million are eligible for an award. This award may be 10 to 30 percent of the total monetary
sanctions.2
The SEC proposed rules for implementation of the whistleblower provision in November 2010
and opened up a comment period. They received more than 240 comment letters and
approximately 1300 form letters during the review period. The whistleblower provision elicited
several complaints from the business and legal sector that such incentives will undermine
reporting by whistleblowers to a company’s internal channels. Several of the comment letters
suggested that the SEC should require a whistleblower to report the violation internally to
receive the award.
The final rules were approved by the SEC on May 25, 2011 and became effective on August 12,
2011.3 While the whistleblower is still not required to report violations internally to receive the
monetary award, the SEC final rules attempt to incentivize such internal reporting. For example,
if the whistleblower reports the violation to internal controls and the company informs the SEC,
the individual is still eligible for the award. The whistleblower has 120 days from reporting
internally to the company to report to the SEC and still be treated as if the whistleblower
reported at the earlier time, an increase from 90 days in the proposed rules. Finally, if a
whistleblower does participate in the internal compliance program, the amount of the award may
increase, and if the individual interferes, the amount of the award may decrease.4
Foreign Corrupt Practices Act (FCPA) Implications
While the whistleblower incentives apply to any violations of U.S. securities laws, the possibility
of prosecutions under the Foreign Corrupt Practices Act has generated excitement because of the
significant penalties in FCPA cases. Companies settling FCPA-related charges in 2011 paid
$508.6 million in penalties.5 Notable previous penalties include $800 million for Siemens AG in
2008 and $579 million for KBR/Halliburton in 2009.
Top 10 FCPA Settlements
1. Siemens (Germany, 2008): $800 million
2. KBR/Halliburton (USA, 2009): $579 million
3. BAE (UK, 2010): $400 million
2 “Whistleblower Program.” U.S. Securities and Exchange Commission. <http://www.sec.gov/spotlight/dodd-
frank/whistleblower.shtml>; “Implementation of the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934.” 17 CFR Parts 240 and 249. U.S. Securities and Exchange Commission. <http://www.sec.gov/rules/final/2011/34-64545.pdf> 3 “Implementation of the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934.” 17 CFR
Parts 240 and 249. U.S. Securities and Exchange Commission. <http://www.sec.gov/rules/final/2011/34-64545.pdf 4 “SEC Adopts Rules to Establish Whistleblower Program.” U.S. Securities and Exchange Commission. 25 May 2011.
4. Snamprogetti Netherlands B.V./ENI S.p.A (Holland/Italy, 2010): $365 million
5. Technip S.A. (France, 2010): $338 million
6. JGC Corporation (Japan, 2011): $218.8 million
7. Daimler AG (Germany, 2010): $185 million
8. Alcatel-Lucent (France, 2010): $137 million
9. Magyar Telekom/Deutsche Telekom (Hungary/Germany, 2011): $95 million
10. Panalpina (Switzerland, 2010): $81.8 million
Enforcement against individuals has also increased. In 2011, the former president of Terra
Telecommunications Corp. Joel Esquenazi received the longest prison sentence ever for FCPA
violations, a sentence of 15 years in prison for scheming to bribe Haitian officials.6
Additionally, Jeffrey Tesler, a U.K. citizen, would make the Top Ten list of settlements (at
number 8) if it included individuals, as his forfeiture amounts to $149 million.7
10 to 30 percent of some of these settlements amounts are clearly a significant financial incentive
for whistleblowers.
In November of 2011, the SEC submitted its first report on the Whistleblower Program to
Congress, covering the period from August 12 to September 30, 2011. During that time, the
SEC received a total of 13 tips related to potential FCPA violations. Additionally, 32 tips were
received from foreign citizens, though the SEC did not specify the nature of these tips or whether
they were related to FCPA 8 It may be too early to understand the full implications of the
program, but the Chief of the Office of the Whistleblower, Sean McKessey, has publicly stated
on many occasions9 that the quality of the tips received by the SEC has improved.
