On April 20, 2022, the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) separately announced that Stericycle Inc. (Stericycle), an international waste management company headquartered in Lake Forest, Illinois, has agreed to pay more than $84 million to resolve parallel investigations by authorities in the United States and Brazil. The investigation is related to the bribery of foreign officials across several countries in Latin America.

According to the DOJ press release announcing the resolution, “between 2011 and 2016, Stericycle caused hundreds of bribe payments” amounting to over $10.5 million “to be made to officials at government agencies and instrumentalities in Brazil, Mexico, and Argentina.” Bribes were made to obtain and retain business and other advantages in connection with Stericycle’s waste management business. In executing this scheme, an executive at Stericycle’s Latin America division directed employees in the company’s offices in Brazil, Mexico, and Argentina to pay bribes (typically in cash) that were calculated as a percentage of the underlying contract payments owed to Stericycle from government customers. In all three countries, the co-conspirators tracked bribe payments through detailed spreadsheets. Stericycle ultimately earned at least $21.5 million in profits from the scheme.

Stericycle entered into a three-year deferred prosecution agreement (DPA) with the DOJ in connection with the filing of a criminal information, charging the company with two counts of conspiracy to violate the anti-bribery provision of the Foreign Corrupt Practices Act (FCPA), and the FCPA’s books and records provision. Pursuant to the DPA, Stericycle’s criminal penalty is $52.5 million. Stericycle similarly consented to the SEC’s cease-and-desist order that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA. It agreed to pay the SEC approximately $28.2 million in disgorgement and prejudgment interest.

The SEC indicated in its order that an aggravating factor in this case was that Stericycle lacked proper controls and compliance policies as its business expanded in size and scope. “Despite risks inherent in its business, Stericycle lacked sufficient internal accounting controls with respect to its international business in Latin America. As Stericycle grew in Latin America through acquisition, the accounting processes and systems remained mostly decentralized with neither uniformity nor proper oversight, resulting in internal control deficiencies. Additionally, Stericycle had no centralized compliance department and failed to implement its FCPA policies or procedures prior to 2016.” While DOJ did credit Stericycle for its cooperation and the remedial measures taken thus far, the agency stated that the company failed to disclose all pervasive misconduct in a voluntary and timely manner.

As part of these settlements, Stericycle must undertake several forward-looking actions, including continued enhancement to its compliance program, which must be based on an anti-corruption risk assessment and include processes for an effective audit program. Stericycle must also retain an independent corporate monitor for two years followed by one year of self-reporting.

This case demonstrates the need for companies to have in place a robust compliance program that can address both domestic and cross-border bribery schemes. Companies must take adequate steps to properly evaluate this risk, including training employees at every level of the organization on how to conduct due diligence and to detect red flags. In addition, companies must implement sufficient accounting controls to ensure that their books and records accurately reflect their transactions. Most importantly, companies must maintain a culture of compliance that encourages the reporting, escalation and investigation of improper conduct.