolted against the Board when it tried to shield itself from liability over its recent financial failures.

 The members of the Everything Compliance are:
•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Compliance Into the Weeds

Stericycle FCPA Enforcement Action


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a deep dive into the recently released Stericycle FCPA enforcement action. Highlights include:

  • What is a business strategy based upon corruption?
  • Over-expansion and under due diligence in M&A.
  • Document Document Document
  • The Monaco Doctrine at work.
  • Lessons learned going forward.

Resources
DPA
SEC Order
Matt in Radical Compliance
Tom in FCPA Compliance and Ethics Blog

Categories
Blog

Cookies, Chocolates and IP: The Stericycle FCPA Enforcement Action – Part IV

Last week, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action, involving the waste management company, Stericycle, Inc. (Stericycle). According to the Information and Deferred Prosecution Agreement (DPA), Stericycle entered into a three-year DPA. The company was charged with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Under the DPA, Stericycle agreed to a criminal penalty of $52.5 million of which the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings. According to the SEC Cease and Desist Order (Order), Stericycle violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC Order also provided for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities. Today we consider the lessons learned.
Rapid Expansion
Similar to what we saw in the WPP enforcement action, Stericycle engaged in rapid expansion in a series of foreign jurisdiction. In this case it was Latin America. Stericycle does not seem to have made the same mistakes as WPP in holding back part of the overall acquisition payout to the owners in the locales where they purchased entities and thereby incentivizing corruption to meet sales goals. Under Stericycle, there was nothing about this same type of incentive plan used by WPP. However, Stericycle did appear to keep the former owners on as the executives in these new foreign subsidiaries without taking into account how those former owners may have done business or the risk model it entailed.
Which brings us to pre-acquisition due diligence, which is not simply looking at the financial issues involved but also considering the potential purchase from the compliance perspective. How did the companies which were purchased to form the foreign subsidiaries in Latin America do business before they were purchased? Did Stericycle review those companies from the compliance standpoint?
Moreover, and as Candice Tal, founder of Infortal, continually reminds us, due diligence is more than simply a site investigation or a couple of interviews. It should include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other lawsuits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publicly.” Clearly, Stericycle did not engage in this level of due diligence in either the acquisitions of the entities which became Stericycle subsidiaries in Latin America, nor in their key personnel. Employees up and down the chain of an organization do not simply wake up one day and decide to engage in bribery and corruption and create a full set of records so the effectiveness of your bribery-based business process can be evaluated. 
Impact of the FCPA Corporate Enforcement Policy
The Stericycle enforcement action once again demonstrates how the FCPA Corporate Enforcement Policy can benefit even the most corrupt organization and allow a significant reduction of the overall fine and penalty under the US Sentencing Guidelines. According to the DPA, Stericycle received a 25% discount off the bottom of the applicable Sentencing Guidelines fine range for its cooperation during the pendency of the investigation and the extensive remediation.
I have previously estimated Stericycle saved between $25 million to $30 million from their final criminal fine. That is certainly a significant amount and one every Chief Compliance Officer (CCO) needs to have ready to submit to your CEO to demonstrate the power of committing time and resources to both internal investigations and remediation during the pendency of the investigation.
Impact from the Lisa Monaco Doctrine
a. The Monitor
The is first FCPA enforcement action to show the full impact of the change in DOJ enforcement priorities after the Lisa Monaco speech of October 2021, in a variety of ways. The first is the imposition of a monitor. It was required under both the DPA and the Order. Interestingly, even though the company was long aware of its compliance and ethical failures and even though it had been investigating this matter since at least 2016; the company could not seem to get its collective act together enough to fully implement and test the new compliance regime set out in the DPA. The DPA stated, “despite its extensive remedial measures described above, the Company to date has not fully implemented or tested its enhanced compliance program, and thus the imposition of an independent compliance monitor for a term of two years, as described more fully below and in Attachment D, is necessary to prevent the recurrence of misconduct.” [Emphasis supplied] Clearly the DOJ (and SEC) did not trust that the company would follow through with its resolution documents obligations and was “necessary to prevent the recurrence of misconduct.”
b. Culture
One part of the Monaco speech which drew much criticism from the White-Collar defense bar and others were her remarks around culture and that the DOJ would start assessing corporate culture in the context of other fines, penalties and regulatory enforcement actions from outside the FCPA context. Many articulated fears that conduct completely unrelated to a FCPA enforcement action could form the basis of a FCPA enforcement action. Those fears were alleviated in the Stericycle DPA which stated, “the Company has some history of prior civil and regulatory settlements, but no prior criminal history”. At least at this point, no unrelated civil or regulatory actions were assessed in the context of a FCPA enforcement action.
There was and continues to be much to consider and learn from the Stericycle FCPA enforcement action. I am sure we will be revisiting it in the future.

