The High Cost of FCPA Violations

According to Baker Hughes' settlement agreements with the DOJ and the SEC, the company maintained insufficient internal controls to avoid FCPA violations. As stated above, the FCPA contains an affirmative obligation for public companies such as Baker Hughes to maintain robust internal controls. The settlement materials identify several of the firm's alleged shortcomings, including the following:

Inadequate Due Diligence on Intermediaries

Baker Hughes had roughly 650 business intermediaries (reduced to less than 80 as a result of the internal investigation and settlements) around the world, including local sales agents hired to help identify potential business transactions and to promote the company to prospective customers. According to the SEC and DOJ, Baker Hughes did not conduct adequate due diligence on its intermediaries to ensure that they had a reputation for ethical business conduct, were qualified to perform the services for which they had been retained, or were not inappropriately close to influential government officials.

• The company repeatedly retained the services of local agents without determining who owned the agents;
• Sales commissions were unreasonably large, and in some instances, negotiated by a foreign official on behalf of an agent;
• The company had no written agreements with many of its intermediaries; and
• It paid intermediaries outside of their home jurisdictions.

In short, according to the SEC, Baker Hughes retained and made payments to intermediaries 'under circumstances in which the company failed to adequately ensure itself that such payments were not being passed on' to foreign officials.

The lesson for multinational companies is clear. Working with third parties who know the local market is an extremely valuable tool. But companies should not enter into these relationships lightly.

Public companies must also ensure that they have internal requirements that require extensive due diligence on potential intermediaries. Not only can public companies be liable for illicit payments made by intermediaries under the FCPA's anti-bribery provisions, they can also be separately liable for failing to maintain adequate policies and procedures for vetting potential agents, even if those agents never place illicit funds into the hands of foreign officials.

Insufficient Supervision of Employees

In addition to Baker Hughes' problems with intermediaries, its employees themselves engaged in activities that were highly suspect. One employee allegedly received kickbacks from a potential sales agent in return for advocating that the company engage that agent's services. In another instance, a company employee, without consulting with legal counsel, determined that paying bribes to local officials in Nigeria did not violate the FCPA because 'all companies are doing the same' in that country.

It is essential for companies operating in challenging markets outside the United States to ensure that their employees are provided with adequate supervision. Employees should have access to experienced legal counsel, be trained in the substance of the FCPA and other laws regulating cross-border business, and be subject to procedures that require the approval of supervisors in circumstances when mistakes can be costly.

Review of Payments

Baker Hughes appears to have lacked sufficient accounting controls to ensure that payments made using corporate funds were appropriate and consistent with the law. Agents were sometimes paid in cash. One agent received payments in five different bank accounts outside of his home jurisdiction. Payments were made for an option to lease land from a company in Kazakhstan after a Baker Hughes employee determined that the company was 'only a front for the real owners who are influential.' Agents were reimbursed for expenses incurred in providing personal travel to foreign officials and their families. Commission payments to a local agent were described in the company's books and records as legal fees. In addition, $2.5 million was paid to customs brokers in Nigeria to resolve alleged underpayment of customs duties.

As indicated above, the FCPA requires public companies to maintain effective internal controls on the use of corporate funds, and to ensure that books and records are accurate. The expenditure of corporate assets ' particularly to recipients outside the United States ' should be subject to scrutiny. Companies should ensure that payments are made for bona fide and legitimate business reasons, are clearly documented, and are consistent with U.S. and local laws. Employees should not be able to dispense with thousands ' let alone millions ' of dollars from corporate coffers without strict controls.

Country Risk

For countries operating outside of the United States, the concept of country risk is not a new one. Traditionally, companies have evaluated the risks of doing business in a particular jurisdiction in terms of political or economic stability, the relative sophistication of the local legal system, the ability to enforce contractual rights, crime and personal safety, and even the potential for expropriation of in-country assets.

