Subscribe to our FinCrimes Update for news about the Foreign Corrupt Practices Act and related prosecutions and enforcement actions.
On April 30, 2019, the Department of Justice Criminal Division released updated guidance on the Evaluation of Corporate Compliance Programs (the “Guidance”). The Guidance sets forth the non-binding factors that DOJ prosecutors utilize to evaluate a company’s compliance program and consequently determine the “(1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligation.” The Guidance is, therefore, significant to companies seeking to understand what the DOJ considers to be best practices for compliance programs, as well as to mitigate against criminal penalties resulting from potential wrongdoing.
The Guidance builds upon a prior version released in February 2017 and does not indicate any major policy changes. Instead, this update provides further explanation of the factors DOJ uses to evaluate companies’ compliance programs and contextualize those factors within the enforcement framework of the Justice Manual and Sentencing Guidelines.
* * *
Click here to read the full special alert.
If you have questions about the DOJ’s new guidance or other related issues, please visit our White Collar practice page or contact a Buckley attorney with whom you have worked in the past.
The DOJ’s Fraud Section recently published an “Evaluation of Corporate Compliance Programs.” The guidelines were released on February 8 without a formal announcement. Their stated purpose is to provide a list of “some important topics and sample questions that the Fraud Section has frequently found relevant in evaluating a corporate compliance program.” The guidelines are divided into 11 broad topics that include dozens of questions. The topics are:
- Analysis and Remediation of Underlying Conduct
- Senior and Middle Management
- Autonomy and Resources
- Policies and Procedures
- Risk Assessment
- Training and Communications
- Confidential Reporting and Investigation
- Incentives and Disciplinary Measures
- Continuous Improvement, Periodic Testing and Review
- Third Party Management
- Mergers & Acquisitions
According to the Fraud Section, many of the topics also appear in, among other sources, the United States Attorney’s Manual, United States Sentencing Guidelines, and FCPA Resource Guide published in November 2012 by the DOJ and SEC. While the content of the guidelines is not particularly groundbreaking, it is nonetheless noteworthy as the first formal guidance issued by the Fraud Section under the Trump administration and new Attorney General Jeff Sessions. By consolidating in one source and making transparent at least some of the factors that the Fraud Section considers when weighing the adequacy of a compliance program, the guidelines are a useful tool for companies and their compliance officers to understand how the Fraud Section and others at the DOJ may proceed in the coming months and years.
However, while the guidelines may give some indication of what the DOJ views as a best practices compliance program, they caution that the Fraud Section “does not use any rigid formula to assess the effectiveness of corporate compliance programs,” recognizes that “each company’s risk profile and solutions to reduce its risks warrant particularized evaluation,” and makes “an individualized determination in each case.”
Former CEO of Chinese Subsidiary Acquired by Harris Corp. Settles FCPA Offenses Following Proactive Investigation and Disclosure of Conduct by Acquiring Company
On September 13, Jun Ping Zhang (Ping), the former Chairman and CEO of a subsidiary of Harris Corporation, a Florida-based provider of information technology services to government and commercial markets, agreed to pay a civil penalty of $46,000 to settle the SEC’s allegations that Ping violated the anti-bribery, books and records, and internal controls provisions of the FCPA. The matter was resolved by an administrative cease and desist order and Ping did not admit or deny the SEC’s findings.
The allegations relate to actions taken in 2011 and 2012 by Ping, a U.S. resident and citizen, and various unnamed sales staff of Harris Corp.’s wholly-owned subsidiary, Hunan CareFx Information Technology, LLC (CareFx China). Ping and the sales staff were alleged to have provided illegal gifts to Chinese government officials to obtain and retain business with various state-owned hospitals and regional Departments of Health. The settlement did not allege personal enrichment and contained no order of disgorgement.
