On February 24 the SEC charged Ohio-based Goodyear Tire and Rubber Company with violating the books and records provisions of the Foreign Corrupt Practices Act (FCPA). Goodyear agreed to  pay $16.2 million to settle the charges, which stemmed from allegations that the company failed to prevent or detect bribes amounting to more than $3.2 million distributed by local executives at two of its Sub-Saharan subsidiaries in order to obtain tire sales. Most of the illicit payments were made prior to Goodyear’s acquisition of the Kenyan company in 2007. The SEC’s enforcement order suggests that the pre-acquisition due diligence Goodyear conducted was insufficient to uncover the illicit behavior. Furthermore, the SEC found Goodyear’s post-acquisition compliance efforts insufficient as well.

Evidence of improper payments in Kenya first came to light five years after Goodyear’s acquisition through an employee tip submitted via Goodyear’s ethics hotline. The company later disclosed its findings to the SEC and increased compliance trainings and audits. Goodyear’s cooperation and compliance efforts helped it avoid additional criminal fines. However, the dollar amount of the settlement doesn’t quite capture the extent to which this lapse in due diligence cost the company. Goodyear is also required to unwind its operations in Sub-Saharan Africa and stomach the loss of  investment funds, time, and future opportunity in the region.


Ignorance of foreign subsidiaries’ illicit behavior does not shield a parent company from liability under the FCPA. In this case, Goodyear’s Kenyan subsidiary had independently initiated the illegal practices prior to the acquisition and continued to be managed locally even after Goodyear acquired a majority stake in the company. The U.S. government was able to establish jurisdiction and charge Goodyear with FCPA violations because it had incorporated misleading records of the illicit payments into its accounting records. However, the company could have avoided the violations if it had conducted better pre-acquisition due diligence and implemented anti-corruption training with the subsidiaries right off the bat.

Pre-acquisition due diligence should include:

  • A complete audit of all books and records
  • An assessment of risks based on the location of the business and the nature of the particular industry
  • A review of internal control measures and the compliance culture
  • Risk assessments of political activities and third-party relationships (customers, contractors, vendors, agents, distributors, investors and partners)
  • A violations inquiry to assess target’s relationship with the DOJ and SEC as well as local agencies
  • Pre-acquisition actions to address red flags before the deal goes through
  • Thorough documentation of all due diligence efforts (to present in the event of a government investigation)
  • Immediate implementation of a compliance education and training program including manuals, policies, certifications and management support of the overall compliance program assessing the likelihood of violations, ability to provide mitigation, and the need for restructuring to provide effective protection against future violations.

The second half of 2013 saw the continued expansion of FCPA enforcement by the DOJ and the SEC.  The decrease in the scope of protections afforded to whistleblowers will lead to an increase in the number of FCPA potential violations reported to the U.S. government.   The increase in  compliance violations reported to the government will likely lead to an increase in export violation prosecutions.  I say this because once an FCPA investigation begins the facts often show weak compliance in other areas such as export control compliance.    And, the penalties are getting crazy.  For example, Avon recently submitted a revised filing estimating that the FCPA-related fines levied against it would amount to $132 million.  I am speechless about this.  Avon isn’t selling missile detection systems.  Cosmetics is obviously a more competitive business than I realized.

Additionally,  it isn’t just the United States government you have to worry about.  If you do any business in the U.K, the U.K. Bribery Act  also applies to you with its strict liability provisions. The U.K. Act, has only one mitigating factor and it’s a robust compliance program meeting the Act’s requirements.   Starting on February 24, the United Kingdom will have the option of using deferred prosecution agreements (or DPAs) to enforce the UK Bribery Act 2010.  DPAs, already in use in the United States, seek to incentivize corporations under investigation by offering a negotiated resolution in return for cooperation with the investigation. They also provide a form of supervision of the remedial measures undertaken by a corporation after a violation occurs: if a company fails to implement the changes it agreed to, the government can revisit the “deferred” criminal case against it. And then there is the “imbedded probation agent” that the government assigns to a corporation which is like having an IRS agent camping out in your internal audit department.