Categories
Blog

Cookies, Chocolates and IP: The Stericycle FCPA Enforcement Action – Part III

Last week, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action, involving the waste management company, Stericycle, Inc. (Stericycle). According to the Information and Deferred Prosecution Agreement (DPA), Stericycle entered into a three-year DPA. The company was charged with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Under the DPA, Stericycle agreed to a criminal penalty of $52.5 million of which the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings. According to the SEC Cease and Desist Order (Order), Stericycle violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC Order also provided for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities. In today’s post we consider the fallout to the company, the comeback made during the pendency of the investigation and the monitor.
The Fallout
The fallout for Stericycle could not have been more dramatic or more disastrous. The company had to basically shut down a large part of its Latin American business. According to the DPA, Stericycle divested itself from its subsidiaries in Mexico and Argentina and taking steps to address its risks in Brazil. Consider that for a moment, the corruption is so endemic within your business unit, that you actually cannot remediate, you must divest yourself of it. According to Stericycle’s own estimates it would lose millions of dollars in business if it was required to leave these countries and the amounts of monies generated through bribery and corruption was equally high, according to the DPA.
The Comeback
The Stericycle enforcement action once again demonstrates how the FCPA Corporate Enforcement Policy can benefit even the most corrupt organization and allow a significant reduction of the overall fine and penalty under the US Sentencing Guidelines. According to the DPA, Stericycle received a 25% discount off the bottom of the applicable Sentencing Guidelines fine range for its cooperation during the pendency of the investigation and the extensive remediation. The former conduct was identified as “proactively disclosing certain evidence of which the United States was previously unaware; providing information obtained through its internal investigation, which allowed the government to preserve and obtain evidence as part of its own independent investigation; making detailed factual presentations to the Fraud Section; voluntarily facilitating interviews in the United States of foreign-based employees; and collecting and producing voluminous relevant documents to the Fraud Section, including documents located outside the United States, accompanied by translations of documents.”
The extensive remediation was even more revealing as the DPA stated that although the company had not self-disclosed, it began its internal investigation prior to being contacted by the DOJ. The company amped up its game regarding corporate governance by “appointing numerous new individuals to senior management and Board of Directors positions and establishing a Safety, Operations, and Environmental Committee to enhance Board oversight.” It enhanced its “compliance organization by hiring additional compliance personnel, including an experienced new Chief Ethics and Compliance Officer who reports directly to Stericycle’s Chief Executive Officer and Chair of the Audit Committee of the Board of Directors”. It updated the backbone of its compliance program; by updating its code of conduct, policies, procedures and internal controls.” It enhanced (or perhaps even created) its internal reporting, investigations and risk assessment processes and improved its compliance training and communications. Discipline was levied against certain employees, “including terminating certain employees including senior managers” and the aforementioned divestitures.
I have previously estimated Stericycle saved between $25 million to $30 million from their final criminal fine. That is certainly a significant amount and one every Chief Compliance Officer (CCO) needs to have ready to submit to your CEO to demonstrate the power of committing time and resources to both internal investigations and remediation during the pendency of the investigation.
 The Monitor
The is first FCPA enforcement action to show the full impact of the change in DOJ enforcement priorities after the Lisa Monaco speech of October 2021; in a variety of ways. The first is the imposition of a monitor. It was required under both the DPA and the Order. Interestingly, even though the company was long aware of its compliance and ethical failures and even though it had been investigating this matter since at least 2016; the company could not seem to get its collective act together enough to fully implement and test the new compliance regime set out in the DPA. The DPA stated, “the Company has enhanced and has committed to continuing to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in Attachment C to this Agreement (Corporate Compliance Program) but, despite its extensive remedial measures described above, the Company to date has not fully implemented or tested its enhanced compliance program, and thus the imposition of an independent compliance monitor for a term of two years, as described more fully below and in Attachment D, is necessary to prevent the recurrence of misconduct.” [Emphasis supplied] Clearly there was something missing from the company’s overall approach over these past six years.
According to the Order, the Monitor is mandated to review and evaluate the effectiveness of the Company’s policies, procedures, practices, internal accounting controls, recordkeeping, SOX controls, and financial reporting processes tying them to the FCPA and other applicable anti-corruption laws, and “make recommendations reasonably designed to improve the effectiveness of the Company’s Policies and Procedures and FCPA corporate compliance program (the “Mandate”). This Mandate shall include an assessment of the Board of Directors’ and Executive Leadership Team’s [ELT] commitment to, and effective implementation of, the Policies and Procedures and FCPA corporate compliance program.” Note this exacting requirement on the Board and ELT. Obviously, the SEC found their conduct wanting and needed to specifically call it out. It could also be a nod of the hat to the Delaware Supreme Court and its expansion of the Caremark Doctrine. Of additional interest was that the Monitor “should use a risk-based approach” and not necessarily “conduct a comprehensive review of all business lines, all business activities, and all markets.” Even with this anti-boil the ocean language, it is quite a bit of work for the company and the monitor.
Join us tomorrow where we look some lessons learned.

