Lessons Learned from the Cognizant FCPA Resolution (Part IV of IV)
The Cognizant FCPA enforcement action will go down as a problematic resolution for the policy reasons mentioned in my last post. Putting those concerns aside, there are some important lessons learned and observations that should be examined.
Credit for Pre-Existing Compliance Program: From a compliance perspective, DOJ’s declination letter explicitly credits Cognizant’s compliance program, citing “the existence and effectiveness of the Company’s pre-existing compliance program, as well as steps the Company has taken to enhance its compliance program and financial accounting controls.” DOJ’s credit for the “effectiveness of the company’s compliance program,” if intended, could reflect increased awareness and credit to companies that implement effective anti-corruption compliance programs. In the past, DOJ did not explicitly award credit for a “pre-existing” compliance programs but limited such credit to enhancements made after the violations occurred.
C-Suite Risks: The Cognizant case demonstrates – yet again – the dangerousness of C-Suite misconduct. Last year, DOJ and the SEC brought several enforcement actions involving C-Suite misconduct (e.g. Panasonic Avionics, former CEO of Sociedad Quimica y Minera de Chile). A company’s risk assessment and internal controls must be tailored to potential risks – a senior executive cannot have exclusive control and authority over funds. Such accounts have to be subject to financial controls and audits in order to mitigate potential risks.
Construction Industry Risks: While obvious, it is worth noting the nature and extent of the risks facing companies in the international construction industry (and domestic as well). India is particularly susceptible to corruption risks given the complex labyrinth of regulatory requirements, permits and other approvals needed to complete construction projects in India. In just the Cognizant case, a total of $3.7 million in bribes were paid for a planning permit, environmental clearance, and construction-related permits involving three significant projects. The construction industry has significant recurring interactions with foreign government authorities relating to regulation and supervision. As a result, companies have to devote significant attention – proactively – to design and implement appropriate monitoring and auditing protections against such risks.
Sub-Agents and Sub-Distributors: Cognizant’s third-party construction company carried out the actual bribery payments by retaining a third-party consultant to pay the Indian government official. Cognizant and the construction company relied on a tried and true methodology – engage a third-party to carry out your dirty work. In recognition of this fact, many third parties are themselves engaging sub-agents and sub-distributors to accomplish indirectly what they could not (or do not want) to do. In 2018, Panasonic Avionics used this strategy to employ sub-distributors of its authorized distributors to carry out bribery schemes knowing that their sub-distributors could never pass its due diligence review system. As anti-corruption controls become more effective in identifying third-party risks, companies have to protect themselves against sub-distributors and sub-agents as a means to avoid compliance controls and engage in bribery.
Fake and False Invoicing: Cognizant’s reimbursement of bribery payments made by its third-party construction company was accomplished by creating and approving false invoices for change order claims. Specifically, the approved change order contained eleven previously-rejected claims that totaled the amount of money needed to reimburse the third-party. The mechanism for securing money for illegal purposes is nothing new – fake and false invoices are a a recurring method for criminal schemes. Most (if not all) of these transactions do not fall within the “materiality” screen and therefore require proactive monitoring, testing and auditing strategies.
To address this issue, companies should examine the procurement to payment process – from onboarding a vendor, executing a contract, monitoring the contract performance, and paying the invoice. In this area, it is critical to identify the functions, training relevant personnel involved in the review (e.g. accounts payable), approval and execution process, and develop effective controls to mitigate risk.
It will be interesting to learn how India’s top cops handle this issue….
Dear Mr. Collin,
What was discovered at Cognizant is only a tip of the iceberg. There are bigger and grave FCPA violations taking place at Cognizant and the Government of India knew about all these for years, whatever SEC did in 2 years would easily take 2 decades in India and the offences would even get buried very often. The acts of bribery has taken place in India, the Indian government has done nothing, I have the copy of the orders made by the Indian Government in 2016 to probe the bribery scam but that order was burried. You will be astonished by the way bribery is widespread in India, even legitimate needs of a common man is met only through bribes, a person who refuses to pay bribes is either harassed or even murdered. The SEC has fooled itself and the entire world that it had convicted Cognizant, there is at least 75% of the bribe undiscovered and not investigated. It is a simply logic and common sense that one cannot survive or do business in India the ethical way. On the compliance program of Cognizant, the officers responsible for compliance are bigger culprits than the offenders, DLA Piper, the law firm that investigated the bribery scam have only revealed jokes in investigation report. I have a good amount of evidences in support of the still prevailing illegal work methods and businesses. Feel free to reach me for more details if needed. Thank you, Sivakumar