In an unusual FCPA enforcement action, the Justice Department and the SEC resolved FCPA violations against Sociedad Quimica y Minera, a Chilean chemical and mining company, for a total of $30.5 million, for paying approximately $15 million in bribes to Chilean officials. SQM agreed to a deferred prosecution agreement (DPA) with DOJ and to assignment of a two-year independent compliance monitor.

The odd aspect of the FCPA enforcement action is the absence of any conduct or activity in the United States. SQM’s bribery activity did not involve conduct in the United States; no payments were made through US banks. The only connection to the United States is the fact that SQM trades American Depositary Receipts on the New York Stock Exchange and the filing of periodic reports.

If you put this issue aside, the SQM enforcement action includes important lessons learned.

Absence of Due Diligence and Vendor/Invoice Verification: SQM paid $15 million in bribes to Chilean government officials through vendors who were associated with the government officials. The vendors submitted invoices for services that were never provided involving “communications services,” “consulting services.” None of the invoices were verified and SQM conducted no due diligence of the vendors. SQM also paid donations to foundations controlled or closely aligned with Chilean officials.

C-Suite Misconduct: A SQM Senior Executive conducted the bribery scheme using funds from a CEO Account. The Senior Executive enlisted the assistance of other employees to cover up the payments, prepare false invoices and verifications when needed. Once again, SQM’s FCPA enforcement action demonstrates the risks and need for application of financial controls and compliance programs to C-Suite. The Senior Executive was fired after local tax authorities reported the issue.

Compliance practitioners cannot ignore C-Suite risks. One executive, as demonstrated by the SQM case, can engage in misconduct, resulting in a significant enforcement action costing the company large penalties and significant reputational damage. Compliance practitioners have to assess C-Suite risks, and develop mitigation strategies to reduce such risks. A good first start is to make sure C-Suite executives participate in training programs.

Board of Directors Failure: SQM’s Internal Audit identified financial control deficiencies in the use of the CEO Account. In particular, the Internal Auditor noted the absence of required documentation, and the failure to conduct due diligence on several high-risk vendors. SQM’s board of directors was given this report and was aware of the deficiencies and SQM’s failure to remediate the deficiencies.

The board did not follow-up on the issue. Its failure to do so is inexplicable and warranted further enforcement focus. If the Justice Department and the SEC want to send a message to corporate boards to ensure that they become more vigilant, prosecutors have to elevate their concerns to corporate board misconduct and deficiencies. Prosecutors’ gave short shrift to the issue in the settlement documents. Such a minimal discussion is unlikely to raise board awareness of their duties to respond and remediate internal audit deficiencies.

Charitable Contributions: SQM funneled $630,000 in bribery payments to Chilean government officials through donations to closely affiliated foundations. SQM failed to conduct due diligence nor monitor the foundation’s use of the payments to ensure that they were proper. One of the foundations was affiliated with a key Chilean government official responsible for mining issues in Chile.