Companies operating in challenging markets should add local corruption to the risk analysis. According to the settlement materials, Baker Hughes was doing business in jurisdictions such as Nigeria, Kazakhstan, Indonesia, Angola and Uzbekistan, all of which fall squarely in the bottom half of Transparency International's 2006 Corruption Perceptions Index (available online at www.transparency.org/news_room/in_focus/2006/cpi_2006__1/cpi_table). Such countries have also served as the setting for numerous recent FCPA violations. For example, business dealings in Nigeria have played prominent roles in at least three other major FCPA cases, such as the ABB Vetco Gray settlement in 2004, Vetco Gray's second brush with the FCPA this year, and the case of Louisiana Congressman William Jefferson.

The FCPA does not prohibit U.S. companies from doing business in countries with reputations for corruption. However, prudent companies should apply extra scrutiny to proposed business transactions in those jurisdictions. The FCPA allows no defense or exception for bribes being 'just the way business is done' in a particular country.

No Time Like the Present

Perhaps the greatest lesson to be drawn from the Baker Hughes settlement is that there is no time like the present to tackle FCPA risks and to ensure that internal compliance controls are suitably robust. The company's record-breaking punishment included an $11 million criminal penalty, a $10 million civil penalty, the requirement to disgorge almost $20 million in ill-gotten profits, and prejudgment interest of $3.1 million. Moreover, the company reported that the five-year internal probe cost more than $50 million, involved 330 lawyers, 31 forensic accountants, the review of hundreds of thousands of pages of hard-copy documents, and 1.69 terabytes of electronic data (the approximate equivalent of 90 million pages) from computers in 20 cities on four continents.

Baker Hughes is also required to appoint an independent compliance consultant ' also known as a compliance monitor ' to review the company's ongoing efforts to comply with the FCPA. The compliance monitor's activities will not be directed by the company, and the monitor will report its findings to U.S. enforcement officials on a periodic basis. The information it gathers is not subject to the attorney-client privilege.

Compliance is expensive. The costs of setting up and maintaining a compliance program that is a part of a company's daily activities are certainly inconvenient, and fall on the negative side of the balance sheet. Compliance does not, in and of itself, generate revenue. Due diligence is invasive and can delay fast-paced deals. Yet the cost of Baker Hughes' FCPA issues should be powerful ammunition for in-house counsel seeking to convince corporate executives of the necessity of state-of-the-art FCPA compliance. Resolution of the matter cost Baker Hughes almost $100 million in out-of-pocket costs, not to mention the disruption caused by a five-year internal probe and other complications sure to be caused by the compliance monitor's on-going review. One can only imagine that it would have been cheaper to institute upfront compliance programs.

If these numbers are not enough, Baker Hughes has pointed out that almost every senior management member from the alleged violation period has been replaced. And unemployment is only the beginning. Individuals are personally subject to government fines and prosecution for their roles in FCPA violations. The SEC has already initiated a civil action against one Baker Hughes employee who was allegedly involved in the company's problematic activities in Kazakhstan. That individual joins more than 20 others who, since May 2005, have been prosecuted, fined, arrested, indicted, or imprisoned for violations of the FCPA. For both the corporate and individual senior management, the risks of not being prepared in advance are extremely high and the costs often insurmountable.

This article originally appeared in A&FP's sibling newsletter, The Corporate Counselor.

William Steinman is a partner at Powell Goldstein LLP in Washington, DC, where he focuses his practice on international anticorruption and FCPA matters. He is a past Board member of the nonprofit anticorruption organization TRACE International. He can be reached at [email protected] or 202-624-7292.

Earlier this year, Baker Hughes Inc. ascended to the top of an exclusive and prominent list, but it is one on which few companies would want to be mentioned. On April 26, 2007, the Texas-based oil field products and services company announced that it was settling a federal probe alleging that it violated the Foreign Corrupt Practices Act ('FCPA'), and that it would pay fines and penalties in excess of $44 million ' the largest combined punishment under that law. It was truly one for the record books ' at least for the time being.