Furthermore, under U.S. Federal Sentencing Guidelines10
, companies are eligible for reduced
penalties if they have implemented a compliance program or if they have self-reported an FCPA
6 “Executive Sentenced to 15 Years in Prison for Scheme to Bribe Officials at State-Owned Telecommunications
Company in Haiti.” Department of Justice. 25 October 2011. http://www.justice.gov/opa/pr/2011/October/11-crm-1407.html. 7 “Former Chairman and CEO of Kellogg, Brown & Root Inc. Sentenced to 30 Months in Prison for Foreign Bribery
and Kickback Schemes.” Department of Justice. 23 February 2012. http://www.stopfraud.gov/opa/pr/2012/February/12-crm-249.html. 8 “Annual Report on the Dodd-Frank Whistleblower Program, Fiscal Year 2011.” U.S. Securities and Exchange
Commission. http://www.sec.gov/about/offices/owb/whistleblower-annual-report-2011.pdf 9 “Insights from the Chiefs of the SEC and CFTC Whistleblowers Offices.” Interview by Bruce Carton with Sean
McKessy and Vincente Martinez. Securities Docket. 14 Mar. 2012. Webinar.; Michael Smallberg. “Checking In with the Heads of the New SEC and CFTC Whistleblower Offices.” Project on Government Oversight. 15 Mar. 2012. <http://pogoblog.typepad.com/pogo/2012/03/checking-in-with-the-heads-of-the-new-sec-and-cftc-whistleblower-offices.html>. 10 Chapter Eight – Sentencing of Organizations.” U.S. Sentencing Commission
What sort of exposure to government officials does the company have?
Does the company use sales agents, distributors and do they have standard contracts with
them?
Where are the company’s manufacturing locations?
Who does the company sell to? Does it sell to the government and state owned
enterprises?
What is the company’s compliance structure?
In terms of the business unit:
1. What is the size of the business and the nature of the business?
2. What are the total sales? The sales to government and state owned enterprises?
3. Does the business unit use sales agents and distributors? If yes, do they have standard
contracts with anti-corruption clauses in them?
4. What are the sales through agents and distributors?
5. Is this a joint venture? If yes, does the company have minority or majority interest?
6. Is this a manufacturing location?
7. Do they require licenses and permits?
8. What are points of interaction with the government?
9. Have any control deficiencies been identified in that business unit in the past?
A company should use the results of the risk assessment to help improve the anti-corruption
program elements or to help improve the implementation of the program.
6. Implementing Anti-Corruption Controls
Having strong controls is a good defense against corruption. Management should specifically
focus on increasing financial controls in high-risk countries and for high-risk areas, which have a
significant risk of improper payments or bribes. Control activities include methods such as
approvals, authorizations, verifications, reconciliations, and segregation of duties.
In order to understand the importance of implementing controls, it is necessary to know some
common ways of paying bribes:
1. Using cash/petty cash
2. Gifts or expensive meals for government officials
3. Paying bribes through agents and other intermediaries
4. Paying for expensive trips for government officials to visit resorts under the guise of
training, visiting headquarters, or participating in product demonstration
5. Giving money to charities whose boards include government officials in order to
influence decision making
9
Given these ways of paying bribes, companies should increase controls around bank accounts,
petty cash, approvals and payments to vendors, and high-risk transactions.
Petty cash in particular is generally used to pay small bribes. There should be controls restricting
the use of petty cash such as additional documentation requirements and a stringent review
process for reimbursement. In cases where there is a custom of entertaining government
officials, additional controls and reviews of travel and entertainment accounts should be
undertaken.
Controllers and account payable personnel should be trained to recognize red flags or false
documentations that may indicate bribe payments.
Finally, controls should be audited regularly to ensure they continue to be effective.
