On May 20, 2015, the US Securities and Exchange Commission (SEC) announced a settled enforcement action against Anglo-Australian extractive company BHP Billiton (BHPB or the company) for violations of the US Foreign Corrupt Practices Act (FCPA) in connection with the hospitality program it conducted at the 2008 Beijing Olympic Games. This settlement concludes the SEC’s investigation of BHPB, which began in 2009, and represents one of the most aggressive uses by the SEC to date of its accounting, and particularly its internal controls, authorities in an FCPA context. Instead of being predicated on specific questionable payments, the factual basis of the charges was that the company recognized the risk that improper quid pro quo arrangementscould develop in connection with the hospitality program, and that such risks were not appropriately managed by the company’s program, including through the manner in which they were documented in company compliance approval tracking forms. In connection with the settlement, BHP Billiton agreed to pay a $25 million civil penalty to the SEC, to a cease-and-desist order, and to a one-year reporting period to the SEC regarding its ongoing FCPA/anti-corruption compliance efforts.
This settlement raises significant questions regarding the manner in which SEC enforcement of the FCPA’s accounting provisions continues to evolve. As regular consumers of SEC FCPA enforcement actions will know, in recent years, leadership of the SEC’s FCPA Unit has consistently asserted that it views an effective FCPA compliance program as essential to satisfying the FCPA’s legal requirement to “devise and maintain a system of internal accounting controls sufficient ...” to ensure that “transactions are executed in accordance with management's general or specific authorization”, and related tracking requirements.
The charges in this settlement take that position – which has not been litigated – a step further. They appear to raise the prospect that companies could be charged with violations of the FCPA’s accounting provisions where their compliance programs do not maintain all elements of what the SEC would deem an effective compliance program – even where no underlying bribery (or at least payment arrangements suggesting some kind of improper quid pro quo, for example), has taken place.
The case also suggests that programs in the areas of hospitality and sponsorship – common and recurring areas of activity for many companies – may face enhanced scrutiny for systemic adequacy from a regulatory point of view, at least where larger amounts are involved. Such a position – if the SEC indeed intends to pursue enforcement actions on this basis as a matter of enforcement policy – would significantly expand the scope of risks facing US issuers with appreciable FCPA/anti-corruption risks to their business.
The Facts and Settlement
According to the SEC’s Cease-and-Desist Order, BHP Billiton agreed in December 2005 to sponsor the 2008 Beijing Olympic Summer Games. Beginning in 2007, BHP Billiton began the process of determining to whom it would extend invitations to the Games. From the outset, the company saw one of the primary purposes of its Olympic sponsorship program as providing the opportunity “to strengthen relationships with key local and global stakeholders; e.g., Government Ministers, Suppliers and Customers.” As one of the largest extractive companies in the world, BHPB had operations in numerous countries, and depended on being able to receive approval for exploration, production and other mining-related projects to conduct its business around the world.
The company invited over 650 people to participate in the hospitality program during the games, including 176 senior-level government officials and state-owned enterprise executives from mostly Asian and African countries and 102 of their spouses. In the end, 60 government officials and 24 spouses ultimately attended the games. The packages included tickets to events, luxury hotel accommodations, meals, sightseeing excursions and business class airfare provided to each invitee. The value of the packages was reportedly between $12,000 and $16,000.
In bringing an enforcement action against the company, the SEC focused on two different sets of facts. As to the internal controls-related charges, the SEC highlighted the fact that the hospitality program’s purpose was to provide an opportunity to “build relationships” with stakeholders, including government officials in African and Asian countries where corruption was perceived to be a significant risk. The SEC cited the fact that beginning in 2007, BHP Billiton employees prepared country-specific “Olympic Leverage Plans”, the purpose of which was to plan the company’s objectives in using its Olympic sponsorship program to further its interests in different countries, which included generating a list of the highest-business-value invitees. In a number of instances, the plans cited specific projects in countries that the company hoped to develop relationships with key decisionmakers to help facilitate approval.
The SEC also cited the following specific facts as evidence of BHP Billiton’s insufficient internal controls over the Olympic Leverage Program, despite the fact that the invitation application process form was required to be signed by an employee and approved by a company senior executive, and included a description of the anti-bribery provisions of the company’s code of business conduct and instructions to requesting employees to contact senior management in the event employees had questions regarding applicable ethical standards:
- The company did not require independent legal or compliance review of the applications by someone outside the country or business unit requesting an invitation, despite the fact that some employees were told that such review had taken place, and that all applications were subject to review.
