FCPA: Recent Enforcement Activity Sounds Warning for Financial Services Industry

According to recent news reports, as many as 10 financial services firms have received SEC information requests regarding their respective dealings with SWFs ' foreign government owned-and-operated investment funds. The information requests likely have been years in the making. In 2008, the chief of the DOJ's Fraud Section declared that the surge of SWFs was an area of particular interest to the DOJ in its FCPA enforcement efforts. More recently, SWFs have made substantial investments in U.S. financial services firms and private equity funds, and in some cases, according to a recent Wall Street Journal report, “helped the firms stave off collapse.” Jones, Wall Street Journal, 1/14/11.

When interacting with SWFs, the FCPA is implicated because of the “foreign official” element of an anti-bribery violation. In a number of recent enforcement actions ' for example in the KBR/Halliburton action' both the DOJ and SEC have applied the “foreign official” definition to employees of companies in which foreign governments held less-than-majority interests. It is clear that the enforcement authorities would view employees of some SWFs as meeting the “foreign official” element because the SWF is owned and operated by a foreign government.

The SEC reportedly is examining whether financial services firms made improper payments in soliciting investments from SWFs. Indeed, a financial services firm or private equity fund risks FCPA liability if its employees, or third-party consultants acting on its behalf, offer or make payments, gifts, or entertainment to employees of an SWF. Because of the potential for FCPA risk, all financial services companies that solicit investments from SWFs, that conduct any type of business with SWFs, or that provide services to SWFs, should re-evaluate their FCPA compliance efforts and make any appropriate enhancements. Engaging in proactive risk assessments that focus on the potential for corruption risk and conducting internal reviews may make a significant difference in mitigating FCPA liability and the hefty fines and sanctions that go along with it.

It is important to note, however, that interactions with SWFs are not the only area involving potential FCPA risk. The Wall Street Journal recently reported that the SEC is investigating Allianz SE for possible bribery by a German printing press company in which Allianz SE holds a majority stake. Dauer and Brune, WSJ Blog/Corruption Currents: US Investigating Allianz Over Payments By Portfolio Company,12/22/2010. Because the SEC never has charged a private equity firm with violating the FCPA based on the conduct of a foreign private company in its portfolio, a prosecution here would be ground-breaking. As this investigation makes clear, a private equity fund must develop an understanding (via risk assessment and due diligence) of the business operations of foreign private companies in which it holds a majority stake and develop appropriate compliance programs to address FCPA risks.

Other High-Risk FCPA Areas for Financial Services Companies

Recent industry-wide FCPA enforcement sweeps in the oil field services, telecommunications, and the pharmaceuticals industries suggest that the SEC and DOJ will not restrict their examination of the financial services industry to SWFs alone. An investigation of misconduct in one area can lead to investigations of misconduct in other areas.

One particularly high-risk area may be the prosecution of financial services firms and/or their directors, officers, employees or agents under a willful blindness theory in the context of cross-border mergers and acquisitions in developing countries. A similar theory was employed in the 2009 trial of Frederic Bourke, investor and founder of handbag company Dooney & Bourke, which resulted in Bourke's conviction for conspiring to violate the FCPA. Importantly, the DOJ did not allege that Bourke himself bribed a foreign official, but rather that he consciously avoided learning the pertinent facts regarding improper payments and benefits provided by others to Azeri government officials, thus engaging in inadequate due diligence in a corrupt scheme to privatize the State Oil Company of the Azerbaijan Republic.

This focus on cross-border acquisitions continued during the first quarter of 2011, when the Ball Corporation settled books and records and internal control charges with the SEC. The SEC alleged that Ball personnel learned “soon after Ball acquired [Argentine subsidiary] Formametal in March 2006 that Formametal employees may have made questionable payments ' before the acquisition.” However, according to the SEC, Ball “failed to take sufficient action to ensure that such activities did not recur at Formametal after Ball took control.” The Ball case further illustrates the need to conduct adequate due diligence on acquisition targets and, through a rigorous post-acquisition risk assessment and compliance review, to correct any problems and mitigate FCPA liability.

If financial analysts' predictions of an increase in cross-border mergers and acquisitions in 2011 materialize, failure to engage in appropriate FCPA due diligence with respect to an acquired company's practices (like Ball), or intentional avoidance of FCPA red flags (like Bourke), may be costly for the acquiring company, which can inherit FCPA liability for violations by the target company that occurred prior to the acquisition. And while no financial services company has been charged to date for aiding and abetting a client's FCPA violation ' especially in the cross-border mergers and acquisitions context ' a theory of aiding and abetting an FCPA violation is a potential extension of FCPA enforcement.

Additional Concerns

Cross-border mergers and acquisitions activity is not the only high-risk FCPA area that requires specific attention. Operating an insurance or retail banking business requires licenses and government approvals. FCPA risks arise directly from the need to procure business licenses from government officials, and financial institutions conducting direct retail operations in high-risk countries therefore must monitor compliance at this level.

