Enforcement actions by criminal and supervisory authorities are settled regularly. In light of these developments, companies are advised to take appropriate measures. This month we highlight some notable settlements that were reached in the US in September and October. The Securities Exchange Commission (SEC) announced four settlements with companies who were accused of violating the “books and records” provisions of the FCPA. The SEC also settled with Grant Thornton for allegedly violating auditor independence rules. JP Morgan and five other corporations entered into settlements with the SEC in connection with alleged violations of short-selling provisions. Investment advisor R.T. Jones settled with the SEC after having been accused of violating rules on the protection of customer information and records. The Department of Justice settled with Boeing after allegations of false declarations in a project for the U.S. Air Force. Last but not least we highlight a remarkable settlement: French bank Crédit Agricole settled with several supervisory authorities for a total amount of USD 787.3 million after multiple violations of US sanctions law had surfaced.

Bristol-Myers Squibb pays over USD 14 million to resolve China FCPA offences

The SEC announced that Bristol-Myers Squibb, a pharmaceutical company based in New York, agreed to return USD 11.9 million in profits plus interest, and to pay USD 2.75 million in civil penalties in connection with defective record keeping by its Chinese joint venture. BMS also agreed to report to the SEC for a period of two years on the status of the FCPA compliance measures it is taking.

According to the SEC, BMS violated the FCPA books and records provisions. BMS China allegedly bribed Chinese healthcare providers between 2009 and 2014 to ensure and expand its business. BMS’ joint venture recorded the bribes as legitimate business expenditure and falsified invoices.

As we have seen before in cases involving violations of the books and records provisions, a violation of one enterprise may lead to a violation by a related entity. Since the inaccurate recordings of BMS China were consolidated into the books of BMS, the latter’s books were also not in accordance with the books and records provisions of the FCPA.

Apart from the violations of the books and records provisions, the SEC criticised BMS for not having responded adequately to red flags, such as claims raised by former employees of BMS China about the company’s practice of paying bribes and deliberately falsifying books and records between 2009 and 2014. The SEC also stated that BMS failed to properly respond to clear indications of bribery emerging from several annual audits. According to the Chief of the SEC’s FCPA Unit, the lack of internal controls at BMS enabled the practice of corruption in its Chinese subsidiary.

Home Loan Servicing Solutions Ltd. settles SEC allegations of violating FCPA books and records provisions

Home Loan Servicing Solutions Ltd. was charged by the SEC for violating disclosure provisions and FCPA books and records provisions. Between 2012 and 2014, HLSS misstated its handling of transactions with related parties as well as its net income.

According to the SEC, HLSS misstated its handling of transactions with related parties as the Chairman of HLSS was also the chairman of a related party. To avoid the risk of conflicted interests, the Chairman was obliged to recuse himself from transactions with that specific partner. However, the SEC found that HLSS had no clear policy on recusals of related-party transactions nor a procedural framework to enforce those rules, and that the Chairman had been able to approve a score of transactions between HLSS and the specific partner.

HLSS was also accused of misstating its net income, because it did not use the valuation methodology in compliance with the General Accepted Accounting Principles. Because HLSS was not able to detect and subsequently remedy or adjust these practices, the SEC accused the company of having created a “lax internal controls environment”. HLSS paid a USD 1.5 million penalty to settle the charges.

SEC charges two Grant Thornton firms with auditor independence violations

Grant Thornton India LLP and Grant Thornton Audit Pty Limited were charged by the SEC with violations of provisions that ensure the principle of auditor independence. Two partners of the Mauritian entity of Grant Thornton were also board members of companies that were clients of Grant Thornton Audit and Grant Thornton India. The partners were authorised to represent the companies, and they performed non-audit services such as controlling bank accounts. According to the SEC this is contrary to the principle that external auditors, in relation to their clients, should uphold a position of independence both in fact as well as in appearance.

Additionally, the SEC found that both Grant Thornton India as well as Grant Thornton Audit did not have an adequate control system in place since the violations were only detected months or even years after their occurrence. Both companies had failed to implement and adhere to the procedural framework for compliance as offered by Grant Thornton International.

Grant Thornton India resolved the allegations by agreeing to pay a penalty of USD 50,000 and roughly USD 137,000 for disgorgement and prejudgment interest. Grant Thornton Audit agreed to pay a penalty of USD 75,000 and approximately USD 100,000 for disgorgement and prejudgment interest.

Hyperdynamics announces settlement with the SEC

On 29 September 2015, Hyperdynamics Corp., a company in the oil and gas industry, agreed to settle allegations by the SEC that the company had violated the FCPA’s books and records provisions. Hyperdynamics had allegedly paid over USD 130,000 through its Guinean subsidiary for “public relations and lobbying services” to two Guinean companies controlled by a Hyperdynamics subsidiary employee. The SEC stated that there was no evidence that the funds acquired by the two Guinean companies did in fact spend the money on public relations and lobbying, even though Hyperdynamics’ books and records (which included the books and records of its Guinean subsidiary) did record these expenses as such. The SEC accused Hyperdynamics of not having adequate internal accounting controls in place. Hyperdynamics resolved the allegations by paying a penalty of USD 75,000. In determining the fine, the SEC took into account that Hyperdynamics had hired an in-house lawyer who put procedures in place to keep expenditure in check.

