Subscribe to our FinCrimes Update for news about the Foreign Corrupt Practices Act and related prosecutions and enforcement actions.
On April 30, 2019, the Department of Justice Criminal Division released updated guidance on the Evaluation of Corporate Compliance Programs (the “Guidance”). The Guidance sets forth the non-binding factors that DOJ prosecutors utilize to evaluate a company’s compliance program and consequently determine the “(1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligation.” The Guidance is, therefore, significant to companies seeking to understand what the DOJ considers to be best practices for compliance programs, as well as to mitigate against criminal penalties resulting from potential wrongdoing.
The Guidance builds upon a prior version released in February 2017 and does not indicate any major policy changes. Instead, this update provides further explanation of the factors DOJ uses to evaluate companies’ compliance programs and contextualize those factors within the enforcement framework of the Justice Manual and Sentencing Guidelines.
* * *
Click here to read the full special alert.
If you have questions about the DOJ’s new guidance or other related issues, please visit our White Collar practice page or contact a Buckley attorney with whom you have worked in the past.
The DOJ’s Fraud Section recently published an “Evaluation of Corporate Compliance Programs.” The guidelines were released on February 8 without a formal announcement. Their stated purpose is to provide a list of “some important topics and sample questions that the Fraud Section has frequently found relevant in evaluating a corporate compliance program.” The guidelines are divided into 11 broad topics that include dozens of questions. The topics are:
- Analysis and Remediation of Underlying Conduct
- Senior and Middle Management
- Autonomy and Resources
- Policies and Procedures
- Risk Assessment
- Training and Communications
- Confidential Reporting and Investigation
- Incentives and Disciplinary Measures
- Continuous Improvement, Periodic Testing and Review
- Third Party Management
- Mergers & Acquisitions
According to the Fraud Section, many of the topics also appear in, among other sources, the United States Attorney’s Manual, United States Sentencing Guidelines, and FCPA Resource Guide published in November 2012 by the DOJ and SEC. While the content of the guidelines is not particularly groundbreaking, it is nonetheless noteworthy as the first formal guidance issued by the Fraud Section under the Trump administration and new Attorney General Jeff Sessions. By consolidating in one source and making transparent at least some of the factors that the Fraud Section considers when weighing the adequacy of a compliance program, the guidelines are a useful tool for companies and their compliance officers to understand how the Fraud Section and others at the DOJ may proceed in the coming months and years.
However, while the guidelines may give some indication of what the DOJ views as a best practices compliance program, they caution that the Fraud Section “does not use any rigid formula to assess the effectiveness of corporate compliance programs,” recognizes that “each company’s risk profile and solutions to reduce its risks warrant particularized evaluation,” and makes “an individualized determination in each case.”
Former CEO of Chinese Subsidiary Acquired by Harris Corp. Settles FCPA Offenses Following Proactive Investigation and Disclosure of Conduct by Acquiring Company
On September 13, Jun Ping Zhang (Ping), the former Chairman and CEO of a subsidiary of Harris Corporation, a Florida-based provider of information technology services to government and commercial markets, agreed to pay a civil penalty of $46,000 to settle the SEC’s allegations that Ping violated the anti-bribery, books and records, and internal controls provisions of the FCPA. The matter was resolved by an administrative cease and desist order and Ping did not admit or deny the SEC’s findings.
The allegations relate to actions taken in 2011 and 2012 by Ping, a U.S. resident and citizen, and various unnamed sales staff of Harris Corp.’s wholly-owned subsidiary, Hunan CareFx Information Technology, LLC (CareFx China). Ping and the sales staff were alleged to have provided illegal gifts to Chinese government officials to obtain and retain business with various state-owned hospitals and regional Departments of Health. The settlement did not allege personal enrichment and contained no order of disgorgement.
The investigation giving rise to the allegations was spawned in fall 2012 when Harris Corp., notified the SEC and DOJ that it had identified potential violations of the FCPA during a post-acquisition audit of CareFx Corporation, which it had acquired in April 2011. With the assistance of outside counsel, Harris Corp. conducted an internal investigation into the conduct of CareFx China, a Chinese legal entity and wholly-owned subsidiary of CareFx, which began selling electronic medical records software to state-owned hospitals and regional Departments of Health in late 2009. The allegations contained within the administrative order depict an ongoing scheme in which CareFx China sales staff under Ping’s management and with his knowledge submitted bogus expenses for cash reimbursement and then used that cash to pay for improper gifts to government officials for the purposes of influencing their decisions to purchase CareFx China’s products and services.