Categories
This Week in FCPA

Episode 298 – the NBA Playoffs Are Here edition


As the Celtics win Game One with a buzzer beater, Tom and Jay are back to look at some of the week’s top compliance and ethics stories in the NBA playoffs are here edition.
 Stories

  1. Mike Volkov takes a deep dive into the recent DOJ trial record. In a 3-part series on Corruption Crime and Compliance.
  2. Sexual harassment case too implausible for Hollywood? Adam Manno in the Daily Mail.
  3. KT Corp FCPA enforcement action analysis. Lawyers from Debevoise in Compliance and Enforcement.
  4. Stericycle FCPA settlement. DOJ Press Release. Harry Cassin the FCPA Blog. Tom begins a 3-part series on the FCPA Compliance Report.
  5. Data analytics informs SEC enforcement action. Jaclyn Jaeger in Compliance Week.
  6. SEC Chair Gensler reflects on 1st year of Chairmanship? Ephrat Livny in NYT.
  7. Into the crystal ball on climate disclosures. Mai-Khoi Nguyen-Thanh and Taylor Wirthin CCI.
  8. Should Elon Musk have been stopped long ago? Francine McKenna in Time.
  9. What should be on your audit committee agenda for 2022? Maureen Bujno, Krista Parsons and Kimia Clemente in Harvard Law School Forum on Corporate Governance.
  10. Putting the ‘G’ first in ESG. Lawrence Heim in practicalESG