Short-selling – JP Morgan Chase and Omega advisors sanctioned

On 14 October 2015, the SEC issued a press release stating that it had settled with six entities for allegedly violating Rule 105 of Regulation M of the Exchange Act. This Rule prohibits short-selling stock within five business days of participating in an offering for that same stock. The six entities that were charged by the SEC agreed to pay over USD 2.5 million in fines. In addition to issuing fines, the SEC imposed a one-year ban on War Chest Capital Partners LLC for participating in secondary offerings. War Chest Capital Partners LLC had refused to cooperate with the SEC in an earlier enforcement sweep in 2013. The SEC has a zero-tolerance policy for violations of Rule 105, and it has taken action against every violation that has come to its attention. The six entities that settled with the SEC and the amounts for which the entities settled are included in the table below.

Click here to view table.

Boeing settles for allegations of violating the False Claims Act

The U.S. Department of Justice announced that The Boeing Company had agreed to settle allegations under the False Claims Act. Boeing allegedly submitted false claims to the United States Air Force for repair and maintenance work on one of its aircrafts. The allegations that were brought forward by a former employee of Boeing, accused Boeing of knowingly overcharging the US government for work performed on the aircraft. According to the DOJ, the US government was billed for extended breaks and lunch hours of Boeing’s mechanics and not for work chargeable to the contracts. To settle these allegations, Boeing agreed to pay a sum of USD 18 million. The share that the whistleblower will receive has not yet been determined.

Hitachi settles regarding FCPA books and records violations

Japanese company Hitachi settled SEC charges for inaccurately recording payments to the ruling political party in South Africa, the ANC. The SEC alleged that Hitachi had channelled money through its subsidiary to the ANC. According to the SEC, Hitachi sold 25% of its stake in a South African subsidiary to an ANC-controlled entity, Chancellor House Holdings. As a result, Hitachi was awarded with two contracts to build power stations, and Chancellor House was paid over USD 6 million by Hitachi for “dividends” and undisclosed “success fees”. Hitachi’s books and records were considered inaccurate and false because the money channelled to Chancellor House had been recorded as consulting fees. The SEC accused Hitachi of trying to influence the decision-making on government contracts through its ties with Chancellor House. Hitachi agreed to pay USD 19 million to settle the charges. The settlement is subject to court approval.

R.T. Jones sanctioned for failing to adopt policies and procedures to protect customer records and information

The SEC announced that investment advisor R.T. Jones (R.T. Jones) had agreed to pay USD 75,000 to settle charges of alleged violation of Rule 30(a) of Regulation S-P under the Securities Act of 1933 (Rule 30(a)).

Rule 30(a) requires registered investment advisors to have written policies and procedures which protect customer records and information. R.T. Jones did not have cybersecurity policies and procedures in place for almost four years and failed to conduct periodic risk assessments, install a firewall, encrypt customer data or maintain a response plan for possible attacks, while it stored sensitive information of clients and others on a third party-hosted web server. This server was attacked in July 2013, exposing the information of more than 100,000 individuals to theft. R.T. Jones retained multiple cybersecurity consulting firms to determine the scope of the cyber attack and notified all individuals of the attack, while offering them free identity theft monitoring.

So far, there have not been any indications of financial damage that individuals suffered as a result of the cyber attack. However, the Co-Chief of SEC’s Enforcement Division’s Asset Management Unit stated that it is important to enforce Rule 30(a) even “when there is no apparent financial harm to clients.”

Crédit Agricole pays USD 787.3 million for violations of US sanctions law

The DOJ announced on 20 October 2015 that the French Crédit Agricole Corporate and Investment Bank had entered into several settlement agreements totalling USD 787.3 million, in connection with alleged violations of the International Emergency Economic Powers Act and the Trading with the Enemy Act between 2003 and 2008. CACIB also entered into a deferred prosecution agreement with the U.S. Attorney’s Office for the District of Columbia. In addition to the monetary penalties, CACIB agreed to a cease and desist order and to take remedial steps to ensure compliance with US law, such as hiring a compliance consultant for a year.

Between August 2003 and September 2008, CACIB subsidiaries in Geneva allegedly channelled approximately USD 312 million through the US financial system on behalf of sanctioned entities in Sudan, Myanmar, Iran and Cuba. The deceptive practices of the CACIB subsidiaries concealed that the banks involved were designated as Specially Designated Nationals under the sanctions regime. US financial institutions could therefore not detect and reject the sanctioned payments. CACIB acknowledged that its compliance personnel was aware of the US sanctions against Sudan and the fact that the sanctions included a prohibition on the payments that CACIB engaged in.