Enlisting the Private Sector in the Fight Against Corruption — Part 2

Part 1 of this post lists 21 countries plus the Canadian province of Quebec that have taken measures to get corporations to join the fight against corruption.  Thanks to a bad case of jet lag, the post’s author ran out of steam before explaining what he meant by a company’s “joining the fight” or how countries got them to join it.  Herewith an explanation of both along with my apologies to readers puzzled by part 1.

To begin, a table summarizing the laws to which part 1 referred along with summaries of bills pending in the Irish and Vietnamese legislatures appears here: National Compliance Rules.  (Thanks to readers who caught errors in the part 1 list; similar scrutiny of the table solicited.)

As the table shows, the laws referenced require — or provide incentives for — companies under their jurisdiction to prevent their employees from paying bribes or engaging in other forms of corrupt conduct.  Some laws prescribe in detail the elements such an anticorruption compliance program should contain; others leave it to regulations or the courts to decide what companies must do.  With the October 2016 publication of ISO 37001 setting standards for corporate antibribery programs, most authorities will likely converge around the elements it recommends.   The recommendations are sensible and quite consciously track the experience of those countries that required corporate compliance programs, especially the United States, where guidelines on what constitutes an “effective” compliance program, drafted to help courts when deciding the culpability of corporations for the corrupt acts of employees and agents, have been in force since 2004.

Where national corporate compliance laws differ is in how countries “encourage” companies subject to their laws to institute a compliance program. The table reveals several approaches. Continue reading

Guest Post: The Draft ISO 37001 Anti-Bribery Standard’s Promise and Limitations

William Marquardt and David Holley, respectively Director and Managing Director at the Berkeley Research Group, LLC (a private management consulting firm) contribute the following guest post, which is written in their personal capacity and does not necessarily reflect the opinions, position, or policy of the Berkeley Research Group or its other employees and affiliates:

This past April, the International Organization for Standardization (ISO) released its draft standard on anti-bribery management systems (ISO 37001). The standard is tentatively scheduled to be finalized later this year. In substantive content, the draft ISO standard is similar to the FCPA Resource Guide provided by the U.S. Department of Justice and Securities and Exchange Commission, in that it provides a list of elements that an effective anti-bribery/corruption (“ABC”) program should contain. In terms of the specific elements listed, the proposed ISO standard provides a number of sound recommendations – such as a comprehensive, risk-based approach, as well as management commitment to promoting an ethical corporate culture—but with a few exceptions, the draft ISO 37001 standard is not much different from the guidance available from the DOJ/SEC and other sources in multiple jurisdictions.

That’s not to say that there is nothing whatsoever distinctive about ISO 37001. It does differ from the existing guidance in some ways, some good (such as the comprehensive focus on documentation, document retention, and document availability) and some not so good (such as the unrealistic recommendations regarding extension of management’s internal control systems to third-party vendors). The draft ISO standard also puzzlingly omits consideration of certain key issues –such as the labor law and data privacy issues that arise in connection with bribery investigations, questions regarding how to address anti-bribery concerns in connection with M&A or joint venture due diligence, and (most generally) the integration of ABC management systems into the firm’s wider financial, operational, and regulatory functions. But, again, in most respects the ISO 37001 draft standard closely resembles existing ABC guidance.

What makes the ISO 37001 standard distinctive, and the reason its finalization would be potentially such big news, is that ISO 37001 (like other ISO standards dealing with more technical matters) is intended to be subject to independent “certification” by third-party auditors. In other words, if and when the ISO 37001 standard is finalized, companies will be able to hire auditing firms to review their ABC programs and (if the auditor determines the firm meets the ISO 37001 criteria) to provide a formal certification that the company is ISO 37001-compliant. The question whether formal ISO 37001 certification of this sort will be a good thing (for firms, or for the world) has been hotly debated (for previous discussions on this blog, see here and here). Continue reading

Claims Against Petrobras Highlight Prospects for Shareholder Enforcement in US Courts

The fallout continues from the ongoing investigation of corruption at Petrobras, Brazil’s giant state-owned oil company. (See New York Times coverage here, and helpful timelines of the scandal here and here.) In March of 2014, Brazilian prosecutors alleged that Petrobras leadership colluded with a cartel of construction companies in order to overcharge Petrobras for everything from building pipelines to servicing oil rigs. Senior Petrobras executives who facilitated the price-fixing rewarded themselves, the cartel, and public officials with kickbacks, and concealed the scheme through false financial reporting and money laundering. The scandal has exacted a significant human toll: workers and local economies that relied on Petrobras contracts have watched business collapse: several major construction projects are suspended, and over 200 companies have lost their lines of credit. One economist predicted unemployment may rise 1.5% as a direct result of the scandal.