In a nutshell, the FCPA prohibits U.S. companies and persons from giving anything of value to foreign government officials in order to obtain or retain business. The law also requires public companies to ensure that their books and records are accurate, and to maintain robust internal controls on the expenditure of corporate funds. And while the FCPA was signed into law in 1977, there have been more enforcement actions brought by the Department of Justice ('DOJ') and the Securities and Exchange Commission ('SEC') (the two agencies in charge of enforcing the act) in the last four years than in the prior 26 years combined. Baker Hughes' FCPA woes serve as a roadmap of what companies operating internationally should and should not do, and boldly highlight the red flags that corporate counsel should be watching for.

Lack of Internal Controls

According to Baker Hughes' settlement agreements with the DOJ and the SEC, the company maintained insufficient internal controls to avoid FCPA violations. As stated above, the FCPA contains an affirmative obligation for public companies such as Baker Hughes to maintain robust internal controls. The settlement materials identify several of the firm's alleged shortcomings, including the following:

Inadequate Due Diligence on Intermediaries

Baker Hughes had roughly 650 business intermediaries (reduced to less than 80 as a result of the internal investigation and settlements) around the world, including local sales agents hired to help identify potential business transactions and to promote the company to prospective customers. According to the SEC and DOJ, Baker Hughes did not conduct adequate due diligence on its intermediaries to ensure that they had a reputation for ethical business conduct, were qualified to perform the services for which they had been retained, or were not inappropriately close to influential government officials.

• The company repeatedly retained the services of local agents without determining who owned the agents;
• Sales commissions were unreasonably large, and in some instances, negotiated by a foreign official on behalf of an agent;
• The company had no written agreements with many of its intermediaries; and
• It paid intermediaries outside of their home jurisdictions.

In short, according to the SEC, Baker Hughes retained and made payments to intermediaries 'under circumstances in which the company failed to adequately ensure itself that such payments were not being passed on' to foreign officials.

The lesson for multinational companies is clear. Working with third parties who know the local market is an extremely valuable tool. But companies should not enter into these relationships lightly.

Public companies must also ensure that they have internal requirements that require extensive due diligence on potential intermediaries. Not only can public companies be liable for illicit payments made by intermediaries under the FCPA's anti-bribery provisions, they can also be separately liable for failing to maintain adequate policies and procedures for vetting potential agents, even if those agents never place illicit funds into the hands of foreign officials.

Insufficient Supervision of Employees

In addition to Baker Hughes' problems with intermediaries, its employees themselves engaged in activities that were highly suspect. One employee allegedly received kickbacks from a potential sales agent in return for advocating that the company engage that agent's services. In another instance, a company employee, without consulting with legal counsel, determined that paying bribes to local officials in Nigeria did not violate the FCPA because 'all companies are doing the same' in that country.

It is essential for companies operating in challenging markets outside the United States to ensure that their employees are provided with adequate supervision. Employees should have access to experienced legal counsel, be trained in the substance of the FCPA and other laws regulating cross-border business, and be subject to procedures that require the approval of supervisors in circumstances when mistakes can be costly.

Review of Payments

Baker Hughes appears to have lacked sufficient accounting controls to ensure that payments made using corporate funds were appropriate and consistent with the law. Agents were sometimes paid in cash. One agent received payments in five different bank accounts outside of his home jurisdiction. Payments were made for an option to lease land from a company in Kazakhstan after a Baker Hughes employee determined that the company was 'only a front for the real owners who are influential.' Agents were reimbursed for expenses incurred in providing personal travel to foreign officials and their families. Commission payments to a local agent were described in the company's books and records as legal fees. In addition, $2.5 million was paid to customs brokers in Nigeria to resolve alleged underpayment of customs duties.

As indicated above, the FCPA requires public companies to maintain effective internal controls on the use of corporate funds, and to ensure that books and records are accurate. The expenditure of corporate assets ' particularly to recipients outside the United States ' should be subject to scrutiny. Companies should ensure that payments are made for bona fide and legitimate business reasons, are clearly documented, and are consistent with U.S. and local laws. Employees should not be able to dispense with thousands ' let alone millions ' of dollars from corporate coffers without strict controls.

