Jonathan T. Marks CPA, CFF, CFE and NACD Board Fellow

Fraud Tip Friday: Lessons From Recent FCPA Enforcement Actions

Close-up Of Female's Hand Holding Gift Box Filled With Currency Over The White Desk

Lessons From Recent FCPA Enforcement Actions

The United States government’s fiscal year ended September 30, 2019. Just as in the business world, where many companies try and clear out any unexecuted deals or open contracts, the Securities and Exchange Commission (SEC) cleared out three outstanding Foreign Corrupt Practices Act (FCPA) enforcement actions. The three enforcement actions involved Quad/Graphics Inc., a Wisconsin-based digital and print marketing provider and its Peruvian subsidiary, Quad/Graphics Peru S.A.; Barclays PLC; and a Canadian clean fuel company Westport Fuels Systems, Inc. and its former Chief Executive Officer (CEO), Nancy Gougarty of Leesville, South Carolina. The terms of each settlement agreement provide a different lesson for compliance practitioners.

Quad/Graphics – Be Alert for Sham Vendors

According to the SEC Press Release and related order, Quad/Graphics’ actions violated the FCPA in several instances identified by the Commission from 2011 to 2016.  Their international troubles began with the 2010 merger of Canadian printing company World Color Press, Inc.  The merger introduced a significant international presence for Quad/Graphics, yet accounting controls, anti-corruption policies, and an FCPA compliance program were not in place.  Simply put, the compliance function was not preemptively prepared for the new influx of international issues.  The company was slow to prioritize attention to these issues, and equally slow to begin the process of introducing the necessary measures to combat them.  Consequently, Quad/Graphics’ Peruvian subsidiary, Quad/Graphics Peru S.A., was found to have deployed questionable business practices to win business contracts and to avoid penalties in tax litigation, using fraudulent third party vendors to carry out the bribes.  The company has agreed to pay $6,936,174 in disgorgement, $959,160 in prejudgment interest, and a $2 million civil penalty, for total monetary relief of nearly $10 million.

In addition to the challenges in Peru, following the merger of World Color, Quad/Graphics maintained the acquired business relationships with Cuban counterparts in spite of U.S. sanctions and export law restrictions.  In doing so, they concealed the transactions internally through written communication and by falsifying financial records which serve as proof of their illegal behavior.  It is also identified in the commission’s order that illicit payments to various Chinese officials and employees in Chinese companies were either promised or made in order to secure sales in an otherwise limited market.  Both instances further the argument that Quad/Graphics was not prepared for the international business which they took on.

In order to understand the key lesson in this case, we must consider the creation of, billing by, and payments made to the purported third party vendors or the “Sham Vendors”.  Regarding the billing, the Order stated, “two concerned managers in Peru approached him [Finance Director] about several suspicious invoices that had recently been submitted by two of the Sham Vendors. Several of the invoices contained red flags of bribery and corruption, including having the same date and dollar amounts and consecutive invoice numbers. Upon review, the new Senior Finance Manager agreed the invoices were problematic and declined to approve them.”  Other red flags present on the Sham Vendors invoices included “vendor invoices with rounded dollar amounts, large invoice amounts that were disproportionate to the services described, invoices that were consecutively numbered (sometimes with the same date) and invoices without purchase orders or other supporting documentation.” On the payment side, although there were some wire transfers made to the Sham Vendors bank accounts, a large number of invoices were paid “by checks that were hand delivered to the Sham Vendor’s principal or the Sham Vendor’s accountant in Peru.”  Upon inspection, the commission noted that 3 of the 4 Sham Vendors had the same address and none had any real business operations.

Barclays – Don’t Forget the Basics

Barclays is well known for its prior regulatory stumbles in the banking sector, and for the actions of its Chief Executive to unmask an anonymous whistleblower. Barclays experienced additional grief from an FCPA enforcement action, based upon hiring practices in the Asia Pacific Region (APAC).  According to the SEC Press Release, Barclays’ employees hired 117 candidates with connection to their non-government clients or to foreign government officials.  It was understood the hiring of these candidates was exchangeable for current or future business opportunities.  Barclays agreed to pay $6,308,726, consisting of disgorgement of $3,824,686, prejudgment interest of $984,040 and a $1.5 million civil penalty as a result of the SEC findings.

In addition to the instances of violations cited in the Order in which compliance employees acted knowingly in their unethical hiring practices, or where employees responsible for hiring were circumventing the compliance function, the Order also cites several instances in which blissful ignorance contributes to the company’s illegal actions.  Examples of senior executives who were not only unaware of the basic anti-corruption conduct prohibited by the FCPA, but also the specific prohibitions of hiring relatives of foreign officials “quid pro quo” are identified in the commission’s findings.  This lack of training on the very basics of the FCPA and also of elements of anti-bribery/anti-corruption compliance is something that every compliance professional needs to be reminded of.  Training is a foundational component of any well-designed compliance program and simply cannot be ignored.

The Barclays enforcement action presents some very (back to the) basics lessons for the compliance professional. First, you must consider the effectiveness of your compliance programs: Are they current?  How are they being tested?  Second, you must consider your corporate gatekeepers: When was the last time you tested gatekeeper roles performed by your compliance function to verify they are actually being performed correctly?  Are those gatekeepers aware of what is required of them? Maybe it’s time to start asking some questions.

Westport Fuels Systems, Inc. – Control Fraud 

The third FCPA resolution involved Westport Fuels Systems, Inc., a Canadian clean fuel technology company headquartered in Vancouver, Canada, and its former CEO, Nancy Gougarty.

The unusual features of this corruption scheme were two-fold. The first was the bribery scheme itself. While there have been previous FCPA enforcements where the interest in an entity was the quid of the quid pro quo; this scheme was a more sophisticated operation.

For all of these FCPA violations, Westport also agreed to pay $2,546,000 in disgorgement and prejudgment interest and a civil penalty of $1,500,000, and Gougarty agreed to pay a civil penalty of $120,000.

The problem for Westport started when the company wanted to take the Chinese JV public through an IPO and were falsely informed that the newly formed public company had to be majority Chinese-owned in order to do so. During this process, it was uncovered that the Chinese Government Official who was working for the State Owned Entity (SOE) that was the largest shareholder of the IPO prospect company, had a financial interest in the private equity firm targeted to manage the IPO.  This fact was brought to Gougarty’s attention, utilized in the negotiation process, and intentionally concealed from Westport’s board of directors.  The deal called for shares of the joint venture to be transferred into the private equity fund in exchange for a dividend payment from the State Owned Entity.  Tight for cash due to a decline in sales, the CEO was eager to finalize this transaction.  Consequently, she allowed the shares of the JV go undervalued when transferring to the private equity firm.

Further, in addition to the dividend payment, Gougarty was eager to secure new business as a result of the transaction.  She at first suggested, and later demanded that a framework supply agreement be included in the terms of the deal.  The CEO “explicitly conditioned the share transfer on obtaining a long-term sales agreement” and instructed her team on the ground that “no component sales contract, no share transfer”. This about as quid pro quo as you can get.

After the bribery scheme was effectuated, Gougarty continued her fraudulent conduct by falsely identifying payments to another entity rather than the true counterparty, the private equity firm. She compounded this fraud, in connection with the filing of the Form 40-F, falsely executing a certification attesting “that Westport had disclosed all significant deficiencies and material weaknesses in the design and operation of its internal controls to the outside auditors”.  In reality, Gougarty was responsible for falsified transactional data in the financial reporting related to the bribery scheme.  She also failed to disclose the internal control weaknesses that allowed her to do so.

Gougarty’s conduct appears to be “control fraud”.

Control fraud occurs when a trusted person in a high position of responsibility in a company, corporation, or state subverts the organization and engages in extensive fraud for personal gain. The term “control fraud” was coined by William K. Black to refer both to the acts of fraud and to the individuals who commit them.

Subversion in this case refers to the circumvention or overriding of internal controls or policies and procedures.  This scheme was designed to create a “pot of money” to fund another type of fraud, bribery and corruption.

When you have the CEO herself engaging in this type of behavior you have to ask where was the board of directors? How was she selected?  What did senior management know?  This was a very expensive lesson.

Conclusion

These three SEC enforcement actions all provide important lessons for the compliance practitioner.  The actions should be not only studied by compliance professionals, but also the lessons passed along to business unit personnel to further alert employees of red flags of bribery and corruption schemes that may be present in the business operating environment. Finally, never forget the basics of the FCPA and the importance of proper education around the Act; what it mandates and more importantly, what it prohibits.

Management override of controls is a pervasive issue in practice – I encourage my readers to review your fraud risk assessment and ensure key gatekeepers and their roles and capabilities.

Look for my newly designed website coming soon!

I also welcome you thoughts and comments.

Best!

Jonathan T. Marks, CPA, CFE

Special thanks to Tom Fox for contributing to this writing.