- The SEC asserted that some hospitality applications were not accurate or complete, in that they described state-owned enterprise executives as “customers” (which, notably, is not necessarily inaccurate) and not “representative[s] of government”; other applications failed to note that there were negotiations or approvals pending before or directly involving government officials, despite the fact that the application form asked for this information.
- The company failed to provide training on the legal and ethical aspects of the Olympic games hospitality program.
- The company failed to institute a process to update the application forms to capture changes in the relevant information (such as whether invitee was in a governmental or state-owned-enterprise-related position, or whether the official invited became involved in negotiations with the company at a later date).
- As applications were submitted by individual company business units, the company failed to institute a process to ensure that all BHP Billiton dealings with a particular invitee, across business units, were identified and tracked.
The SEC then cited four specific instances in which the control deficiencies listed above resulted in current government officials (and in three instances their spouses) being invited to the Beijing Olympics despite the fact that they were “directly involved with, or in a position to influence” negotiations or other business matters, one each in Burundi, the Philippines, the Democratic Republic of the Congo, and the Republic of Guinea. Although each of these instances noted that the official who was invited to Beijing was an important decisionmaker or relationship holder for BHP Billiton, none alleged that the person in question used his influence to benefit the company in connection with any pending negotiations. Instead, it appears that it was the risk that such a quid pro quo arrangement could develop, and the enumerated controls that SEC specified ought to have been in place but were not, that led to internal controls charges. Similarly, it was the lack of recording on or updating of the hospitality application forms to reflect the fact that a government official invitee was involved in current BHP Billiton business that led to SEC’s books-and-records charges.
Implications: Pushing the Envelope of Accounting Provision Violations
This settlement represents one of the most expansive assertions of the SEC’s authority under the FCPA’s accounting provisions in its enforcement practice to date. While the elements of both books-and-records and internal control violations do not require an underlying anti-bribery provision violation, as noted above, the SEC has typically brought books-and-records and internal controls charges against companies where there has been at least some suggestion of specific improperquid pro quo arrangements in connection with the payments in question. Consequently, the second-guessing of the adequacy of the company’s compliance procedures for BHP Billiton’s hospitality program is stunning: it imposes legal liability, a $25 million civil penalty, and ongoing compliance obligations on a company simply for the failure to address and manage risks in a way the SEC deems adequate. In addition to straying even further from the text of 15 U.S.C. 78m(b)(2)(A) and (B) than the SEC already had, this settlement represents some of the most prescriptive statements regarding specific compliance program practices SEC has made in the FCPA context.
As a result, many companies will understandably be very uneasy about the direction of the SEC’s enforcement program after this settlement and the sufficiency of their efforts to meet it. Very few companies’ compliance programs comprehensively address all anti-corruption risks that a company faces, and most companies’ programs will have process or procedure gaps of which they may or may not be aware. This settlement thus raises the question whether simply the existence of FCPA risks not effectively eliminated by a company’s compliance program – but not necessarily resulting in anti-bribery provision violations either – may nevertheless be subject to enforcement action. Specific to the sponsorship, hospitality and gifts and entertainment area, it also raises the question of whether business entertainment for the purposes of relationship building – a necessary activity in most, if not all businesses – will raise enforcement risks when it nevertheless does not rise to the level of a specific, prohibited quid pro quo arrangement and is not undertaken in connection with other business activities. Companies that engage in event sponsorships for other than purely altruistic reasons may be particularly challenged to manage these “group events” – even those that treat state enterprises and government officials on the same footing as private customers – in a way that meets enforcement expectations. But if significant benefits are involved, then the message from this settlement is clearly that such differential risk management is expected.
As with many SEC resolutions, the settlement documents provide no insight into how the fine was calculated. The settlement also continues a recent trend of the SEC to require post-settlement compliance reporting on the part of the company.
Whether this settlement represents the beginning of a trend, or an isolated occurrence representing a negotiated resolution in connection with difficult facts, remains to be seen. This settlement highlights in particular, however, that companies should consider whether their compliance programs effectively address their most significant risks and review their associated processes and procedures accordingly.