 Podcasts and More

  1. Tom visits with Matt Galvin and Dan Kahn over a 2-part podcast series. In Part 1, they talk about dealing with the DOJ during a FCPA investigation and thereafter. In Part 2 we took a deep dive into the Lisa Monaco speech and what it means for compliance professionals.
  2. What is the only podcast dedicated to the intersection of Compliance and ESG? It’s the Compliance ESG Podcaston the CPN. Check out this week’s episode with Erika Peters of Exiger on the ESG Standards. For your added viewing pleasure check out the video pod on YouTube.
  3. This month on the Compliance Life, I visit with Susan Divers, Director of Thought Leadership at LRN. In Part 1, academic life and early professional career. In Part 2, she moves to the corporate world. In Part 3, Susan moves into the CCO chairs at AECOM.
  4. Are you a MCU fan? If so check out the latest 2 episodes of Popcorn and Compliance-the MCU Series as Tom and Megan Dougherty are going through the full MCU in chronological, not release date order. The latest two episodes are Black Widow and Black Panther.
  5. Why should you attend Compliance Week 2022? Find out on this episode of From the Editor’s Desk. Listeners get a $200 discount to CW 2022 with the discount code TFLAW $200 OFF. More here.

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Blog

Cookies, Chocolates and IP: The Stericycle FCPA Enforcement Action – Part II

Earlier this week, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action, involving the waste management company, Stericycle, Inc. (Stericycle). According to the Information and Deferred Prosecution Agreement(DPA), Stericycle entered into a three-year DPA. The company was charged with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Under the DPA, Stericycle agreed to a criminal penalty of $52.5 million of which the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings. According to the SEC Cease and Desist Order (Order), Stericycle violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC Order also provided for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities. In today’s post we will consider the bribery schemes.
The Problem
According to the Order, Stericycle got into FCPA hot water when it initially entered the Latin America market in 1997 and then rapidly expanded through the acquisition of many local businesses in Argentina, Brazil, and Mexico. Stericycle operated through wholly-owned subsidiaries in Brazil (“Stericycle Brazil”), Mexico (“Stericycle Mexico”), and Argentina (“Stericycle Argentina”). The prior local business owners continued to run the operations in each country. Each country had an executive team that reported to, among others, a former Stericycle executive responsible for all of Latin America (the “LatAm Executive”). The LatAm Executive reported directly to executives at Stericycle’s corporate headquarters. If all of this sounds familiar to readers of this blog, it was this similar fact pattern which brought the UK company WPP to FCPA grief as well.
Moreover, as the company grew in Latin America through acquisition, it failed to implement even the most basic internal controls for compliance. The Order noted, “the accounting processes and systems remained mostly decentralized with neither uniformity nor proper oversight, resulting in internal control deficiencies.” To top it all off, “Stericycle had no centralized compliance department and failed to implement its FCPA policies or procedures prior to 2016.” Clearly compliance was not something that was of the least interest to the company and it clearly contributed to an overall culture of corruption as a business practice. Finally, the corporate office, in the form of the LatAm Executive, “signed and transmitted numerous sub-certification letters in which they falsely stated that they were not aware of any actual or potential material event in their region, including any actual or alleged violation of any applicable law.”
The Bribery Schemes
The bribe payments were allegedly hidden through the use of code words for bribery. ‘Little pieces of chocolate in Brazil’, ‘IP’ or incentive payments in Argentina and ‘cookies’ in Mexico. In Brazil, the bribes paid were usually a percentage of the contract value, although occasionally it was a simple fixed fee. The DPA noted, “as part of the scheme, Stericycle Brazil employees agreed upon bribe payments in return for receiving payment priority on certain invoices owed under contracts with government agencies; the bribe payments were typically a percentage of the invoice amount owed or a fixed amount. The entire Brazilian business unit was apparently in on the scam as Stericycle Brazil sales employees, who used the cash to make bribe payments to government officials in different regions.” But it was not the BD folks who were running this bribery, as the “Stericycle Brazil finance employees prepared bank orders in the names of the Stericycle Brazil sales employees, who would retrieve the money from the bank and deliver the cash funds—often through an intermediary—to government officials associated with government customers.”