The enormous scale of the corruption scheme reaches into Brazil’s political and business elite. The CEO of Petrobras has resigned. As of last August, “117 indictments have been issued, five politicians have been arrested, and criminal cases have been brought against 13 companies.” In recent months, the national Congress has initiated impeachment proceedings against President Dilma Rousseff, who was chairwoman of Petrobras for part of the time the price-fixing was allegedly underway. And last month, federal investigators even received approval from the Brazilian Supreme Court to detain former President Luiz Inácio Lula da Silva for questioning. (Lula was President from 2003 to 2010—during the same period of time that Ms. Rousseff was chairwoman of Petrobras.) Meanwhile, the House Speaker leading calls for President Rousseff’s impeachment has himself been charged with accepting up to $40 million in bribes.

As Brazilian prosecutors continue their own investigations, another enforcement process is underway in the United States. Shareholders who hold Petrobras stock are beginning to file “derivative suits,” through which shareholders can sue a company’s directors and officers for breaching their fiduciary duties to that company. Thus far, hundreds of Petrobras investors have filed suits. In one of the most prominent examples, In Re Petrobras Securities Litigation, a group of shareholders allege that Petrobras issued “materially false and misleading” financial statements, as well as “false and misleading statements regarding the integrity of its management and the effectiveness of its financial controls.” (For example, before the scandal broke, Petrobras publicly praised its Code of Ethics and corruption prevention program.) The claimants allege that as a result of the price-fixing and cover-up, the price of Petrobras common stock fell by approximately 80%. In another case, WGI Emerging Markets Fund, LLC et al v. Petroleo, the investment fund managing the Bill & Melinda Gates Foundation has alleged that the failure of Petrobras to adhere to U.S. federal securities law resulted in misleading shareholders and overstating the value of the company by $17 billion. As a result, the plaintiffs claim they “lost tens of millions on their Petrobras investments.”

Thus, in addition to any civil or criminal charges brought by public prosecutors, private derivative suits offer a way for ordinary shareholders to hold company leadership accountable for its misconduct. In these derivative suits, any damages would be paid back to the company as compensation for mismanagement; the main purpose of the suits is not to secure a payout for shareholders, but to protect the company from bad leadership. The Petrobras cases illustrate how derivative suits can offer a valuable mechanism for anticorruption enforcement, but they also face a number of practical challenges.

Continue reading

The Internal Revenue Service’s (Potential) Role in Combating Foreign Bribery

The uptick in FCPA investigations in recent years is well-known. The two agencies responsible for FCPA enforcement—the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC)—now have special units focused on FCPA cases. Both have been aggressively pursuing cases against corporations and (increasingly) individuals. But there is a third U.S. agency that can and should be more involved in the fight against transnational bribery: the Internal Revenue Service (IRS).

The IRS already has some role in FCPA cases, though the extent of that involvement is not entirely clear. Recently, its joint investigative role has been mentioned in a few high-profile matters. Notably, criminal FCPA charges against Vicente Eduardo Garcia (an SAP regional director who in August pled guilty to an FCPA violation involving bribery for Panamanian government contracts) were investigated cooperatively by the FBI and IRS, a fact that some commentators cautioned signaled a need for companies to increase FCPA compliance efforts through additional channels. IRS Criminal Investigation was also involved in the case against Hewlett-Packard Russia, which last year pled guilty to violating the FCPA, and even the (non-FCPA but bribery-related) investigation of FIFA started with the IRS. Beyond investigation, the IRS can bring separate tax charges related to incidents of bribery or other inappropriate payments. A 2014 settlement included a multi-million-dollar forfeiture to the IRS, apparently the first such forfeiture in an FCPA settlement, though the exact reason for the forfeiture was not revealed.

Several observers have speculated that the last decade’s increase in FCPA actions could lead to an increase in tax-related actions. Up until now it has been relatively rare for FCPA actions to include associated tax charges, but the 2014 settlement might be one indication that the relative scarcity of tax involvement could change. The IRS can further develop its responsibility in FCPA investigations with an expanded formal cooperative role, if indeed it does not have one already, in DOJ or SEC prosecutions. This would be a positive step, since there are two major advantages to FCPA investigations assisted, or tax charges brought, by the IRS:

Continue reading

NYU Roundtable on the DOJ Fraud Section’s New “Corporate Compliance Counsel”: The Video and Some Thoughts

As many readers are likely aware, the U.S. Department of Justice Fraud Section (now headed by Andrew Weissmann), which has responsibility for enforcing the Foreign Corrupt Practices Act (among other things), recently created a new position called the “Corporate Compliance Counsel,” and appointed to the post Hui Chen, a former corporate compliance officer for a number of major firms (including Microsoft, Pfizer, and Standard Chartered). The avowed purpose of the new position is to assist the DOJ in assessing the quality of a company’s internal compliance program and remediation measures. In the FCPA context (and others), these assessments are relevant to the DOJ’s decisions regarding whether to prosecute, what penalties to seek, and what additional remedial measures to pursue, even though there is not a formal “compliance defense” under the FCPA (or other statutes that the Section enforces). Thus, the thinking behind the creation of the new DOJ position seems to be that having someone in the Section with a lot of background in corporate compliance will enable the DOJ prosecutors to do a better job in evaluating the quality of a company’s compliance program and remedial efforts.

