According to FCPA tracker data, there are around 100 Foreign Corrupt Practices Act (FCPA) investigations ongoing as of August 2022, with 20 new investigations disclosed since the beginning of 2020. A recent report on FCPA Blog, notes that of these 20 newly-disclosed investigations, three of the companies, or 15%, were involved in prior FCPA enforcement actions.
What accounts for this recidivism in FCPA offenders and how can due diligence investigations protect companies from repeat offenses?
It would seem that going through an investigation by the Department of Justice (DOJ), Security and Exchange Commission (SEC), or other investigative agency, would inspire a company to put its ethical house in order. However, as reported by the FCPA Professor blog in a June 6, 2022 post, “19 companies have resolved FCPA enforcement actions – not once – but twice.” Ten of these instances happened since 2017.
Tenaris with enforcement actions of $78.1 million in 2021 for conduct in Brazil and an $8.9 million enforcement action in 2011 for conduct in Uzbekistan.
Credit Suisse with a $99 million enforcement action for financial deals in Mozambique in 2021 and in 2018 for hiring practices in China and the Asia Pacific region with a $77 million enforcement action.
Deutsche Bank had enforcement actions in 2021 and 2019 of $123 million and $16.2 million, respectively. The 2021 enforcement focused on the bank’s relationship with third parties in Saudi Arabia, Italy, China, and Abu Dhabi. And in 2019, enforcement concerned employment of foreign government officials’ relatives in Russian and the Asia Pacific Region.
Novartis settled a $347 million enforcement action in 2020 for misconduct in Vietnam, South Korea, and Greece and in 2016 had a $25 million enforcement action over its conduct in China.
Eni in 2020 resolved a $24.5 million enforcement action regarding its conduct in Algeria. While in 2010, the company’s conduct in Nigeria resulted in a $125 million enforcement action.
Technip received a $87 million enforcement action with regards to its conduct in Iraq and Brazil in 2019 and a $340 million enforcement action for its actions in Nigeria in 2010.
Stryker received enforcement actions in 2018 for conduct in China, India, and Kuwait at $7.8 million after a prior $13.2 million settlement only 5 years prior in 2013 for its conduct in Argentina, Romania, Poland, Greece, and Mexico.
Halliburton resolved a $29.2 million enforcement action with regards to its conduct in Angola in 2017. In 2009 the company had a combined DOJ-SEC $177 million settlement regarding its misconduct in Nigeria.
Biomet in 2017 settled a $30.4 million enforcement action regarding company conduct in Mexico and Brazil, and in 2012 a $22.8 million enforcement for conduct in Argentina, China, and again Brazil.
Orthofix resolved a $6 million enforcement action for conduct in Brazil in 2017 and in 2012, five years prior, a $7.4 million enforcement for its conduct in Mexico.
Goodyear had some bad years as in 2015 it reached a $16 million settlement concerning its conduct in Angola and Kenya and in 1989, it resolved an enforcement action with regards to conduct in Iraq.
Marubeni in 2014 resolved a $88 million enforcement action concerning its conduct in Indonesia and only two years before a $55 million enforcement action with regards to its conduct in Nigeria.
Tyco reached a $26.8 million enforcement settlement in 2012 with regards to conduct in India, Thailand, China, Bosnia, Indonesia, Poland, Croatia, Slovenia, Slovakia, Servia, Saudi Arabia, Iran, Syria, Libya, the United Arab Emirates, Congo. Madagascar. Niger, Malaysia, Egypt, and Turkey. While, in 2016 it received a $50 million enforcement action for conduct in Brazil, the majority of which was an accounting fraud enforcement, the smaller portion involving FCPA violations.
IMB in 2011 settled a $10 million enforcement for conduct in China and South Korea and had a cease-and-desist order imposed in 2000 concerning conduct in Argentina.
General Electric reached a $23.3 million settlement in 2010 regarding its conduct in Iraq and in 1992 a $9.5 million settlement for its conduct Israel and related FCPA charges.
ABB in 2010 settled for $58.3 million for conduct in Iraq and Mexico and in 2004 reached a $16.4 million settlement for its actions in Angola, Kazakhstan, and Nigeria.
Alcatel-Lucent S.A. reached a $137.4 million settlement in 2010 for its actions in Honduras, Taiwan, Malaysia, Costa Rica, Bangladesh, Ecuador, Nigeria, Kenya, Mali, Uganda, Angola, Burkina Faso, and the Ivory Coast. In 2007, the company received a $2.5 million enforcement for its conduct in China.
Aibel Group Ltd./Vetco Gray Ltd. UK settled in 2008 for $4.2 million regarding conduct in Nigeria and in 2007 for $26 million for its actions in the same country.
Baker Hughes in 2007 received a $44 million enforcement action for its actions in Angola, Nigeria, Indonesia, Uzbekistan, Kazakhstan, and Russia, while in 2001 received a cease-and-desist order for its conduct in Brazil, India, and Indonesia.
What to Make of Repeat Offenders
This is a more complicated matter than it seems at first. The FCPA Professor blog notes that “several instances of corporate FCPA repeat offenders involve companies whose first FCPA enforcement action (as well as second) was resolved via an NPA or DPA,” and that while the DOJ has “advanced the policy position that DPAs (and NPAs) ‘have had a truly transformative effect on particular companies and, more generally, on corporate culture across the globe,’” the answer is unclear. The DOJ themselves wrote in its Final Follow-Up to Phase 3 Report and Recommendations:
“Scholars have recognized that quantifying deterrence is extremely difficult. This is equally true for the deterrent effect of DPAs and NPAs. Thus, as discussed at the time this recommendation was made, measuring ‘the impact of NPAs and DPAs in deterring the bribery of foreign public officials’ would be a difficult task, save providing certain anecdotal and other circumstantial evidence.”
Companies that have reached a resolution for prior FCPA enforcement are usually subject to post-enforcement action compliance obligations, but in spite of these strictures, vulnerabilities to future breaches remain.
What Companies Can Do
The best protection for any business is a robust compliance program with a strong due diligence investigation component. Legal and financial due diligence alone will not prevent many of these FCPA violations from occurring. Along with this, making hiring for integrity, starting with C-Suite and executives all the way throughout the company helps ensure that company culture is one of integrity. Executive due diligence will provide critical due diligence information, lifestyle, and behavioral issues that cannot be found by other means. Dealing with “bad actors” once they are inside a company is more difficult than keeping them out to begin with.
The Role of Due Diligence
After an FCPA resolution, companies clean house of those who were central to the misconduct. When issues recur it either means that individuals were missed or came aboard after the fact without sufficient due diligence to check key areas of risk exposure. This can happen through hiring, M&A, or even through other business partnerships. Due diligence investigations evaluate relationships of executives to foreign officials, criminal history, financial and legal issues, civil litigation issues, relationships with other companies and entities, reputation issues, shell company involvement, evidence of fraud, signs of money laundering, financial impropriety, conflicts of interest, drug, alcohol and human trafficking, anti-competitive behaviors and numerous other serious issues. These executive due diligence investigations need to be looked at in relation to the culture and location of the executives and organizations as well. When doing business or operating in a foreign domain, businesses are still liable to adhere to FCPA and other applicable laws and regulations.
Many questions are raised when looking for a cause for recidivists and ways to mitigate repeat behavior, and while there is no silver bullet solution, weeding out “bad actors and rogue players” from your company and partnerships, preventing them from coming aboard to begin with, and enacting a culture of integrity, are a critical foundation for all businesses.