According to FCPA tracker data, there are around 100 Foreign Corrupt Practices Act (FCPA) investigations ongoing as of August 2022, with 20 new investigations disclosed since the beginning of 2020. A recent report on FCPA Blog, notes that of these 20 newly-disclosed investigations, three of the companies, or 15%, were involved in prior FCPA enforcement actions.
What accounts for this recidivism in FCPA offenders and how can due diligence investigations protect companies from repeat offenses?
It would seem that going through an investigation by the Department of Justice (DOJ), Security and Exchange Commission (SEC), or other investigative agency, would inspire a company to put its ethical house in order. However, as reported by the FCPA Professor blog in a June 6, 2022 post, “19 companies have resolved FCPA enforcement actions – not once – but twice.” Ten of these instances happened since 2017.
Credit Suisse with a $99 million enforcement action for financial deals in Mozambique in 2021 and in 2018 for hiring practices in China and the Asia Pacific region with a $77 million enforcement action.
Deutsche Bank had enforcement actions in 2021 and 2019 of $123 million and $16.2 million, respectively. The 2021 enforcement focused on the bank’s relationship with third parties in Saudi Arabia, Italy, China, and Abu Dhabi. And in 2019, enforcement concerned employment of foreign government officials’ relatives in Russian and the Asia Pacific Region.
Stryker received enforcement actions in 2018 for conduct in China, India, and Kuwait at $7.8 million after a prior $13.2 million settlement only 5 years prior in 2013 for its conduct in Argentina, Romania, Poland, Greece, and Mexico.
Halliburton resolved a $29.2 million enforcement action with regards to its conduct in Angola in 2017. In 2009 the company had a combined DOJ-SEC $177 million settlement regarding its misconduct in Nigeria.
Tyco reached a $26.8 million enforcement settlement in 2012 with regards to conduct in India, Thailand, China, Bosnia, Indonesia, Poland, Croatia, Slovenia, Slovakia, Servia, Saudi Arabia, Iran, Syria, Libya, the United Arab Emirates, Congo. Madagascar. Niger, Malaysia, Egypt, and Turkey. While, in 2016 it received a $50 million enforcement action for conduct in Brazil, the majority of which was an accounting fraud enforcement, the smaller portion involving FCPA violations.
General Electric reached a $23.3 million settlement in 2010 regarding its conduct in Iraq and in 1992 a $9.5 million settlement for its conduct Israel and related FCPA charges.
Alcatel-Lucent S.A. reached a $137.4 million settlement in 2010 for its actions in Honduras, Taiwan, Malaysia, Costa Rica, Bangladesh, Ecuador, Nigeria, Kenya, Mali, Uganda, Angola, Burkina Faso, and the Ivory Coast. In 2007, the company received a $2.5 million enforcement for its conduct in China.
Baker Hughes in 2007 received a $44 million enforcement action for its actions in Angola, Nigeria, Indonesia, Uzbekistan, Kazakhstan, and Russia, while in 2001 received a cease-and-desist order for its conduct in Brazil, India, and Indonesia.
What to Make of Repeat Offenders
This is a more complicated matter than it seems at first. The FCPA Professor blog notes that “several instances of corporate FCPA repeat offenders involve companies whose first FCPA enforcement action (as well as second) was resolved via an NPA or DPA,” and that while the DOJ has “advanced the policy position that DPAs (and NPAs) ‘have had a truly transformative effect on particular companies and, more generally, on corporate culture across the globe,’” the answer is unclear. The DOJ themselves wrote in its Final Follow-Up to Phase 3 Report and Recommendations:
“Scholars have recognized that quantifying deterrence is extremely difficult. This is equally true for the deterrent effect of DPAs and NPAs. Thus, as discussed at the time this recommendation was made, measuring ‘the impact of NPAs and DPAs in deterring the bribery of foreign public officials’ would be a difficult task, save providing certain anecdotal and other circumstantial evidence.”
Companies that have reached a resolution for prior FCPA enforcement are usually subject to post-enforcement action compliance obligations, but in spite of these strictures, vulnerabilities to future breaches remain.
What Companies Can Do
The best protection for any business is a robust compliance program with a strong due diligence investigation component. Legal and financial due diligence alone will not prevent many of these FCPA violations from occurring. Along with this, making hiring for integrity, starting with C-Suite and executives all the way throughout the company helps ensure that company culture is one of integrity. Executive due diligence will provide critical due diligence information, lifestyle, and behavioral issues that cannot be found by other means. Dealing with “bad actors” once they are inside a company is more difficult than keeping them out to begin with.
The Role of Due Diligence
After an FCPA resolution, companies clean house of those who were central to the misconduct. When issues recur it either means that individuals were missed or came aboard after the fact without sufficient due diligence to check key areas of risk exposure. This can happen through hiring, M&A, or even through other business partnerships. Due diligence investigations evaluate relationships of executives to foreign officials, criminal history, financial and legal issues, civil litigation issues, relationships with other companies and entities, reputation issues, shell company involvement, evidence of fraud, signs of money laundering, financial impropriety, conflicts of interest, drug, alcohol and human trafficking, anti-competitive behaviors and numerous other serious issues. These executive due diligence investigations need to be looked at in relation to the culture and location of the executives and organizations as well. When doing business or operating in a foreign domain, businesses are still liable to adhere to FCPA and other applicable laws and regulations.
Many questions are raised when looking for a cause for recidivists and ways to mitigate repeat behavior, and while there is no silver bullet solution, weeding out “bad actors and rogue players” from your company and partnerships, preventing them from coming aboard to begin with, and enacting a culture of integrity, are a critical foundation for all businesses.