The creation of the Corporate Compliance Counsel position has garnered praise in some quarters, but also attracted some criticism; the critics tend to argue that the creation of the new position is, at best, a public relations move with little real consequence, and at worst an indirect effort to weaken the enforcement of corporate criminal laws.

Last week, the NYU Program on Corporate Compliance and Enforcement (PCCE) hosted a public forum where Mr. Weissmann and Ms. Chen discussed the new position and answered some questions posed by NYU Professor (and PCCE co-director) Jennifer Arlen. Because I thought that this might be of interest to some readers, here’s a link to a video of the discussion.

A few additional thoughts about what I thought were the more interesting exchanges: Continue reading

Should FCPA Enforcers Focus on Bribe-Paying Employees or Their Corporate Employers?

These days most (though not all) resolutions in Foreign Corrupt Practices Act cases involve corporate defendants paying fines or other penalties to the government. Usually (again, not always) the government does not bother prosecuting the employees who paid the bribes. (While the government has recently made individual liability in corporate criminal cases more of a point of emphasis — as exemplified by the DOJ’s Yates Memo, which Danielle discussed in yesterday’s post — the targets in those cases are typically senior executives who orchestrated bribe-paying schemes, not the lower-level executives or employees who actually paid the bribes.) The government also uses various legal tools to encourage lower-level employees blow the whistle on their employers.

Do we have this backwards? Right now, the government focuses its enforcement efforts on the corporate employers, rather than the lower-level employees who pay the bribes. Should the government instead emphasize enforcement actions against the employees? Right now, the government tries to give employees incentives to uncover and disclose evidence of FCPA violations committed by their employers. Should the government instead focus on encouraging the employers to uncover and disclose FCPA violations committed by their employees?

This past summer, I was fortunate enough to attend the Third Annual Conference on Evidence-Based Anti-Corruption Policies in Bangkok, and the keynote speaker at that event, New York University Law Professor Jennifer Arlen, made a case along those lines. (Professor Arlen’s address was actually a much more wide-ranging discussion of corporate criminal liability; I’ve extracted, and possibly oversimplified or distorted, one thread of her argument. But it’s an interesting enough argument that I think it’s worth engaging, and I’ll focus on the simple version, even though her position is more nuanced.) The argument goes something like this: The DOJ should adopt a policy that any corporation that discovers FCPA violations by its employees, and then promptly (a) discloses the violation to the government, (b) provides the government with information, and (c) assists the government in prosecuting the employee, should be exempt from corporate criminal liability for the violation; the DOJ should instead vigorously prosecute the individual employees in this situation (using the evidence that the corporate employer has itself provided). If the corporation fails to promptly disclose such a violation, however, and the government subsequently finds out about it, the corporation should be held criminally liable for the FCPA violation, and penalized accordingly.

I think this proposal is interesting enough to take seriously, though in the end I remain unconvinced that this shift in emphasis would be a good idea. Let me first lay out the argument in favor of this change, and then explain why I ultimately disagree. Continue reading

No Longer a Cost of Doing Business: The Yates Memo Signals DOJ Is Serious About Going After Individuals

As many observers have noted, penalties for Foreign Corrupt Practices Act (FCPA) violations tend to fall on corporations, rather than individual wrongdoers. The individual employees responsible for the unlawful conduct rarely pay fines or go to prison. The FCPA is not unique in this regard; many U.S. Department of Justice (DOJ) settlements with corporate defendants shield executives and employees from personal liability so long as the corporation accepts institutional responsibility. Yet this enforcement posture has been unsatisfying, and critics argue that many corporations simply treat the fines as an accepted cost of doing business. In response to this concern, and after much foreshadowing, the DOJ formally released a new policy on individual liability last week—a policy that applies to all corporate prosecutions and settlements, including those involving the FCPA. Known as the “Yates Memo” (it was announced by Deputy Attorney General Sally Quillian Yates in her remarks at NYU School of Law on September 9th), this new policy statement—the first major policy announcement from the DOJ under Attorney General Loretta Lynch—signals that the “cost of doing business” model of corporate compliance is coming to a definitive end.

Continue reading