So what is the point?  Don’t limit your focus to your anticorruption program.  An audit of an exporter arising out of a potential FCPA violation may unearth unrelated inconsistencies that lead to additional headaches.  To avoid this slippery slope in the event of an unforeseen FCPA investigation, you must have an up to date export compliance manual and licensing records sufficient to survive a thorough audit of all of the company’s practices, not just those related to bribery.  Can you easily put your hands on your training attendance sheets,  your list of product classifications and your anti-boycott procedures? If not, consider some spring cleaning and reorganization.

As State and Commerce continue to rollout the President’s Export Control Reform Initiative in stages, there is an increased likelihood that inadvertent errors will occur as employees scramble to familiarize themselves with changing regulations during this period of transition. By ensuring that your company implements and maintains up-to-date anticorruption and export compliance programs, you are insuring yourself against the possibility of a minor inadvertent error leading your company down a slippery, costly, and potentially embarrassing slope.

Having described the most common shortcomings of an insufficient trade compliance program in a previous post, I’d now like to share five positive pointers that can be used to help ensure effective implementation of your company’s trade compliance program. Remember, a company-wide commitment and a similarly broad allocation of resources is necessary to implement a trade compliance program successfully, so picking and choosing which procedures to implement and which to ignore is not a viable option. Taking that route will result in a trade compliance program in name only, and won’t afford any real protection to your company.   Instead, make sure to keep the following key elements in mind:

  1. It isn’t enough to just train. Charles E. Duross, Deputy Chief of the U.S. Department of Justice’s FCPA unit recently said, “Training is insufficient.” I would say training alone isn’t enough. To be compliant, companies actually must commit to a new way. Just like in sports and music, knowledge is a requirement, but you must practice. Compliance must be proactive to prevent violations.  No longer is “hope for the best and change after a problem is discovered” an acceptable risk profile.
  2. Embrace technology.  New project management formats are being developed to help compliance groups manage and follow legal obligations. The IT system must be set up so that busy professionals can’t hit “dismiss” and overlook a compliance obligation.
  3. Resources will have to be dedicated to the compliance effort. It isn’t an afterthought. Trade compliance must have a seat at the table along with other serious risks.
  4. Senior management must stay engaged throughout the year. A lot can be done by mirroring corporate wellness programs and safety matters.  “Compliance Minutes” and discussion groups are real possibilities. Everyone in the company has a role to play, and when each employee feels empowered, the company will benefit.
  5. Accountability. There is no way around this if you really want to improve compliance. Hold people accountable. Period. It works. (And the government likes it.)

There are vital take-aways from the 10 year FCPA investigation into Total S.A. (Total), and the National Iranian Oil Company (NIOC).  The recent settlement requires Total to pay more than $398 million to the U.S. government and implement an “enhanced” compliance program with an on-site compliance monitor for three years.

Between 1995 and 2004, Total funneled approximately $60 million in bribe payments to an Iranian official.  In exchange, the official used his influence to help Total obtain oil rights contracts.  The DOJ charged Total with criminal violations of the anti-bribery, books and records, and internal controls provisions of the FCPA.  The Security and Exchange Commission (SEC) also issued a Cease and Desist Order addressing the civil charges associated with the bribes.  Meanwhile, French authorities continue to investigate the matter and have brought charges against Total in French Criminal Court for violation of the French foreign bribery statute, suggesting that the U.S. settlement may not quite signal the end of Total’s troubles.

Fortunately, this unfortunate example offers a number of takeaways for any company that wants to minimize the risk associated with doing international business.

  1. The U.S. settlement and parallel French investigation highlight global cooperation in anti-corruption enforcement, not to mention the potential for carbon copy prosecutions.  For this reason,  a company should not attempt to implement a compliance program that caters to only one country’s anti-bribery laws.  Instead, it should ensure its program satisfies international standards, providing a degree of protection against anti-corruption prosecution globally.
  2. Non U.S. companies should be aware of the U.S. government’s reach. Total has American Depository Receipts (ADRs) registered with the SEC and is publically traded on a U.S. exchange.  Additionally, a $500,000 bank wire from New York to Switzerland used to facilitate Total’s bribery scheme bolstered the government’s claim to jurisdiction.
  3. Companies can face FCPA prosecution relating to very old actions.  In the case of Total, the government began its investigation into conduct dating back to 1995.
  4. Companies must remember that cooperation is key to encouraging leniency on the part of the government and ultimately mitigating the fine imposed.  Total’s high fine suggests that it was not very cooperative during the investigation.