But it did not even stop there. According to the Order, in 2012, “Stericycle Brazil executives formed a sham third-party vendor that purportedly provided accounts receivable collection services to Stericycle Brazil, which were never provided. Rather, the sham third-party vendor issued false invoices that Stericycle Brazil used to support the bribe payments in its books and records. Each month, Stericycle Brazil finance employees estimated the amount of cash withdrawals attributable to the bribe payments. At the end of the month, Stericycle Brazil finance employees requested false invoices from the sham third-party vendor in the amount of the preceding month’s estimated cash withdrawals used for bribes. These invoices for purported debt collection services concealed the true purpose of the payments. The invoiced amounts were recorded in Stericycle’s general ledger, and the cash withdrawals appeared in company bank statements. In 2015, a Stericycle Brazil executive formed two other sham third-party vendors to continue the same scheme.”
To top it all off, all of the above was documented in company books and records. The finance employees “maintained spreadsheets which identified the government customers receiving bribes and the corresponding amount (either a set percentage of revenue or fixed amount), and the Stericycle Brazil employee responsible for retrieving the cash and delivering the bribe payments either directly or through a third-party intermediary. The spreadsheets contained entries, organized by month and region, of both the total amount of bribes paid and the amounts of the fake invoices used to provide cover for cash withdrawals. The Stericycle Brazil finance employees stored these spreadsheets on Stericycle’s servers, and the Stericycle Brazil executives and the LatAm Executive had knowledge of the payments by, among other things, receiving one or more copies of these spreadsheets.”
Just to reiterate, the finance team was preparing fraudulent money orders for employees to cash to create a pot of money to pay a bribe. Additionally, business unit executive themselves created a sham vendor to generate false invoices to also create pots of money to pay bribes, all of which was documented in the company’s books and records. This is not some pedestrian bribery scheme. This is a business unit which has systematized bribery as a business process.
In Mexico, this same basic format was used but with a twist. There was not a sham vendor or vendors. Here the corrupt LatAm Executive formed a joint venture (JV) which the company entered into to form Stericycle Mexico. It was all documented by spreadsheets which “identified invoices from approximately 45 third-party vendors which purported to provide otherwise undocumented consulting and market research services. The spreadsheets linked invoices to payments to government officials, including the name of the customer and calculation of the bribe as a fixed amount or percentage of the customer’s invoice value. Some spreadsheets also detailed the recipient of the bribe and method of delivery (cash versus wire transfer). These spreadsheets were sent to, among others, the LatAm Executive and a Stericycle Mexico executive on Stericycle’s servers.”
In Argentina, the specific method of how the cash was generated to pay the bribes was not report. The DPA noted, the “Argentina Country Management calculated and approved bribe payments, which were typically paid in cash by Stericycle Argentina sales employees. For example, on occasions when a bribe needed to be paid, a Stericycle Argentina sales employee emailed an estimate of the bribe payment, which was typically a percentage of the underlying contract payment. Upon approval of the payment, the Stericycle Argentina sales employee obtained cash from the Stericycle Argentina office in Buenos Aires and subsequently delivered the bribe payment to the foreign official.” These payments were called “alfa” and “alfajores”, a traditional cookie popular in Argentina.
Join us tomorrow where we look at the fallout and then the comeback.