Joint ventures also pose FCPA risks for financial services firms. On March 18, 2011, IBM consented to the entry of a final judgment with the SEC in connection with alleged violations of the books and records and internal controls provisions of the FCPA. Among other allegations, the SEC claimed that employees of IBM's majority owned joint venture in Korea (LG IBM PC Co., Ltd.), paid cash bribes and provided improper gifts and payments of travel and entertainment to South Korean government officials in order to secure the sale of IBM products.

Financial services firms, when engaging in a joint venture, must ensure a thorough understanding of existing business practices and impose appropriate compliance controls at the inception of the joint-venture operation. This includes evaluating the necessary due diligence required prior to the joint venture to understand the risk and implementing the appropriate controls to manage the risk.

Dodd-Frank

Finally, in light of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) provision (Section 922 of Pub. L. No. 111-203, 124 Stat. 1376 (2010)) that requires the SEC to award qualifying whistleblowers between 10% and 30% of certain monetary sanctions (including FCPA sanctions) imposed by the agency, financial services companies must continue to emphasize compliance and training. Because the Dodd-Frank whistleblower provision provides a huge financial incentive for individuals to circumvent internal reporting and compliance departments and report FCPA violations directly to the SEC ' and given the recent FCPA enforcement trends, including the developments by the SEC with its SWFs inquiries ' it never has been more crucial for financial services companies to re-examine their FCPA compliance efforts.

Conclusion

Financial services firms face substantially greater risk under the FCPA in this new enforcement environment. In light of this, financial services companies should take proactive steps in order to understand their FCPA risks and then build controls to monitor and eliminate the risks. Implementing a robust FCPA compliance program (or enhancing an existing program) with the assistance of outside counsel will enable a company to maintain strong attorney-client privilege claims and may make the difference in avoiding FCPA liability altogether.

David S. Krakoff, a member of this newsletter's Board of Editors, and James T. Parkinson are partners at BuckleySander LLP, Washington, D.C. Bradley A. Marcus is an associate at the firm.

When Cheryl J. Scarboro, Chief of the U.S. Securities and Exchange Commission's (SEC) Foreign Corrupt Practices Act (FCPA) enforcement unit, remarked in November 2010 that her unit “will continue to focus on industry-wide sweeps and [that] no industry is immune from [FCPA] investigation,” the financial services industry would have been wise to take notice. Now, with news that the SEC is examining whether banks and private equity firms have run afoul of the FCPA in their dealings with sovereign wealth funds (SWFs), Scarboro's remarks are no longer merely a harbinger for FCPA enforcement activity ' they represent the reality facing the financial services industry.

Scarboro's comments and the SEC's recent SWFs inquiries are even more significant when viewed in the context of FCPA enforcement activity in 2010, which was a record year for both the SEC and the U.S. Department of Justice (DOJ), the statute's enforcers. Consider that, in 2010, the DOJ and SEC: 1) collected eight of the 10 highest monetary penalties ever paid over the 33-year history of the FCPA; 2) brought a combined 74 enforcement actions, nearly doubling the then'record-setting 40 enforcement actions brought in 2009; and 3) focused their enforcement efforts on particular industries. As Assistant Attorney General Lanny A. Breuer remarked: “[W]e are in a new era of FCPA enforcement; and we are here to stay.” Given the DOJ's and SEC's focus on coordinating FCPA enforcement efforts, this “new era” clearly now includes the financial services industry. Accordingly, financial services firms should re-examine their FCPA compliance efforts and proactively manage their FCPA risks.

Recent SEC Inquiries

According to recent news reports, as many as 10 financial services firms have received SEC information requests regarding their respective dealings with SWFs ' foreign government owned-and-operated investment funds. The information requests likely have been years in the making. In 2008, the chief of the DOJ's Fraud Section declared that the surge of SWFs was an area of particular interest to the DOJ in its FCPA enforcement efforts. More recently, SWFs have made substantial investments in U.S. financial services firms and private equity funds, and in some cases, according to a recent Wall Street Journal report, “helped the firms stave off collapse.” Jones, Wall Street Journal, 1/14/11.

When interacting with SWFs, the FCPA is implicated because of the “foreign official” element of an anti-bribery violation. In a number of recent enforcement actions ' for example in the KBR/Halliburton action' both the DOJ and SEC have applied the “foreign official” definition to employees of companies in which foreign governments held less-than-majority interests. It is clear that the enforcement authorities would view employees of some SWFs as meeting the “foreign official” element because the SWF is owned and operated by a foreign government.

The SEC reportedly is examining whether financial services firms made improper payments in soliciting investments from SWFs. Indeed, a financial services firm or private equity fund risks FCPA liability if its employees, or third-party consultants acting on its behalf, offer or make payments, gifts, or entertainment to employees of an SWF. Because of the potential for FCPA risk, all financial services companies that solicit investments from SWFs, that conduct any type of business with SWFs, or that provide services to SWFs, should re-evaluate their FCPA compliance efforts and make any appropriate enhancements. Engaging in proactive risk assessments that focus on the potential for corruption risk and conducting internal reviews may make a significant difference in mitigating FCPA liability and the hefty fines and sanctions that go along with it.

