The first half of 2020 has been interesting to say the least. We started the year with a record-setting enforcement action against aerospace corporation Airbus SE on January 31. This was followed by a Security and Exchange Commision (“SEC”) only administrative enforcement against health care services company Cardinal Health, Inc. on February 28. When the COVID-19 pandemic hit, it seemed like things were going to slow down. But on April 17, the SEC settled with oil and gas company Eni S.p.A. Finally, the Department of Justice (“DOJ”) and the SEC closed the first half with an enforcement action against healthcare company Novartis AG on June 25. In total, these four defendants paid almost $1billion to the U.S. Treasury.
Airbus represents the largest single global resolution of corrupt conduct. In total, Airbus agreed to pay more than $3.9 billion to the United States, France and the United Kingdom for corrupt conduct and violations of export control programs. According to the Deferred Prosecution Agreement (“DPA”) (and the 51 pages of stipulated facts), beginning in at least 2008 and continuing until at least 2015, Airbus allegedly paid bribes to decision makers and other influencers, including to foreign officials, in order to obtain improper business advantages and to win business from both privately owned enterprises and entities that were state-owned and controlled in China. The bribes included luxury travel, cash and entertainment. Most of the corrupt conduct was facilitated through the use of a “consultant” without a written agreement, but the consultant had a “long term relationship with the political level … and [who knew] personally some key decision makers of the customer.” For the Foreign Corruption Practice Act (“FCPA”) violations, Airbus agreed to pay $294 million. Airbus settled with France for approximately $2.29 billion and with the United Kingdom for approximately $1.09 billion. France and United Kingdom’s settlements involved bribes paid in Malaysia, Sri Lanka, Taiwan, Indonesia and Ghana. The DPA is for three years.
In addition to the FCPA and other anti-corruption violations, Airbus also violated the Arms Export Control Act (“AECA”), as implemented by the International Traffic in Arms Regulations (“ITAR”). The State Department’s Directorate of Defense Trade Controls (“DDTC”) regulates the export and import of U.S. defense articles and services. ITAR prohibits the export of defense articles and services without the requisite licensing and approval of the DDTC. Airbus filed the appropriate license applications. However, Airbus failed to accurately disclose commissions paid to third-party brokers who were hired to solicit, promote or otherwise secure the sale of defense articles and defense services to foreign armed forces. For the ITAR and export control violations, Airbus agreed to pay a fine of $237 million plus forfeit a $55 million bond and pay DDTC $5 million.
The Cardinal Health settlement was a “books and records” and “internal controls” violation involving Cardinal’s Chinese subsidiary. The allegations where that Cardinal acquired an established distribution company in China. The predecessor company kept on its own books certain accounts that its customers used to fund operations and marketing expenses. After Cardinal acquired the company, Cardinal terminated most of these arrangements because of the corruption risks. However, it kept an account with a certain company, for which Cardinal was the exclusive supplier of its products. In that regard, Cardinal employed 2,400 employees for the company. These employees then directed payments to government-employed healthcare professionals who had influence over purchasing decisions. Cardinal terminated the relationship six years later. The SEC charged that Cardinal failed to properly maintain accurate books and records and failed to maintain appropriate internal controls to prohibit improper payments. Cardinal agreed to pay a civil penalty of $2.5 million. The SEC alleged that Cardinal was unjustly enriched by $5.4 million. Without admitting any liability, Cardinal agreed to disgorge $5.4 million plus pay $900,000 in prejudgment interest.