It is also worthwhile to note that controls that may be adequate for Sarbanes-Oxley purposes may
not be adequate as corruption controls, since there is not materiality standard for improper
payments. Even small bribes can cause a books and records violation. For instance, in 2010 the
SEC ordered Veraz Networks to pay $300,000 to settle charges of improper payments worth
$40,000 that violated the books and records and internal controls provisions of FCPA, and Veraz
Networks spent an additional $2.5 million to investigate and handle the violation.16
7. Third-party Due Diligence
Due diligence must also extend to third parties and intermediaries of the company. In 2011,
every FCPA enforcement action found that third parties of the companies in question paid
bribes. The FCPA prohibits corrupt payments through intermediaries. It is unlawful to make a
payment to a third party, while knowing that all or a portion of the payment will go directly or
indirectly to a foreign official. The term "knowing" includes conscious disregard and deliberate
ignorance17
In a December 2011 webcast, Deloitte asked more than 1,200 financial services,
consumer and industrial products, technology and other industry professionals to respond to a
poll asking how many partners their company had and on how many of them due diligence was
conducted. The results were surprising: only 13.4% of companies perform due diligence and risk
assessment on 76-100% of third-party business partners. Close to one quarter perform due
diligence on only up to 25% of third parties, and 5% of respondents perform no due diligence at
all. Over 30% of these respondents cited “cost of implementation”18
as the greatest challenge to
16
“Veraz Settles With SEC.” http://www.fcpablog.com/blog/2010/6/29/veraz-settles-with-sec.html; “SEC Charges California Telecommunications Company with FCPA Violations.” Securities and Exchange Commission. 29 June 2010. http://www.sec.gov/news/press/2010/2010-115.htm. 17
“Foreign Corruption Practices Act: Layperson’s Guide.” Department of Justice. http://www.justice.gov/criminal/fraud/fcpa/docs/lay-persons-guide.pdf. 18
Third-Party Business Relationship: Emerging Issues and Regulatory Risks – Dbriefs Poll Responses.” Deloitte Development LLC. 14 Dec. 2011. <http://www.deloitte.com/view/en_US/us/Services/Financial-Advisory-Services/018ccb5ae0b26310VgnVCM1000001956f00aRCRD.htm>.
creating a due diligence program, but with the sky-rocketing settlement amounts of FCPA cases,
the potential savings stemming from implementing a compliance program far outweigh costs to
settle a bribery case.
Organizations are at risk of FCPA violations if it can be proven they had either knowledge of
violations or if they did not adequately implement an anti-bribery due diligence program. Hence
CEOs and executives should take note. However, companies that illustrate efforts to combat
bribery through appropriate third-party due diligence programs may be entitled to “credit”
according to the U.S. Federal Sentencing Guidelines if in the future their business partner paid a
bribe despite the company’s diligence.
Third-party due diligence programs should be based on risk assessment. Through risk
assessments, companies can create risk profiles for third parties that will guide due diligence
procedures. Companies should also create a due diligence program that can be implemented
across the entire organization. The program should be coordinated centrally and embedded in
corporate practices, with adequate communication to the entire organization, appropriate
funding, and thorough documentation.
Companies should thoroughly investigate third-party business partners, including reviewing
matters such as:
The third party’s overall reputation
Reputation with the U.S. Embassy in that country
Reputation with local and US business associates
Ties to politically-exposed persons (“PEPs”) or state-owned enterprises (“SEOs”)
Qualifications for performing the task for the company and the necessity of using a third
party
Compensation being paid to the third party, whether such compensation is commensurate
to services provided and market rates, and terms of payment
Composition of their clientele and key relationships
Composition of shareholders
Existing adherence to an anti-corruption/anti-bribery policy, or agreement to follow the
company’s own policy, and training to establish this policy
Enforcement of anti-bribery policies
Cooperation in due diligence investigations
Red flags that companies should be aware of include:
Recommendations to use the third party by government officials
11
Unusual payment patterns, particularly requests to wire directly to the Bank account of an
individual or to bank accounts located abroad
History of violations or bribery by the third party, particularly history of sanctions or
debarments by national government agencies, such as national public procurement
agencies, transparency or anti-corruption agencies, consumer protection agencies,
agencies regulating securities trading and the stock market, as well as international
financial institutions, when applicable. These databases are normally publicly available,
internet accessible and easily searchable.
