FCPA Books and Records and Internal Controls Enforcement – A Retrospective (Part III of IV)
Plan for the future because that’s where you are going to spend the rest of your life. – Mark Twain
The SEC enforces its books and records and internal controls provisions, most of which involve non-FCPA violations. The Justice Department has responsibility for prosecuting criminal violations of the books and records and internal controls provisions.
The interesting issue for both the SEC and the Justice Department is when they prosecute FCPA books and records and internal controls violations when there is insufficient evidence of actual bribery. In a nutshell, that is what Parts III and IV of this series are all about.
In Part III, I will review a few of the significant cases involving books and records and internal controls violations where the government was unable to cite evidence of bribery.
The SEC’s case against Oracle is the most significant case for books and records and internal controls violations. Oracle paid $2 million for secretly “parking” a portion of the proceeds from certain sales to the Indian government. Specifically, between 2005 and 2007, Oracle structured more than a dozen transactions so that $2.2 million was held by Oracle’s distributors (through several unauthorized “vendors”) and kept off Oracle’s India books.
Oracle did not accurately record these funds and failed to maintain a system of effective internal accounting controls to prevent improper side funds. The SEC was unable to establish that any of these funds were used for any illegal bribery payments under the FCPA, and instead relied on the fact that Oracle’s violations increased the risk of bribery payments.
The SEC has been much more aggressive in prosecuting individuals for FCPA books and records and internal controls violations. In 2009, the SEC prosecuted Thomas Wurzel, the former president of ACL Technologies, Inc. (“ACL”), a subsidiary of United Industrial Corporation, authorized multiple payments to an ACL foreign agent in connection with a military aircraft depot ACL was building for the Egyptian Air Force in Cairo, Egypt. Wurzel knew that the agent had not been subjected to ACL’s due diligence requirements, and he failed to document the services allegedly provided by the agent. While there was some evidence suggesting that a portion of the payments may have been used for bribery payments, the SEC did not cite evidence that such payments were actually made. Wurzel settled the matter for $35,000.
The Justice Department’s Bio-Rad enforcement action from last year confirmed its increased focus on accounting provisions and internal controls where there is insufficient evidence of bribery. Bio-Rad agreed to pay a $14.35 million penalty in exchange for a Non-Prosecution Agreement to resolve allegations it falsified its books and records and failed to implement adequate internal controls in connection with its activities in Russia.
While there was no specific evidence of bribes paid by Bio-Rad to any Russian official, the accompanying statement of facts set out a detailed recitation of control deficiencies.
Bio-Rad retained a third-party agent consisting of a single employee and multiple offshore companies. Bio-Rad did not subject the companies to due diligence. Bio-Rad paid the companies a commission of 15 to 30 percent for a number of services that the companies were unable to perform and did not perform.
Bio-Rad’s contracts with the off-shore companies were bogus and improperly signed by lower level managers. In one case, Bio-Rad’s Russia manager prepared an invoice that was approved by Bio-Rad managers. Bio-Rad managers structured payments to the agent in order to avoid Bio-Rad internal financial controls over authorizations.
Bio-Rad’s payments to the agent were falsely recorded as “commission payments,” and internally referred to as “bad debt.”
Bio-Rad’s headquarters maintained corporate policies and procedures, but international offices were given autonomy to institute separate policies and procedures. Bio-Rad’s Russia managers never instituted due diligence procedures for its third parties.
Bio-Rad later recommended that internal controls be adopted in Russia but the Russia managers resisted implementation fo such controls.
Bio-Rad also failed to implement an adequate ethics and compliance program. The company did not provide FCPA training, despite having a code of conduct that prohibited bribery. Bio-Rad’s code of conduct was maintained only in English despite having foreign operations with non-English speaking employees and third parties.
Bio-Rad also maintained a decentralized compliance program, and failed to establish due diligence procedures, third-party contracts with appropriate anti-corruption provisions and to conduct risk assessments.