Eni is allegedly a repeat violator of the “books and records” and “internal controls” provisions of the FCPA. Although Eni only owned 43% of oilfield services company Sapiem, it controlled the company. Between 2007 and 2010, Sapiem entered into four agreements with an intermediary to obtain business with Algeria’s state-owned oil company. The owner of the intermediary was a “personal secretary” and like a “son” to the Algerian energy minister. Sapiem conducted little or no due diligence on the intermediary yet paid it €198M in “brokerage fees” to obtain seven contracts with the Algerian state-owned oil company. Eni agreed to disgorge $19.75 million plus pay prejudgment interest of $4.75 million to settle the allegations. On June 25, DOJ and SEC settled with Novartis AG for $346 million to resolve FCPA violations in Greece, Vietnam and South Korea. The DOJ criminal action was resolved for $225 million plus a three-year DPA; the SEC settled for $92 million plus $20 million in prejudgment interest and a former subsidiary settled for $9 million. Part of the allegations include paying “opinion leaders” to attend conferences as inducements to increase prescriptions. According to the DPA, minutes from an internal Novartis meeting stated that the doctors “must understand that their participation in [conferences] will be cancelled if sales performance is not improved significantly.” In addition, Novartis used a clinical study to funnel improper payments to health care providers to increase prescriptions of Novartis products. Another part of the allegations included conduct of a Vietnamese subsidiary using distributors to make inappropriate payments to doctors to increase use of Novartis’ products. The payments occurred before and after being acquired by Novartis. The subsidiary reimbursed the distributor up to 50% of the corrupt payments. These reimbursements were booked as “consulting expenses,” “marketing expenses” or “human resources expenses.”
Although not a corporate enforcement action, the case of U.S. v. Coburn and Schwartz decided an issue of first impression. Judge Kevin McNulty from the District of New Jersey ruled that each email or phone call discussing the payment is a separate violation even if made in connection with a single scheme to bribe a foreign official. Gordon Coburn and Steven Schwartz were executives in Cognizant Technology Solutions, which settled with the SEC in 2019 for violating the FCPA. Cognizant settled allegations that it bribed certain officials in India in connection with building a new facility. The DOJ charged Coburn and Schwartz with three counts of violating the anti-bribery provisions of the FCPA based on sending three emails. Coburn and Schwartz claimed that there was only one scheme to bribe, but the judge disagreed.
Although not an FCPA case, the Supreme Court decided on June 22, 2020, a disgorgement case that limits the damages recoverable. In Liu v. SEC, the Supreme Court held that in disgorgement actions, the recovery must be based on net profits, not the total profits from the criminal activity. As a result, defendants will be able to deduct reasonable business expenses from the profit associated with fraudulent activity. Disgorgement is a common remedy used by the SEC in FCPA cases.
Compared to 2019, the first half of 2020 has been remarkably slow. There were only five enforcement actions (compared to 14 in the first half of 2019). In addition, the penalties were significantly smaller as well. So far in 2020, OFAC has collected $9.2 million in penalties compared to $1.28 billion in the first half of 2019.
On January 21, Park Strategies, a lobbying firm, agreed to settle allegations that it violated the Global Terrorism Sanctions Regulations by paying a fine of $12,150. OFAC alleged that Park Strategies signed an agreement to represent a specially designated national (SDN) as a lobbyist, not in a legal capacity. Shortly after receiving the initial retainer, Park Strategies terminated the relationship and voluntarily disclosed. OFAC determined that it was a non-egregious violation.
On January 27, Eagle Shipping, a ship management company that also self-performs, agreed to settle allegations that it violated the Burmese Sanctions Regulations by paying a fine of $1,125,000. OFAC alleged that a predecessor company shipped sand from Burma to Singapore on behalf of an SDN. The facts are interesting because the ship’s captain initially refused to deport because the shipper was listed as the SDN. After the bill of lading was revised, the captain again refused to leave because some ancillary documents showed the shipper as the SDN. Finally, once that was resolved, the company applied for an OFAC license. Before it was granted, the captain left fearing for the safety of his crew. The license was ultimately denied, but the Eagle Shipping performed some additional voyages. Eagle went through a bankruptcy and the new Eagle voluntarily reported. OFAC determined it was egregious conduct because the old company continued to perform even after the license was denied. The company did remediate and significantly improved its trade compliance program.
On February 26, Societe Internatoinale de Telecommunications Aeronautiques SCRL (“SITA”) , a Swiss software and services company for airlines, agreed to settle allegations that it violated the Global Terrorism Sanctions Regulations by paying a $7,829,640 fine. OFAC alleged that SITA violated the terrorist sanctions regulations by providing messaging software and services for certain airlines that OFAC designated as terrorist organizations (mostly in conjunction with Iran and Syria). The messaging services creating the violations were routed through SITA’s facility in Atlanta. OFAC determined that SITA did not self-disclose, but the violations were not egregious. SITA remediated the conduct by terminating all relationships with the airlines and establishing a more robust trade compliance program.
