The SEC recently fined Bank of New York Mellon ("BNY Mellon") nearly $15 million for allegedly violating provisions of the Foreign Corrupt Practices Act (“FCPA”) by providing student internships to family members of foreign government officials in the Middle East.  

Importantly, several other banks have publicly disclosed investigations into similar conduct.[i] It is unclear whether those banks will be subject to public enforcement action by the SEC, but there are certainly lessons to be learned from these investigations that apply far beyond the banking industry. 

Important Facts Noted by the SEC in the BNY Mellon Order 

  • The bank, without admitting or denying wrongdoing, agreed to pay $14.8 million—$8.3 million in disgorgement, $1.5 million in prejudgment interest, and a $5 million penalty to settle the charges. The investigation took more than four and a half years to complete.
  • BNY Mellon was alleged to have violated the FCPA in 2010 and 2011 when employees of the bank agreed to provide valuable internships to family members of two officials affiliated with a Middle Eastern sovereign wealth fund. In this manner, the bank allegedly improperly provided a “thing of value” (i.e., internships) to government officials in order to win and retain business.
  • The three recipients of the coveted intern positions—specifically, the son and nephew of one official and the son of a second official—were exempted from the otherwise rigorous hiring criteria for such positions and were allegedly unqualified.
  • Though the interns lacked the requisite credentials and were never under consideration for becoming fulltime employees of the bank, several internal emails showed that BNY Mellon employees viewed the internships as important to keeping the sovereign wealth fund’s business.
  • Notably, in its order, the SEC alleged that the conduct by BNY Mellon employees in bestowing the internships not only violated the anti-bribery provision of the FCPA but also the internal accounting controls provision.
  • Though the bank did have an FCPA compliance policy, it maintained few specific controls around the hiring of customers and relatives of customers. The SEC alleged the compliance controls therefore were inadequate to fully effectuate BNY Mellon’s stated policy against bribery of foreign officials. 

Takeaways from the SEC’s Settlement with BNY Mellon

The SEC continues to broadly interpret "anything of value." This settlement demonstrates that the phrase “anything of value” is not limited to direct or indirect cash payments or travel benefits. As in the line of charitable contribution cases,[ii] the SEC continues to look at nontraditional transactions—if the conduct falls within what it views to be the spirit of the FCPA. This case signals the SEC is on the lookout for any quid pro quo arrangement that directly or indirectly provides something of value to a foreign official as part of a scheme to obtain or maintain business.  

Furthermore, the SEC reiterated that the internal controls provision has a far reach—BNY Mellon “failed to devise and maintain a system of internal accounting controls around its hiring practices sufficient to provide reasonable assurances that its employees were not bribing foreign officials in contravention of company policy.” 

Compliance program must consider all parts of the organization. All parts of an organization should be included in an FCPA compliance program. During the annual evaluation of FCPA compliance, BNY Mellon’s internal—and perhaps external—audit should have evaluated the HR practices for compliance with the FCPA policies and procedures.  

Training needs to be done regularly and across the organization: keep it updated, do it regularly, and use web-based or other alternative methods of training to make it more convenient. Consider all lines of business and support functions in your corruption risk assessment. Written policies and procedures must be supplemented by real compliance controls. 

Compliance must avoid the “check the box” mentality. The U.S. government has warned that “[c]ompliance programs that employ a ‘check-the-box’ approach may be inefficient and, more importantly, ineffective.”[iii]The SEC, in this case and prior guidance, makes it clear that having sufficient FCPA policies in place is of little value if the organization does not monitor conduct to ensure the policies are being followed.[iv] Here as elsewhere, the only thing worse than having no policy, is to have a policy—good or bad—that is not consistently followed. Adoption of the policy proves that you knew what the law requires, and ignoring the policy proves that your conduct was deliberate.

The SEC continues to be aggressive. The BNY Mellon order notes the many remedial measures that were put in place by BNY. However, the SEC brought the case and extracted a $5 million penalty and $8 million in disgorgement. It is relevant to note that the alleged misconduct relates to a business practice not clearly discussed in the FCPA Resource Guide. The lesson: there is little sympathy from the government regarding FCPA compliance missteps.