Subscribe to our FinCrimes Update for news about the Foreign Corrupt Practices Act and related prosecutions and enforcement actions.
On April 30, 2019, the Department of Justice Criminal Division released updated guidance on the Evaluation of Corporate Compliance Programs (the “Guidance”). The Guidance sets forth the non-binding factors that DOJ prosecutors utilize to evaluate a company’s compliance program and consequently determine the “(1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligation.” The Guidance is, therefore, significant to companies seeking to understand what the DOJ considers to be best practices for compliance programs, as well as to mitigate against criminal penalties resulting from potential wrongdoing.
The Guidance builds upon a prior version released in February 2017 and does not indicate any major policy changes. Instead, this update provides further explanation of the factors DOJ uses to evaluate companies’ compliance programs and contextualize those factors within the enforcement framework of the Justice Manual and Sentencing Guidelines.
* * *
Click here to read the full special alert.
If you have questions about the DOJ’s new guidance or other related issues, please visit our White Collar practice page or contact a Buckley attorney with whom you have worked in the past.
The DOJ’s Fraud Section recently published an “Evaluation of Corporate Compliance Programs.” The guidelines were released on February 8 without a formal announcement. Their stated purpose is to provide a list of “some important topics and sample questions that the Fraud Section has frequently found relevant in evaluating a corporate compliance program.” The guidelines are divided into 11 broad topics that include dozens of questions. The topics are:
- Analysis and Remediation of Underlying Conduct
- Senior and Middle Management
- Autonomy and Resources
- Policies and Procedures
- Risk Assessment
- Training and Communications
- Confidential Reporting and Investigation
- Incentives and Disciplinary Measures
- Continuous Improvement, Periodic Testing and Review
- Third Party Management
- Mergers & Acquisitions
According to the Fraud Section, many of the topics also appear in, among other sources, the United States Attorney’s Manual, United States Sentencing Guidelines, and FCPA Resource Guide published in November 2012 by the DOJ and SEC. While the content of the guidelines is not particularly groundbreaking, it is nonetheless noteworthy as the first formal guidance issued by the Fraud Section under the Trump administration and new Attorney General Jeff Sessions. By consolidating in one source and making transparent at least some of the factors that the Fraud Section considers when weighing the adequacy of a compliance program, the guidelines are a useful tool for companies and their compliance officers to understand how the Fraud Section and others at the DOJ may proceed in the coming months and years.
However, while the guidelines may give some indication of what the DOJ views as a best practices compliance program, they caution that the Fraud Section “does not use any rigid formula to assess the effectiveness of corporate compliance programs,” recognizes that “each company’s risk profile and solutions to reduce its risks warrant particularized evaluation,” and makes “an individualized determination in each case.”
Former CEO of Chinese Subsidiary Acquired by Harris Corp. Settles FCPA Offenses Following Proactive Investigation and Disclosure of Conduct by Acquiring Company
On September 13, Jun Ping Zhang (Ping), the former Chairman and CEO of a subsidiary of Harris Corporation, a Florida-based provider of information technology services to government and commercial markets, agreed to pay a civil penalty of $46,000 to settle the SEC’s allegations that Ping violated the anti-bribery, books and records, and internal controls provisions of the FCPA. The matter was resolved by an administrative cease and desist order and Ping did not admit or deny the SEC’s findings.
The allegations relate to actions taken in 2011 and 2012 by Ping, a U.S. resident and citizen, and various unnamed sales staff of Harris Corp.’s wholly-owned subsidiary, Hunan CareFx Information Technology, LLC (CareFx China). Ping and the sales staff were alleged to have provided illegal gifts to Chinese government officials to obtain and retain business with various state-owned hospitals and regional Departments of Health. The settlement did not allege personal enrichment and contained no order of disgorgement.
The investigation giving rise to the allegations was spawned in fall 2012 when Harris Corp., notified the SEC and DOJ that it had identified potential violations of the FCPA during a post-acquisition audit of CareFx Corporation, which it had acquired in April 2011. With the assistance of outside counsel, Harris Corp. conducted an internal investigation into the conduct of CareFx China, a Chinese legal entity and wholly-owned subsidiary of CareFx, which began selling electronic medical records software to state-owned hospitals and regional Departments of Health in late 2009. The allegations contained within the administrative order depict an ongoing scheme in which CareFx China sales staff under Ping’s management and with his knowledge submitted bogus expenses for cash reimbursement and then used that cash to pay for improper gifts to government officials for the purposes of influencing their decisions to purchase CareFx China’s products and services.