We are seeing a lot of interest from health care clients regarding the Foreign Corrupt Practices Act (FCPA). I usually stay away from this topic because so many others cover it in detail. However, we want to point out that in 2012, the SEC brought five enforcement actions and the DOJ initiated four prosecutions against pharmaceutical and medical device companies. What can you learn from these cases? The cases reveal preventable compliance failures in an industry that knows its employees and agents will have contact with foreign government officials.

United States v. Smith & Nephew

A British medical device company’s Greek distributor used slush funds to bribe Greek government surgeons and was reimbursed for “marketing services.” When Smith & Nephew did question the distributor’s excessive reimbursements, the distributor explained exactly what it was doing. Smith & Nephew ignored this red flag and kept paying. The failure to stop what any good compliance program would have cost the company $22 million dollars, plus legal fees, investigation costs and damage to its reputation.

United States v. Biomet

Biomet’s distributors paid kickbacks to surgeons in Argentina and Brazil to use its devices, calling the payments “commissions” and “consulting fees.” Executives and internal auditors failed to stop the payments for eight years after they discovered them.

Payments described no more specifically than “commissions” or “consulting fees” require follow-up by trained accounting staff before they are approved. Also, Biomet’s executives who knew about bribery, but failed to stop it, lacked the commitment to compliance — the “tone from the top” — that government gives companies a lot of credit for when mistakes do happen.

United States v. Pfizer

Pfizer used a points system to give prizes to government doctors in China for prescribing Pfizer products. High-prescribing doctors were invited to participate in recreational activities and this was all an accepted part of the business models of subsidiaries all over the world.

Nonetheless, Pfizer paid only $60 million to the government to resolve charges of tens of millions of dollars in systematic bribery, whereas Siemens paid $800 million for its systemic, worldwide bribery. This shows that compliance checks, followed by voluntary disclosures and full cooperation with authorities can limit a company’s exposure.

Change Your Compliance Best Practices

  • As your opportunities abroad grow, so must your anticorruption compliance. Your compliance must be more specific to your business issues.
  • You can no longer limit training to the FCPA.
  • In my opinion, the UK Bribery Act is the new standard. Even Russia has standards following the UK Act.
  • You also must train locally. China is different from Brazil and France.

The Securities and Exchange Commission (SEC) just changed the way companies have to think about Foreign Corrupt Practices Act (FCPA) compliance.  This is how FCPA enforcement usually goes: an improper payment is made to a government official, an investigation takes place, and the SEC and/or the Department of Justice (DOJ) steps in to enforce the Act and slaps the offenders with violations, fines, and penalties.   Not this time.

On August 16th the SEC charged Oracle Corporation (Oracle) with violating the books and records and internal controls provisions of the FCPA before an improper payment was ever made.  The violations were based on the idea that funds that are unaccounted for create a risk of bribery and embezzlement.  In this case, an Indian subsidiary of Oracle, Oracle India, structured transactions with India’s government so that there were exaggerated margins between the distributor and the buyer price.  Oracle India employees had the distributors hold or “park” the extra money, around $2.2 million, in side funds for “marketing development purposes.”  Then the distributors were told to make payments to local vendors that were actually just storefronts that did not actually provide any services.  Fake invoices were used to document the payments.

What is notable about this case is that there are no allegations of payments to government officials.  Instead, the SEC complaint alleged that Oracle failed to accurately record the side funds and create and maintain a system of effective internal controls to prevent improper use of the funds.  Essentially the SEC is using its books and records and internal controls provisions to penalize Oracle for exposing itself to risk; the risk that the hidden funds could have been used for improper or illegal payments.

This type of enforcement sends a serious message to the business community about proactive measures and FCPA compliance.  Marc J. Fagel, Director of the SEC’s San Francisco Regional Office, urged businesses to be proactive, saying “It is important for U.S. companies to proactively establish policies and procedures to minimize the potential for payments to foreign officials or other unauthorized uses of company funds.”  The SEC took Oracle’s cooperation, voluntary disclosure, and remedial measures into account, and Oracle agreed to settle the charges for $2 million.

The bottom line is – Do not wait for a violation to happen to think about the FCPA, the SEC isn’t waiting to enforce it!