On April 30, American Express agreed to settle allegations that it violated the Weapons of Mass Destructions Proliferators Sanctions Regulation by agreeing to the issuance of a Finding of Violation without paying a penalty. Through a software glitch in its screening software, an authorized affiliate approved an AMEX card for an SDN. After discovering the erroneous approval, American Express revoked the card, but not until after the SDN transacted $35,000 worth of charges. American Express voluntarily disclosed and remediated the conduct and OFAC concluded that it was not an egregious violation.
On May 6, BIOMIN America, an animal nutritional company, agreed to settle allegations that it violated the Cuba Assets Control Regulations by paying a $257,862 fine. OFAC alleged that Biomin America used its owned or controlled foreign entities to sell commodities to Cuba, and that it processed and collected commissions from its foreign entities on the sales. Biomin America created the sales structure on the belief that it could not sell the commodities directly, although OFAC pointed out that there may be a general license applicable to these goods. Biomin voluntarily self-disclosed and implemented remedial training and procedures to avoid a repeat violation. OFAC determined that it was a non-egregious violation.
Serious Fraud Office (“SFO”) Releases Guidance on Evaluating Compliance Programs
On January 17, 2020, the SFO released internal guidance on how it will evaluate compliance programs. According to the guidance, SFO will evaluate a compliance program at the time of an offense, time of resolution, and when deciding whether future improvements can be made through a DPA. The guidance requires that the program must be robust and more than a “paper exercise.” The guidance states that, “a key feature of any compliance programme is that it needs to be effective and not simply a ‘paper exercise.” The guidance stresses the importance of documenting certain actions in connection with the development of the program. The guidance also states that the “Six Principles” in the Ministry of Justice’s guidance on the UK Bribery Act, published in March 2011, are a good general framework for assessing compliance programs. In other words, the SFO will assess (1) proportionate procedures, (2) top-level commitment, (3) risk assessment, (4) due diligence, (5) communication (including training), and (6) monitoring and review.
DOJ Issues Updated Compliance Guidance
On June 1, the DOJ issued updates to its guidance document “Evaluation of Corporate Compliance Programs” (“Guidance”). The updated Guidance clarifies and supplements the Guidance document from April 2019 and February 2017. The Guidance generally tweaks around the edges the previous documents and adds a 16 more questions to consider (174 instead of 158). Nevertheless, the DOJ urged Companies to adopt a risk-based program, based on a rigorous assessment of its risk profile (no “cookie cutter” programs), with effective internal controls to monitor those risks and access to and use of data to continually improve on the effectiveness of the program. The 2019 guidance was centered around three main questions – (i) whether the program was well designed; (ii) whether the program was well implemented; and (iii) whether the program works well in practice. The 2020 Guidance assumes the program is well implemented and now focuses on whether the program is “adequately resourced and empowered to function effectively.”
Some other significant changes between the 2020 Guidance and the prior guidance include additional focus on third party relationships (ensuring that the reporting systems are publicized to them and making sure risk management extends throughout the life cycle of the relationship), training (shorter, more targeted, interactive training), operations (continual risk assessments based on data resulting from initial assessments; assessments based on past issues in the company and similar companies; availability and publicity of policies and procedures and reporting systems; a commitment to “mood in the middle”, not just “tone at the top”; and consistency in discipline) and M&A integration (post-acquisition audits).
France’s Minister of Justice Issues Guidance Note
On June 2, France’s Minister of Justice issued a Circular on Criminal Policy in the Fight Against International Corruption (“Circular”). The Circular is intended to provide guidance to French prosecutors enforcing Sapin II, the anti-corruption law, including suing for extra-jurisdictional conduct if those companies engage in economic activities in France. Like the U.S. guidelines, the Circular seems to promote the idea of companies self-disclosing. The Circular mentions that the three factors to be considered in determining whether to offer a Judicial Public Interest Agreement (CJIP) (the French version of a Deferred Prosecution Agreement) are the lack of prior enforcement, the voluntary disclosure of facts, and the degree of cooperation. The cooperation includes the duty to identify individuals involved in the conduct and even refers to the DOJ’s Yates Memorandum. Even though voluntary disclosure is a factor to be considered in determining whether a CJIP is available, there is no requirement that voluntary disclosure will result in any credit or avoidance of prosecution.