There’s something happening here, but what it is ain’t exactly clear – “For What It’s Worth,” Buffalo Springfield

At first glance, the SEC’s recent enforcement action against Johnson Controls for $14 million for FCPA violations in China, along with a Justice Department declination under its new Pilot Program, appears to be a “routine” enforcement matter. Unfortunately, this case was anything but routine and there are real questions raised concerning the SEC’s resolution and the Justice Department’s declination.

Let’s start back in 2005 when Johnson Controls acquired York International and its subsidiary, China Marine, which is involved in the marine HVAC and refrigeration industries. Two years later, York International paid $22 million to the DOJ and SEC to resolve FCPA offenses in China and other countries that occurred between 2001 and 2006. York agreed to a three-year independent compliance monitor.

Johnson Controls, through York, implemented a number of remedial measures. Johnson Controls fired employees involved in the bribery; discontinued the use of third-party agents; conducted additional FCPA training and conducted some audits, which only revealed some missing paperwork. A new Managing Director was appointed who reported directly to the officials in a Johnson Controls’ Denmark subsidiary.

Most importantly, however, Johnson Controls did not implement a recommendation by the independent compliance monitor that the China Marine operation be integrated into the senior subsidiary operation in Denmark. As it turns out, this failure was a significant reason that China Marine was able to resume its bribery scheme.

The new Managing Director, with the assistance of the entire staff in China, resumed the bribery scheme using shadow vendors rather than third party agents. China Marine employees collected proceeds from the vendors for funding bribery and personal remuneration. China Marine’s financial controls were designed to protect against such payments and included low thresholds authorizing payments without approval by the Denmark subsidiary.

With the new circumvention scheme in effect, China Marine continued to bribe state-owned and private ship builders in China. The scheme involved a massive paperwork fraud, with fake invoices, inflated fees, and the collaboration of over eighteen employees in three China Marine locations. In total, using small transactions below the delegation of authority thresholds resulted in payment of $4.9 million in bribes and personal enrichment.

These facts suggest that the SEC and DOJ let Johnson Controls off easy. Based on the public information, Johnson Controls failed to implement a recommendation made by an independent compliance monitor that was at the heart of the problem – a China subsidiary operated almost without any meaningful supervision or monitoring. The compliance monitor specifically cited this risk and recommended a closer supervisory role by the Denmark subsidiary. That failure, which was significant, should not have afforded Johnson Controls a DOJ declination nor an SEC settlement totaling only $14 million.

If anything, Johnson Controls failed to remediate starting in 2007 and, in effect, turned a blind eye to a serious risk that China Marine would resume its bribery scheme. The deficiencies here, in this failure to remediate, are significant.

First, aside from the basic structural problem, what effort, if any, did Johnson Controls take to integrate or create a culture of compliance in the China Marine subsidiary? It appears that Johnson Controls did not attempt to identify, measure or promote a positive culture except by conducting specific FCPA training.

Second, Johnson Controls should have implemented a robust audit program that reviewed China Marine’s vendor onboarding process, specific transactions involving the vendors, and careful review of the paperwork justifying payments. Everyone is well aware of the fact that bribery can be funded through non-material transactions, and in the face of a past violation, Johnson Controls should have focused quarterly or semi-annual audits of China Marine’s activities down to the penny.

Third, Johnson Controls should have been aware of the risk created by a vendor onboarding process that does not address corruption risks, especially in China, where the use of shadow vendors is a recognized means to fund illegal bribery activities. Johnson Controls’ failure to review and improve the vendor onboarding process raises real issues about the work of the compliance monitor, as well as Johnson Controls’ commitment to ethics and compliance after a serious violation occurred at York International.

DOJ’s declination is troubling. There is a threshold issue of whether DOJ could have initiated an enforcement action unless there was evidence showing senior officer involvement or failure to act. Even so, we have seen DOJ stretch its enforcement arm in the settlement context to reach otherwise tenuous results, and there appears to be plenty of justification to stretch here in this case when you basically have a recidivist continuing to violate the law.

Asides form DOJ’s declination, there are significant questions concerning the SEC’s resolution of only $14 million for a recidivist, who was under a compliance monitor, and failed to implement an important recommendation made by the compliance monitor.

No matter how you parse this – the Johnson Controls case is a head-scratcher that raises many more questions than answers about FCPA enforcement.