Categories
Blog

Cookies, Chocolates and IP: The Stericycle FCPA Enforcement Action – Part I

The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) announced a Foreign Corrupt Practices Act (FCPA) enforcement action. To say that the respondent company, Stericycle, Inc. (Stericycle) had a culture of non-compliance throughout its entire Latin American (LATAM) business unit belies those companies which only have a dysfunctional culture. Stericycle had a culture of corruption burned into the DNA of the LATAM business unit which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM.
Yet even with this corrupt culture, Stericycle also demonstrated how a company can take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the criminal penalty reflects a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.
The Stericycle enforcement action also provides insights into how the DOJ will implement the remarks made by Lisa Monaco last October on their new approach to FCPA enforcement. Finally, Stericycle agreed to a two-year corporate monitor under both the DOJ and SEC settlements. In short, there is much to unpack from this enforcement action which I will do so over the next few blog posts.
According to the Information and Deferred Prosecution Agreement (DPA), Stericycle entered into a three-year DPA. Stericycle agreed to a criminal Information, which charged the company with two counts of conspiracy to violate (1) the anti-bribery provision of the FCPA, and (2) the FCPA’s books and records provision. Stericycle agreed to a criminal penalty of $52.5 million. According to the DOJ Press Release, the DOJ agreed to credit up to one-third of the criminal penalty against fines the company pays to authorities in Brazil in related proceedings, including an amount of approximately $9.3 million to resolve investigations by the Controladoria-Geral da União (CGU) and the Advocacia-Geral de União (Attorney General’s Office). According to the SEC Press Release, Stericycle consented to the SEC’s cease-and-desist order that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA, and agreed to pay approximately $28.2 million in disgorgement and prejudgment interest. The SEC’s order provides for an offset of up to approximately $4.2 million of any disgorgement paid to Brazilian authorities.
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division said in the DOJ Press Release, “Stericycle today accepted responsibility for its corrupt business practices in paying millions of dollars in bribes to foreign officials in multiple countries. The company also maintained false books and records to conceal corrupt and improper payments made by its subsidiaries in Brazil, Mexico, and Argentina. Today’s resolution demonstrates the Department of Justice’s continuing commitment to combating corruption and protecting the international marketplace.”
Assistant Director Luis Quesada of the FBI’s Criminal Investigative Division said, “Today’s resolution with Stericycle shows that the FBI and our international law enforcement partners will not allow corruption to permeate domestic or international markets. The consequences of violating the FCPA are clear: Companies that bribe foreign officials for business advantage will be held accountable.” Finally, Eric I. Bustillo, Director of the SEC’s Miami Regional Office, said in the SEC Press Release, “Stericycle rapidly expanded in Latin America without any meaningful oversight or compliance measures, as evidenced by widespread bribery schemes lasting for many years in most of its Latin America operations. Companies in pursuit of global expansion cannot disregard the need for appropriate controls.” Damning words all but they had lessons for the compliance professional from this matter.
As part of the DPA, Stericycle has agreed to continue to cooperate with the department in any ongoing or future criminal investigations relating to this conduct. This could well mean additional criminal charges may be brought against any number of individuals known to the DOJ, as identified in the Information. In Brazil, the following persons, Stericycle LATAM Executives 1 & 2, Stericycle Brazilian Executives 1-3, and Stericycle Argentina Executive 1 were named in the Information. Also interesting was the active assistance of sister anti-corruption enforcement groups in Brazil and Mexico, which were both identified by the DOJ and SEC as helping.
It was also interesting to note that under the DOJ Press Release, it noted that while “Stericycle has taken extensive remedial measures, it has not fully implemented or tested its enhanced compliance program, necessitating the imposition of an independent compliance monitor for a term of two years. Stericycle agreed to continue to enhance its compliance program and to retain an independent compliance monitor for two years, followed by self-reporting to the department for the remainder of the term.”
Regarding the final settlements with the DOJ and SEC; they both agreed to their respective resolutions with Stericycle based on several factors, including, among others, the company’s failure to voluntarily and timely disclose the conduct that triggered the investigation and the nature, seriousness, and pervasiveness of the offense. Although Stericycle did not self-disclose their illegal conduct to the DOJ or SEC, they did receive full credit for cooperation with both the agency investigations and engaged in extensive remedial measures. As noted above, this led to a 25% discount off the range suggested under the Sentencing Guidelines, saving Stericycle between $25 million to $30 million from their final criminal fine.
Finally, the Stericycle FCPA enforcement action is notable for the company’s use of code words to discuss bribery in its routine emails and other business correspondence. While chocolates and incentive payments (IPs) have been used before by other companies, cookies are now added to the bribery lexicon as a moniker for payment bribes.
Join us in our next blog where we consider the bribery schemes.