According to the SEC, from April 2011 to April 2012, Ping “directly authorized or indirectly allowed between $200,000 and $1,000,000 in improper gifts to government officials,” after which CareFx China was awarded over $9,600,000 in contracts with state-owned entities. As CareFx China’s books and records were consolidated into Harris Corp.’s financial statements following the CareFx acquisition in April 2011, Ping, who had responsibility for reviewing CareFx China’s monthly expense report summaries, knew that the improperly recorded expenses and illegal activity would not be properly disclosed to Harris Corp., nor were they disclosed in the pre-acquisition due diligence.
According to a September 4, 2012 Wall Street Journal blog post, Harris Corp., concurrent with its internal investigation and timely self-disclosure in 2012, took remedial actions in relation to CareFx China, including making changes to internal control procedures, ending its gift-giving practice, providing additional compliance training, and terminating certain employees. Shortly thereafter, according to the SEC order, Harris Corp. sold all of CareFx China’s “outward facing operations” and, in mid-2015, Harris Corp. terminated all employees in CareFx China and no longer maintains China-based business operations.
As the books closed on FCPA enforcement for 2011, one final enforcement action came through the door: On December 29th, Magyar Telekom Plc. and Deutsche Telecom AG resolved an FCPA enforcement matter for a combined monetary sanction exceeding $95 million. The settlement offers important compliance benchmarks and should provide a useful starting point for anti-corruption counsel planning a risk assessment and/or compliance testing for 2012.
The Deutsche Telecom and Magyar Telekom Action
The two companies resolved the FCPA enforcement matter, which had been disclosed in 2009, in an arrangement involving an Information and a Deferred Prosecution Agreement filed against Magyar Telekom, a Non-Prosecution Agreement for Deutsche Telekom, and an SEC Complaint against both Deutsche Telecom and Magyar Telekom. The conduct in question involved payments through third parties to officials Macedonia and Montenegro.
At the same time the settled action was filed, the SEC charged three former Magyar Telekom executives with violations of the FCPA. None of the individuals is a US citizen. According to the Complaint, the basis for jurisdiction over these individuals rests on their prior status as officers, directors, employees or agents of Magyar Telekom, which was at the time an “issuer” with American Depository Receipts listed on the New York Stock Exchange, and the allegation that email messages in furtherance of the bribe scheme “were sent from locations outside the United States, but were routed through and/or stored on network servers located within the United States.”
Compliance Lessons: Anti-Corruption Program Elements Clearly Set Forth
The Magyar Telekom Deferred Prosecution Agreement contains a section articulating the minimum elements of a Corporate Compliance Program, a common feature of Deferred Prosecution Agreements. These elements describe the company’s compliance obligations in detail and are tailored to corruption-specific risks.
For compliance counsel, the elements described in the Corporate Compliance Program section (transcribed here in table/checklist format) may provide a very helpful tool for planning a program review. Counsel looking for a source to determine whether the elements of a company’s compliance program are up-to-date with the DOJ’s latest settlement can use the linked list as a starting point for a review, which can then be tailored to the specifics of geographical, business model and other risk factors.
- Brandy A. Hood to discuss "Lender town hall: Private flood rules and hot topics" at the National Flood Conference
- Buckley Webcast: Trends in e-discovery technology and case law
- Brandy A. Hood to discuss "What the flood? Don’t get washed away by a flood of changes" at the American Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Mitigating the risks of banking high risk customers" at the American Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano, Kari K. Hall, Brandy A. Hood, and H Joshua Kotin to discuss "Regulations that matter in a deregulatory environment" at the American Bankers Association Regulatory Compliance Conference Power Hour
- Buckley Webcast: Data breach litigation and biometric legislation
- Daniel P. Stipano to discuss "A first anniversary: Assessing the CDD final rule’s first year" at a ACAMS webinar
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Christopher M. Witeck and Moorari K. Shah to discuss "The latest in vendor management regulations" at a Mortgage Bankers Association webinar
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Douglas F. Gansler to discuss "Role of state AGs in consumer protection" at a George Mason University Law & Economics Center symposium