On April 23, 2018, The Dun & Bradstreet Corporation (“Dun & Bradstreet”) reached a $9 million resolution with the U.S. Securities and Exchange Commission (“SEC”) and the U.S. Department of Justice (“DOJ”) over allegations that Dun & Bradstreet violated the U.S. Foreign Corrupt Practices Act (“FCPA”). According to the U.S. government, two Dun & Bradstreet subsidiaries in China made improper payments to Chinese government officials. In its resolution with the SEC, Dun & Bradstreet agreed to pay over $9 million in disgorgement and a civil penalty. The DOJ, however, issued a declination letter to Dun & Bradstreet under the agency’s new FCPA Corporate Enforcement Policy.
The SEC’s order against Dun & Bradstreet alleges that two of the business information provider’s indirect subsidiaries in China made unlawful payments to government officials between 2006 and 2012. A core component of Dun & Bradstreet’s business model, including its credit reporting business, includes access to business data. Both Shanghai Huaxia Dun & Bradstreet Business Information Consulting Co., Limited (“HDBC”) and Shanghai Roadway D&B Marketing Services Co., Ltd. (“Roadway”) paid government officials—including employees of China’s State Administration of Industry and Commerce (“AIC”), other agencies, and state-owned entities—to obtain proprietary data for Dun & Bradstreet’s global commercial database.
In 2006, HDBC was created as a joint venture between Dun & Bradstreet and Huaxia International Credit Consulting Co. Limited (“Huaxia”). Dun & Bradstreet’s due diligence on Huaxia found that the company used government connections to source financial statement information directly from provincial offices of the AIC and other agencies. The SEC determined that Dun & Bradstreet’s due diligence procedures—a short FCPA training session to Huaxia executives and a request to complete an anti-bribery questionnaire and certification—failed to address this red flag. HDBC ultimately made payments to AIC officials, through both Huaxia and third parties, to improperly obtain non-public AIC business data.
In 2009, Dun & Bradstreet acquired 90% of the shares of Roadway, a leading provider of direct marketing services in China. During its pre-acquisition due diligence, Dun & Bradstreet learned that Chinese law imposed criminal sanctions for entities and individuals who illegally obtain citizens’ personal information from Chinese government entities or organizations in certain fields. Dun & Bradstreet knew that Roadway obtained much of its data from third parties, so it would need to ensure Roadway legally obtained, and would continue to legally obtain, such data. In addition, prior to the acquisition, Roadway informed Dun & Bradstreet that it could not certify that no “rebates” were paid in connection with the data sales, because its sales commission structure might incentivize sales representatives to share their commissions with decision-makers to “drum up” business. The SEC alleges that Dun & Bradstreet did not conduct adequate due diligence as to the legality of Roadway-acquired data or sales representatives’ potential improper kickbacks.
On March 15, 2012, a television news program featured a Roadway sales executive stating that Roadway created a database with information on over 150 million Chinese citizens, access to which Roadway sold for marketing purposes. The same day, local police raided the Roadway offices in Shanghai. Dun & Bradstreet suspended and then shut down Roadway’s operations shortly after the raid. Roadway and five employees were subsequently convicted of illegally obtaining private information of Chinese citizens.
Dun & Bradstreet made an initial self-disclosure to the SEC in March 2012. On Monday, the SEC ordered Dun & Bradstreet to pay disgorgement of over $6 million, prejudgment interest of over $1.1 million, and a civil penalty of $2 million. Dun & Bradstreet did not admit or deny the allegations. According to its order, the SEC considered Dun & Bradstreet’s self-disclosure, cooperation, and remedial efforts in reaching the agreement.
The same day, the DOJ issued a letter stating that it declined prosecution consistent with the FCPA Corporate Enforcement Policy. As factors for declination, the DOJ listed Dun & Bradstreet’s identification of the misconduct, prompt voluntary self-disclosure, thorough investigation, full cooperation, compliance enhancements, full remediation, and disgorgement to the SEC. Specifically, Dun & Bradstreet cooperated by identifying all individual bad actors, providing all facts relating to the misconduct, making current and former employees available for interviews, and translating documents into English.
In terms of remediation, Dun & Bradstreet terminated 11 individuals and disciplined other employees by reducing bonuses and salaries, lowering performance reviews, and formally reprimanding them. Notably, the declination letter does not specifically reflect that Dun & Bradstreet “prohibit[ed] employees from using software that generates but does not appropriately retain business records or communications,” such as certain instant messaging and social network applications—an express requirement for remediation under the FCPA Corporate Enforcement Policy. Thus, it is unclear whether, and if so how, Dun & Bradstreet complied with this directive.
The resolution with Dun & Bradstreet represents the third public DOJ FCPA declination under the Trump administration and the first under the DOJ’s new FCPA Corporate Enforcement Policy. One of the open questions for the new administration has been whether it would continue to follow the framework of the DOJ’s FCPA Pilot Program. With the extension of the Pilot Program, the implementation of the FCPA Corporate Enforcement Policy, and the recent declinations involving Linde North America, CDM Smith, and Dun & Bradstreet, it appears likely that the DOJ under the new administration will continue to recognize companies’ efforts at cooperation and self-disclosure.
However, this case also illustrates that even where DOJ declines a matter and the company pays full disgorgement of any ill-gotten gains, the SEC may still impose a civil penalty. Based upon the resolution materials, key to the SEC’s decision was the failure of Dun & Bradstreet to recognize and address red flags identified as part of pre-acquisition due diligence, as well as its failure to conduct adequate post-acquisition diligence and remediate the improper payments over the course of several years.