After what appears to be a 73 month investigation, as part of an internal administrative order, Juniper Networks, Inc. – NYSE: JNPR (“Juniper”, or “the Company”) will pay $11.7 million as part of a settlement with the Securities and Exchange Commission (“SEC”); however, in an 8-K filed on February 9, 2018, Juniper disclosed that the Department of Justice (“DOJ”) had completed its investigation and, citing Juniper’s cooperation, decided to take no further action against the company – no criminal charges. Apparently the DOJ had sent the letter closing its investigation in the fourth quarter of 2017.
The SEC settlement is broken down as follows: $6.5 million civil penalty; $4 million in disgorgement—representing the amount of profit the company made as a result of the conduct; and, about $1.2 million in interest.
From 2008 to 2013, sales employees in Russia agreed to increase discounts on sales made by third-party partners, according to the settlement. The discounts were funneled into an off-book funds or referred to as “common funds” (in the fraud space called “slush funds”) which were directed partially by Company sales representatives and used to pay for customer trips, including travel for foreign officials to various locations where there were no Juniper facilities or industry conferences related to Juniper’s business – the trips had little to no business purpose.
The trips “were predominantly leisure in nature and had little to no educational or business purpose.” That would include trips to places where there were no Juniper facilities, nor any industry conferences related to Juniper’s line of work.
During a similar period, sales employees at the Company’s Chinese subsidiaries paid for excessive travel and entertainment of customers, including foreign officials. Certain local marketing employees falsified trip agendas to understate the amount of entertainment offered on the trips. These sales employees submitted the falsified and misleading trip agendas to Juniper’s Legal Department to obtain event approval, apparently subsequent to the event taking place and without adequate review.
Juniper learned of the “common funds,” which were against corporate policy, in late 2009. However, diverting funds and using them to pay travel expenses continued through 2013.
Deeper Into the Weeds
The conduct by the Company’s Russian and Chinese subsidiaries violated the FCPA’s internal controls and record-keeping provisions.
The crux of this matter focuses on Juniper’s overseas subsidiaries who appear to have exploited weak oversight of accounting policy and the apparent override of weak internal controls to create “off book “common fund accounts” or slush funds used to pay bribes.
The SEC’s order states the bribery happened from 2008 to 2013. Juniper’s subsidiary in Russia, JNN Development Corp., worked with local partners in that country to increase discounts those partners would supposedly offer to customers — except, of course, those discounts never actually reached Juniper’s customers. Instead, the local partners diverted that money into a slush fund to cover travel and marketing expenses for customers, including foreign government officials. Those customers received free trips which, to use the SEC’s words, “were predominantly leisure in nature and had little to no educational or business purpose.” That would include trips to places where there were no Juniper facilities, nor any industry conferences related to Juniper’s line of work.
At least some of these trips were directed by JNN executives, which is not surprising. More disturbing is that Company executives allegedly knew about this behavior as early as 2009, and told JNN stop — but the funneling of monies into the “common funds” and the improper trips continued into 2013.
Meanwhile, from 2009 through 2013, roughly the same four years, sales employees at Juniper’s Chinese subsidiaries were busy falsifying trip and meeting agendas for customer events in an attempt to conceal the real value of entertainment involved on the trips. Apparently, falsified agendas were submitted to Juniper’s legal department for approval. Against Juniper’s travel policies, the legal department approved numerous trips without adequate review and after the events had taken place.
Key Best Practices
Fraud detection and prevention is not a hobby. Ensure you have the proper skills on your team!
- Check your allegation triage process and escalation protocols.
- Analyze your governance framework and ensure business practices and ethics are key component of the framework.
- Conduct risk based ethics and compliance training.
- Revisit your risk assessment continuously, not a prescribed periods. Remember achieving strategy equals risk management, plus, effective internal controls!
- Russia and China are inherently high-risk countries and markets for bribery.
- Ensure Fraud controls are properly designed to deter, detect, or prevent unethical behavior or worse fraud.
- Discounts and rebates have historically been a source of consternation by many organizations. Ensure procedures are designed to test both the design and effectiveness of the controls surrounding any discount or rebate program. \
- Monitor customer sales activities for suspicious activity-follow the money!
- Revisit your policies and procedures and determined if they address pertinent issues, such as what constitutes acceptable behavior by employees.Ensure your internal audit plan is truly risk based.
- Assess the skills of internal audit. If there is a deficiency in skills related to fraud and FCPA, strongly consider augmenting your internal audit team with outside professionals who can “tuck in” and provide those skills.
- Review your third-party risk management program.
- Have your compliance program reviewed at a minimum every three (3) years by a outside independent professionals to ensure that it is not stale.
- Seek to understand communication protocols and the escalation process-
- Review the allegation log frequently, but no less than every 60 days, to ensure investigations are being done timely. Question investigations that have stopped or have lingered on beyond 60 days;
- Ensure the board (audit committee) is being briefed timely on all serious matters by the chief audit executive and chief compliance officer; and,
- Question the discipline applied to the bad actors and whether the risk assessment, compliance and ethics training, and monitoring protocols need to be modified.
- Challenge your Chief Compliance Officer to provide evidence of the existence of a strong ethics and compliance program
In Juniper they never mention what if any discipline was applied to those that ignored the “cease and desist”. In addition, they also don’t mention internal audit, which seems odd.
Cooperation and Remediation
According to the SEC, Juniper cooperated by disclosing facts in a timely way and “voluntarily produced and translated documents” to the agency during the investigation. They also “provided the [SEC] staff presentations regarding its investigation.”
As part of its remedial action, Juniper instituted a compliance preview and required pre-approval of non-standard discounts. It also now requires pre-approval for third-party gifts, travel, and entertainment, channel partner marketing expenses, and some operating expenses in high-risk markets.
Governance, risk, and compliance are no joke – get in the game!
Having an appropriate compliance structure that collaborates and works in harmony with internal audit and the legal function is a must to ensure risks are handled appropriately.
I welcome your thoughts and comments!
Attribution: SEC, DOJ, Stanford, WSJ