Existence of legal cases in national courts’ public records
High commissions to agents in excess of market rates
Lack of transparency in expenses and accounting
Companies must also make commitment to the corporate code of conduct and the right to audit
anti-bribery programs part of their requirements for third parties. Companies have a right to
expect third parties to provide full information to determine the risk profile. Furthermore, all
third party contracts should be centrally located and should contain the appropriate warranties
and representations. Many companies have also started claiming audit rights. If companies take
adequate steps and monitor third parties regularly, they will be able to uncover red flags sooner
and take appropriate action.
7a. Due Diligence Procedures for Mergers and Acquisitions
Inadequate due diligence of an acquisition target can be costly. The Department of Justice and
the SEC have made it clear in their enforcement actions that U.S. acquirers will be liable for
successor liability, meaning U.S. acquirers may be criminally liable for the acquired company’s
pre-acquisition bribery, especially if the conduct continued post-acquisition. For example, in
2009, Halliburton paid civil and criminal fines of $579 million, after a former subsidiary, was
found to have paid bribes before and after Halliburton acquired it in 1998.
The acquiring company may be liable for not only the legal consequences, but may also suffer
reputational damage.
Furthermore, corruption charges can erode the value an investment, resulting in companies
overpaying for their acquisitions. After eLandia International Inc paid $2 million for a pre-
acquisition FCPA violation from its purchase Latin Node Inc., it said its purchase price ended up
being $20.6 million over fair value, given the cost of the FCPA investigation, the fines and loss
of business.19
The company ended up writing off the entire investment.
19
“Latin Node Inc., Pleads Guilty to Foreign Corrupt Practices Act Violation and Agrees to Pay $2 Million Criminal Fine.” Office of Public Affairs. Department of Justice. 7 Apr. 2009. <http://www.justice.gov/opa/pr/2009/April/09-crm-318.html>; “Form 10-Q/A: Quarterly Report Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 For the Quarterly Period Ended June 30, 2007: eLandia International Inc.” U.S. Securities and Exchange Commission. <http://apps.shareholder.com/sec/viewerContent.aspx?companyid=ELAN&docid=6102545>
Therefore, companies should consider performing robust pre-acquisition due diligence to help
prevent such liability and reputational issues.
Any potential problems raised by these questions should be addressed, indemnified and, if
necessary, self-reported before the transaction is completed. However, if problems do not
emerge until after the deal closes, self-reporting, combined with a remediation plan, can still
mitigate potential enforcement penalties.
Issues to consider for the pre-acquisition due diligence:
Does the target company operate in a country or industry with high corruption risk? Does the
target company sell to a foreign government?
Is the target company owned or controlled by the Government or by PEPs or their relatives?
Does the target require any foreign government-issued licenses or permits?
Does the target itself have any previous history of bribes or anti-corruption law violations?
What is the state of the target company’s anti-corruption program, training, and internal
controls?
Does the target monitor its program for effectiveness? Is there any documentation of this?
For all mergers, companies must have specific anti-corruption due diligence procedures in place.
Such procedures should include:
Document reviews related to the target company’s anti-corruption compliance program
Transaction testing of compliance sensitive accounts and high risk corruption transactions.
Evaluating a target’s management team for corruption risks if they are going to remain in
place after the acquisition
Incorporating anti-corruption compliance provisions in the agreements
Having a plan to integrate the acquired company
In some cases discovery of FCPA violations can put a stop to merger discussions. A good
example of this is the case of Titan Corp. In 2003, Lockheed Martin entered into merger
discussions with Titan. As a result of their due diligence, Lockheed found potential violations of
FCPA by Titan, though Titan stated in its merger agreement that it had not violated FCPA
provisions, to its knowledge. Because of Titan’s failure to reach a settlement, Lockheed Martin
terminated the merger agreement in 2004. Titan was purchased by L-3 Communications the
following year.
In 2005, the SEC charged Titan with violating anti-bribery, internal controls and books and
records provisions of the FCPA after it paid more than $3.5 million to an agent in Benin between
1999 and 2001. According to the SEC, Titan failed to conduct “meaningful due diligence into the
background of its agent either before his retention or thereafter.”20
The company agreed to pay
20
“Civil Action No. 05-0411 (JR).” Securities and Exchange Commission v. The Titan Corporation. 1 March 2005. <http://www.sec.gov/litigation/complaints/comp19107.pdf>.