According to the SEC, from April 2011 to April 2012, Ping “directly authorized or indirectly allowed between $200,000 and $1,000,000 in improper gifts to government officials,” after which CareFx China was awarded over $9,600,000 in contracts with state-owned entities. As CareFx China’s books and records were consolidated into Harris Corp.’s financial statements following the CareFx acquisition in April 2011, Ping, who had responsibility for reviewing CareFx China’s monthly expense report summaries, knew that the improperly recorded expenses and illegal activity would not be properly disclosed to Harris Corp., nor were they disclosed in the pre-acquisition due diligence.
According to a September 4, 2012 Wall Street Journal blog post, Harris Corp., concurrent with its internal investigation and timely self-disclosure in 2012, took remedial actions in relation to CareFx China, including making changes to internal control procedures, ending its gift-giving practice, providing additional compliance training, and terminating certain employees. Shortly thereafter, according to the SEC order, Harris Corp. sold all of CareFx China’s “outward facing operations” and, in mid-2015, Harris Corp. terminated all employees in CareFx China and no longer maintains China-based business operations.
As the books closed on FCPA enforcement for 2011, one final enforcement action came through the door: On December 29th, Magyar Telekom Plc. and Deutsche Telecom AG resolved an FCPA enforcement matter for a combined monetary sanction exceeding $95 million. The settlement offers important compliance benchmarks and should provide a useful starting point for anti-corruption counsel planning a risk assessment and/or compliance testing for 2012.
The Deutsche Telecom and Magyar Telekom Action
The two companies resolved the FCPA enforcement matter, which had been disclosed in 2009, in an arrangement involving an Information and a Deferred Prosecution Agreement filed against Magyar Telekom, a Non-Prosecution Agreement for Deutsche Telekom, and an SEC Complaint against both Deutsche Telecom and Magyar Telekom. The conduct in question involved payments through third parties to officials Macedonia and Montenegro.
At the same time the settled action was filed, the SEC charged three former Magyar Telekom executives with violations of the FCPA. None of the individuals is a US citizen. According to the Complaint, the basis for jurisdiction over these individuals rests on their prior status as officers, directors, employees or agents of Magyar Telekom, which was at the time an “issuer” with American Depository Receipts listed on the New York Stock Exchange, and the allegation that email messages in furtherance of the bribe scheme “were sent from locations outside the United States, but were routed through and/or stored on network servers located within the United States.”
Compliance Lessons: Anti-Corruption Program Elements Clearly Set Forth
The Magyar Telekom Deferred Prosecution Agreement contains a section articulating the minimum elements of a Corporate Compliance Program, a common feature of Deferred Prosecution Agreements. These elements describe the company’s compliance obligations in detail and are tailored to corruption-specific risks.
For compliance counsel, the elements described in the Corporate Compliance Program section (transcribed here in table/checklist format) may provide a very helpful tool for planning a program review. Counsel looking for a source to determine whether the elements of a company’s compliance program are up-to-date with the DOJ’s latest settlement can use the linked list as a starting point for a review, which can then be tailored to the specifics of geographical, business model and other risk factors.
- Kathryn L. Ryan to discuss "Industry open forum session on NMLS usage" at the NMLS Annual Conference & Training
- Tim Lange to discuss "State legislative update - MSBs and consumer finance" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to discuss "Regulating innovative consumer lending products" at the NMLS Annual Conference & Training
- Daniel P. Stipano to moderate "Washington update" at the Puerto Rican Symposium of Anti Money Laundering
- Melissa Klimkiewicz to discuss "Private flood insurance updates" at the Mortgage Bankers Association Servicing Solutions Conference & Expo
- Jonice Gray Tucker and H Joshua Kotin to discuss regulatory compliance issues in the fintech industry at Protiviti's Risk & Compliance Innovation Roundtable
- APPROVED Checkpoint Webcast: CFL overview
- Amanda R. Lawrence and Sherry-Maria Safchuk to discuss "California privacy rule" on an NAFCU webinar
- Sasha Leonhardt to discuss "MLA & SCRA" on a NAFCU webinar
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS International AML & Financial Crime Conference
- John P. Kromer to discuss "Navigating the multi-state fintech regulatory regime" at the American Conference Institute Legal, Regulatory and Compliance Forum on Fintech & Emerging Payment Systems