Country Risk

For countries operating outside of the United States, the concept of country risk is not a new one. Traditionally, companies have evaluated the risks of doing business in a particular jurisdiction in terms of political or economic stability, the relative sophistication of the local legal system, the ability to enforce contractual rights, crime and personal safety, and even the potential for expropriation of in-country assets.

Companies operating in challenging markets should add local corruption to the risk analysis. According to the settlement materials, Baker Hughes was doing business in jurisdictions such as Nigeria, Kazakhstan, Indonesia, Angola and Uzbekistan, all of which fall squarely in the bottom half of Transparency International's 2006 Corruption Perceptions Index (available online at www.transparency.org/news_room/in_focus/2006/cpi_2006__1/cpi_table). Such countries have also served as the setting for numerous recent FCPA violations. For example, business dealings in Nigeria have played prominent roles in at least three other major FCPA cases, such as the ABB Vetco Gray settlement in 2004, Vetco Gray's second brush with the FCPA this year, and the case of Louisiana Congressman William Jefferson.

The FCPA does not prohibit U.S. companies from doing business in countries with reputations for corruption. However, prudent companies should apply extra scrutiny to proposed business transactions in those jurisdictions. The FCPA allows no defense or exception for bribes being 'just the way business is done' in a particular country.

No Time Like the Present

Perhaps the greatest lesson to be drawn from the Baker Hughes settlement is that there is no time like the present to tackle FCPA risks and to ensure that internal compliance controls are suitably robust. The company's record-breaking punishment included an $11 million criminal penalty, a $10 million civil penalty, the requirement to disgorge almost $20 million in ill-gotten profits, and prejudgment interest of $3.1 million. Moreover, the company reported that the five-year internal probe cost more than $50 million, involved 330 lawyers, 31 forensic accountants, the review of hundreds of thousands of pages of hard-copy documents, and 1.69 terabytes of electronic data (the approximate equivalent of 90 million pages) from computers in 20 cities on four continents.

Baker Hughes is also required to appoint an independent compliance consultant ' also known as a compliance monitor ' to review the company's ongoing efforts to comply with the FCPA. The compliance monitor's activities will not be directed by the company, and the monitor will report its findings to U.S. enforcement officials on a periodic basis. The information it gathers is not subject to the attorney-client privilege.

Compliance is expensive. The costs of setting up and maintaining a compliance program that is a part of a company's daily activities are certainly inconvenient, and fall on the negative side of the balance sheet. Compliance does not, in and of itself, generate revenue. Due diligence is invasive and can delay fast-paced deals. Yet the cost of Baker Hughes' FCPA issues should be powerful ammunition for in-house counsel seeking to convince corporate executives of the necessity of state-of-the-art FCPA compliance. Resolution of the matter cost Baker Hughes almost $100 million in out-of-pocket costs, not to mention the disruption caused by a five-year internal probe and other complications sure to be caused by the compliance monitor's on-going review. One can only imagine that it would have been cheaper to institute upfront compliance programs.

If these numbers are not enough, Baker Hughes has pointed out that almost every senior management member from the alleged violation period has been replaced. And unemployment is only the beginning. Individuals are personally subject to government fines and prosecution for their roles in FCPA violations. The SEC has already initiated a civil action against one Baker Hughes employee who was allegedly involved in the company's problematic activities in Kazakhstan. That individual joins more than 20 others who, since May 2005, have been prosecuted, fined, arrested, indicted, or imprisoned for violations of the FCPA. For both the corporate and individual senior management, the risks of not being prepared in advance are extremely high and the costs often insurmountable.

This article originally appeared in A&FP's sibling newsletter, The Corporate Counselor.

William Steinman is a partner at Powell Goldstein LLP in Washington, DC, where he focuses his practice on international anticorruption and FCPA matters. He is a past Board member of the nonprofit anticorruption organization TRACE International. He can be reached at [email protected] or 202-624-7292.