It is important to note, however, that interactions with SWFs are not the only area involving potential FCPA risk. The Wall Street Journal recently reported that the SEC is investigating Allianz SE for possible bribery by a German printing press company in which Allianz SE holds a majority stake. Dauer and Brune, WSJ Blog/Corruption Currents: US Investigating Allianz Over Payments By Portfolio Company,12/22/2010. Because the SEC never has charged a private equity firm with violating the FCPA based on the conduct of a foreign private company in its portfolio, a prosecution here would be ground-breaking. As this investigation makes clear, a private equity fund must develop an understanding (via risk assessment and due diligence) of the business operations of foreign private companies in which it holds a majority stake and develop appropriate compliance programs to address FCPA risks.

Other High-Risk FCPA Areas for Financial Services Companies

Recent industry-wide FCPA enforcement sweeps in the oil field services, telecommunications, and the pharmaceuticals industries suggest that the SEC and DOJ will not restrict their examination of the financial services industry to SWFs alone. An investigation of misconduct in one area can lead to investigations of misconduct in other areas.

One particularly high-risk area may be the prosecution of financial services firms and/or their directors, officers, employees or agents under a willful blindness theory in the context of cross-border mergers and acquisitions in developing countries. A similar theory was employed in the 2009 trial of Frederic Bourke, investor and founder of handbag company Dooney & Bourke, which resulted in Bourke's conviction for conspiring to violate the FCPA. Importantly, the DOJ did not allege that Bourke himself bribed a foreign official, but rather that he consciously avoided learning the pertinent facts regarding improper payments and benefits provided by others to Azeri government officials, thus engaging in inadequate due diligence in a corrupt scheme to privatize the State Oil Company of the Azerbaijan Republic.

This focus on cross-border acquisitions continued during the first quarter of 2011, when the Ball Corporation settled books and records and internal control charges with the SEC. The SEC alleged that Ball personnel learned “soon after Ball acquired [Argentine subsidiary] Formametal in March 2006 that Formametal employees may have made questionable payments ' before the acquisition.” However, according to the SEC, Ball “failed to take sufficient action to ensure that such activities did not recur at Formametal after Ball took control.” The Ball case further illustrates the need to conduct adequate due diligence on acquisition targets and, through a rigorous post-acquisition risk assessment and compliance review, to correct any problems and mitigate FCPA liability.

If financial analysts' predictions of an increase in cross-border mergers and acquisitions in 2011 materialize, failure to engage in appropriate FCPA due diligence with respect to an acquired company's practices (like Ball), or intentional avoidance of FCPA red flags (like Bourke), may be costly for the acquiring company, which can inherit FCPA liability for violations by the target company that occurred prior to the acquisition. And while no financial services company has been charged to date for aiding and abetting a client's FCPA violation ' especially in the cross-border mergers and acquisitions context ' a theory of aiding and abetting an FCPA violation is a potential extension of FCPA enforcement.

Additional Concerns

Cross-border mergers and acquisitions activity is not the only high-risk FCPA area that requires specific attention. Operating an insurance or retail banking business requires licenses and government approvals. FCPA risks arise directly from the need to procure business licenses from government officials, and financial institutions conducting direct retail operations in high-risk countries therefore must monitor compliance at this level.

Joint ventures also pose FCPA risks for financial services firms. On March 18, 2011, IBM consented to the entry of a final judgment with the SEC in connection with alleged violations of the books and records and internal controls provisions of the FCPA. Among other allegations, the SEC claimed that employees of IBM's majority owned joint venture in Korea (LG IBM PC Co., Ltd.), paid cash bribes and provided improper gifts and payments of travel and entertainment to South Korean government officials in order to secure the sale of IBM products.

Financial services firms, when engaging in a joint venture, must ensure a thorough understanding of existing business practices and impose appropriate compliance controls at the inception of the joint-venture operation. This includes evaluating the necessary due diligence required prior to the joint venture to understand the risk and implementing the appropriate controls to manage the risk.

Dodd-Frank

Finally, in light of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) provision (Section 922 of Pub. L. No. 111-203, 124 Stat. 1376 (2010)) that requires the SEC to award qualifying whistleblowers between 10% and 30% of certain monetary sanctions (including FCPA sanctions) imposed by the agency, financial services companies must continue to emphasize compliance and training. Because the Dodd-Frank whistleblower provision provides a huge financial incentive for individuals to circumvent internal reporting and compliance departments and report FCPA violations directly to the SEC ' and given the recent FCPA enforcement trends, including the developments by the SEC with its SWFs inquiries ' it never has been more crucial for financial services companies to re-examine their FCPA compliance efforts.

Conclusion

Financial services firms face substantially greater risk under the FCPA in this new enforcement environment. In light of this, financial services companies should take proactive steps in order to understand their FCPA risks and then build controls to monitor and eliminate the risks. Implementing a robust FCPA compliance program (or enhancing an existing program) with the assistance of outside counsel will enable a company to maintain strong attorney-client privilege claims and may make the difference in avoiding FCPA liability altogether.

David S. Krakoff, a member of this newsletter's Board of Editors, and James T. Parkinson are partners at BuckleySander LLP, Washington, D.C. Bradley A. Marcus is an associate at the firm.