The investigation giving rise to the allegations was spawned in fall 2012 when Harris Corp., notified the SEC and DOJ that it had identified potential violations of the FCPA during a post-acquisition audit of CareFx Corporation, which it had acquired in April 2011. With the assistance of outside counsel, Harris Corp. conducted an internal investigation into the conduct of CareFx China, a Chinese legal entity and wholly-owned subsidiary of CareFx, which began selling electronic medical records software to state-owned hospitals and regional Departments of Health in late 2009. The allegations contained within the administrative order depict an ongoing scheme in which CareFx China sales staff under Ping’s management and with his knowledge submitted bogus expenses for cash reimbursement and then used that cash to pay for improper gifts to government officials for the purposes of influencing their decisions to purchase CareFx China’s products and services.
According to the SEC, from April 2011 to April 2012, Ping “directly authorized or indirectly allowed between $200,000 and $1,000,000 in improper gifts to government officials,” after which CareFx China was awarded over $9,600,000 in contracts with state-owned entities. As CareFx China’s books and records were consolidated into Harris Corp.’s financial statements following the CareFx acquisition in April 2011, Ping, who had responsibility for reviewing CareFx China’s monthly expense report summaries, knew that the improperly recorded expenses and illegal activity would not be properly disclosed to Harris Corp., nor were they disclosed in the pre-acquisition due diligence.
According to a September 4, 2012 Wall Street Journal blog post, Harris Corp., concurrent with its internal investigation and timely self-disclosure in 2012, took remedial actions in relation to CareFx China, including making changes to internal control procedures, ending its gift-giving practice, providing additional compliance training, and terminating certain employees. Shortly thereafter, according to the SEC order, Harris Corp. sold all of CareFx China’s “outward facing operations” and, in mid-2015, Harris Corp. terminated all employees in CareFx China and no longer maintains China-based business operations.
As the books closed on FCPA enforcement for 2011, one final enforcement action came through the door: On December 29th, Magyar Telekom Plc. and Deutsche Telecom AG resolved an FCPA enforcement matter for a combined monetary sanction exceeding $95 million. The settlement offers important compliance benchmarks and should provide a useful starting point for anti-corruption counsel planning a risk assessment and/or compliance testing for 2012.
The Deutsche Telecom and Magyar Telekom Action
The two companies resolved the FCPA enforcement matter, which had been disclosed in 2009, in an arrangement involving an Information and a Deferred Prosecution Agreement filed against Magyar Telekom, a Non-Prosecution Agreement for Deutsche Telekom, and an SEC Complaint against both Deutsche Telecom and Magyar Telekom. The conduct in question involved payments through third parties to officials Macedonia and Montenegro.
At the same time the settled action was filed, the SEC charged three former Magyar Telekom executives with violations of the FCPA. None of the individuals is a US citizen. According to the Complaint, the basis for jurisdiction over these individuals rests on their prior status as officers, directors, employees or agents of Magyar Telekom, which was at the time an “issuer” with American Depository Receipts listed on the New York Stock Exchange, and the allegation that email messages in furtherance of the bribe scheme “were sent from locations outside the United States, but were routed through and/or stored on network servers located within the United States.”
Compliance Lessons: Anti-Corruption Program Elements Clearly Set Forth
The Magyar Telekom Deferred Prosecution Agreement contains a section articulating the minimum elements of a Corporate Compliance Program, a common feature of Deferred Prosecution Agreements. These elements describe the company’s compliance obligations in detail and are tailored to corruption-specific risks.
For compliance counsel, the elements described in the Corporate Compliance Program section (transcribed here in table/checklist format) may provide a very helpful tool for planning a program review. Counsel looking for a source to determine whether the elements of a company’s compliance program are up-to-date with the DOJ’s latest settlement can use the linked list as a starting point for a review, which can then be tailored to the specifics of geographical, business model and other risk factors.
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Tim Lange to discuss "Ease your pain at the state level: Recommendations for navigating the licensing issues in the states" at the Online Lenders Alliance Compliance University
- Amanda R. Lawrence, Aaron C. Mahler, and Jonice Gray Tucker to discuss "Expanded role for the FTC ahead: Implications for bank and nonbank financial institutions" at an American Bar Association Banking Law Committee Webinar
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference