Jonathan T. Marks CPA, CFF, CFE and NACD Board Fellow

Bribery Schemes and Their Compliance Responses

Magnifying glass on the"fraud" in dictionary

Bribery Schemes and Their Compliance Responses

This writing will highlight some of the more unusual bribery schemes described in 2019 Foreign Corrupt Practices Act (FCPA) enforcement actions and also consider their impact on compliance programs, what they mean for the compliance professional and how the government could potentially use these cases to require more effective compliance programs going forward.

Discounts to Distributors

Bribery Scheme

The Microsoft Corporation FCPA enforcement action demonstrated a failure around the company’s policy on providing discounts to distributors and other third-party sellers. The company had a policy requiring a review of discounts above certain thresholds be approved by Microsoft’s Business Desk. But this approval required a valid business justification before the discount could be granted. Unfortunately, a cut and paste job was done by the local business unit, which included a “competition with competitors”, “customer price sensitivity” and the ubiquitous “possibility” of winning other work as justifications for the discount.

These business justifications were provided with no supporting documentation and were approved by the Business Desk. There was a time limit expiration on these discounts; however, there was no follow up by the Business Desk to determine if the discount was revoked or otherwise taken off the table after the time limit expired. You might think that after multiple requests for discounts from the same business unit, which included the same justifications of competition with competitors, customer price sensitivity and the possibility of winning other work someone, the Business Desk might have at least asked them to cut and paste a different business justification to support the discount.

Compliance Response

There must be a comprehensive discount approval process for distributors, which must be followed, tested and include effective oversight. If a business submits multiple requests for a discount and each request includes the same business justification the approver should become suspicious and request proper supporting documentation before granting these request.  As far back as the BHP Billiton FCPA enforcement action, where business justification for government travel to the 2008 Beijing Olympics became a cut and paste job, the regulators have made clear that there must be a substantive reasons for the discount and that discount must be tested.

This testing also comes in the form of reviewing, with a critical eye, the backup documentation provided to demonstrate the business case for the discount. If there is no documentation, the discount request should not be approved. If there are conditions attached to the discount approval, such as a time limit expiration on the discounts; there must be follow up to determine if the discount was revoked or otherwise taken off the table.

Joint Ventures

Bribery Scheme-JV Formation

There were multiple bribery schemes employed by Fresenius Medical Care AG & Co. KGaA (FMC). One of these schemes included the setting up of joint ventures (JV) as a mechanism to pay corrupt doctors, employees of state-owned health care enterprises and government officials who were also medical officials. There was one JV in Angola and two in Turkey created for illicit purposes. In both bribery schemes, 35% of the JV interest was doled out to the corrupt officials. There was no capital contribution required from the employees of state-owned enterprises and government officials. The employees of state-owned enterprises and government officials all cashed out at some point for monetary values far above their individual monetary values in the JVs.

Bribery Scheme-Hidden Interests

Westport Fuels Systems, Inc. (Westport) and a Chinese state-owned enterprise were 50/50 owners in a JV. It was restructured so that a portion of the shares held by Westport and a privately held Hong Kong conglomerate would have to be transferred to the state-owned enterprise and a Chinese private equity fund in which senior Chinese government official held a significant financial interest. The Chinese government official sought and received a low valuation of the JV so he could make a quick turnaround of profitability outside the scrutiny of Chinese regulators. Westport’s Board of Directors authorized Westport’s management to complete the negotiations and execute the share transfer. The final deal agreed upon was a valuation of $70 million for the Chinese JV, with Westport agreeing to transfer its shares to the state-owned enterprise and the private equity fund in exchange for a long-term framework supply agreement.

Compliance Responses

Forming the JV

JVs provide many FCPA risks that other types of business relationships do not bring. For instance, the JV may interact with foreign government officials or employees of a state-owned enterprise; then leverage those relationships for an improper benefit relating to contracts, regulatory licenses, permits or customs approvals. It is difficult to regulate a JVs interaction with foreign government officials when your partner is a state-owned enterprise, or where your company is relying on the local company for its local contacts and expertise for business development and/or regulatory knowledge and experience.

The risks are compounded when the US Company does not exercise control over the JV. This is further compounded by the fact there is no minimum threshold for a FCPA enforcement action against a US company for the actions of a JV in which it holds an interest. If a company holds something less than majority rights, it must urge, beg and plead for the majority partner to adhere to anti-corruption compliance standards and controls. Often, these requirements are established in the JV agreement but the success in securing such contract protections depends on the importance of the global company to the JV itself.  The government not only considers the percentage of ownership in the JV but also considers the company’s ability to influence and control the JV.  Therefore, it is important to impart your compliance program requirements to the JV is the JV does not have its own compliance function and/or program, including relevant policies and procedures.

Knowing who your JV partners before entering the business relationship is critical. Therefore, a robust due diligence is something you must conduct from the start. Both the FMC and Westport enforcement actions demonstrate that if a government official has or even hides an interest in a JV; payments, distributions and buy-outs can be an avenue to make corrupt payments.

The JV Agreement

As a starting point, it is important to have compliance terms and conditions, these reasons can include some of the following: 1) to set expectations between the parties; 2) to demonstrate the seriousness of the issue to the non-US party; and 3) to provide a financial incentive to conduct business in compliant manner.

You must have an absolute prohibition of all forms of bribery and corruption. Many foreign JV partners may not understand that the FCPA applies to them if they partner in a business relationship with a US company. Further, they do not understand that they may be covered persons under the FCPA. This all must be spelled out for them. Audit rights are a key clause in any compliance terms and conditions and must be secured.

Managing the Relationship

A key tool in managing the affiliation with a JV post-contract execution is effective auditing techniques. Your compliance audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. You should work to obtain, review, analyze and evaluate relevant data; and use the data as a basis to remediate any issues which have arisen in the operation of the JV.

In addition to monitoring and oversight of your JVs, you should periodically review the health of your JV management program. The robustness of your JV management program will go a long way towards preventing, detecting and remediating any compliance issue before it becomes a full-blown FCPA violation. As with all the steps laid out, you need to fully document all steps you have taken so that any regulator can review and test your metrics. The 2019 Evaluation of Corporate Compliance Programs (2019 Guidance) lays out what the Department of Justice (DOJ) will be reviewing and evaluating going forward for your compliance program. You should also use these metrics to conduct a self-assessment on the state of your compliance program for your JVs.

Sham Third Parties and Third Party Services

Sham Third Parties

In the FCPA enforcement action involving Quad/Graphics Inc., the bribes were paid through the tried and true method of sham third party vendors. While the bribery scheme was about as basic as you could get for “sham-ness” as the third-party vendors were all owned by the same individual, their basic corporate information was all the same as they were all registered in Lima, Peru, with the same address and with no real business operations. Needless to same Quad failed to perform any due diligence on them. The services performed by the Sham Vendors of course contributed to their “sham-ness” as while the Sham Vendors submitted invoices allegedly for pre-press, modulation and/or packaging services none of them performed any such services for the company. Indeed, all these services were performed on site by Quad Peru employees.

The billing by the Sham Vendors and the form of payment to the Sham Vendors was also evidence of their “sham-ness”. Several of the invoices submitted contained red flags, including having the same date and dollar amounts and consecutive invoice numbers. Other red flags included, whole and rounded dollar amounts, large invoice amounts that were disproportionate to the services described, invoices that were consecutively numbered with the same date and invoices without purchase orders or any supporting documentation.

Sham Third Party Services

Fresenius used another bribery scheme in Angola. It was the creation of fraudulent storage payments with a shell company owned by the sons of an Angolan government official, a Military Health Officer in charge of purchasing, to provide warehousing space for a warehouse which housed no FMC products. In or around December 2011, FMC Angola paid approximately $560,000 to this shell company for purported “Temporary Storage Services,” However, no FMC company products were ever stored at the warehouse. When the company’s internal audit function unearthed this scheme, the local business unit simply put a contract in place, executing a written contract with the Shareholder Company to provide temporary storage services for approximately $77,000 per month from January 2012 to January 2013. Once again, no company products were ever stored at the warehouse.

Compliance Responses

The steps in the lifecycle management of any third-party are mandatory for every compliance program. There should be a business justification which is reviewed by an appropriate level of compliance personnel. These forms are usually sent and collected by a business sponsor who governs the relationship with the third parties. The next step involves robust due diligence for any third parties, whether they are sales side representatives or provide goods/services to your organization through the Supply Chain. The level of due diligence is based upon the risk score assigned to each of the third parties. Quad/Graphics Inc. (Quad/Graphics) is the starkest in this area as a simple check on the corrupt third-parties would have revealed that they were all owned by the same individual, their corporate information was all the same as they were all registered in the same city, with the same address.  This was topped off by the fact that they had no real business operations and any visual inspection of their stated business address would have revealed this.

Yet the most important step is managing the relationship after the contract is signed. This is the key lesson from Quad/Graphics and FMC. What does the information included in the invoice provide to you? Are the services delivered legitimate? For Quad/, the services described were performed by in-country Quad/Graphics employees. In the case of FMC, the services listed were for the non-existent storage of non-existent products. Other indicia of fraud and corruption found in invoices include multiple invoices with consecutive numbering’ with the same date and dollar amount, invoices with rounded dollar amounts, invoices with no supporting documentation and, finally, hand delivery of check so there was no bank to verify the accounts. A simple review by someone who knew what they were doing would have raised red flags and lead to further investigation.

Fraudsters are always looking for loopholes and weak spots to exploit. The same is true for those engaged in bribery and corruption. The role of every compliance professional is to prevent, detect and remediate. By following some of the approaches I have outlined, you can move towards more robust detection.

I welcome you comments and thoughts and wish everyone a happy, healthy, and prosperous New Year!

Best!

Jonathan T. Marks, CPA, CFE