DRAFT VERSION Table of Contents Recent Trends and Patterns in FCPA Enforcement i Enforcement Actions and Strategies 2 Statistics 2 Geography & Industries 10 Types of Settlements 11 Elements of Settlements 11 Case Developments 13 Perennial Statutory Issues 15 Jurisdiction 15 Books & Records Liability without Bribes 16 Successor Liability 16 Modes of Payment 17 Compliance Guidance 18 FCPA Corporate Enforcement Policy 18 Third-Party Due Diligence 20 Unusual Developments 21 Trump’s Impact on FCPA Enforcement 21 Limits on SEC’s Pursuit of Disgorgement and Declaratory Relief: Kokesh v. SEC 23 Confidentiality of Privileged Investigative Materials and Compliance Monitor Reports 24 Continued Cooperation between U.S. and Foreign Regulators 25 Private Litigation 27 Enforcement in the United Kingdom 28 SFO – English High Court Clarifies Extent of Litigation Privilege in Internal Investigations 28 SFO Update – Third and Fourth UK DPAs Approved 28 UK Government – New Plans for Tackling Economic Crime 30 SFO – Investigations, Charges and Convictions 31 Conclusion 32 Recent Trends and Patterns in FCPA Enforcement 1 The past year was both the fortieth year of enforcement of the FCPA and the twentieth anniversary of the internationalization of the FCPA through the OECD Convention. After a banner year in 2016 that included a record twenty-seven corporate enforcement actions, the two U.S. enforcement agencies, the DOJ and the SEC, continued this momentum over the course of the first three weeks of 2017. During this short span, the agencies brought six corporate enforcement actions and charges against six individuals. Following this spurt, however, there were no corporate FCPA enforcement actions until the declination with disgorgement in Linde announced on June 16, which was subsequently followed by the declination with disgorgement in CDM Smith announced thirteen days later on June 29. Though the rest of the year saw a handful of small enforcement actions and three significant enforcement actions—including one of the largest FCPA penalties in Telia—enforcement activity was overall much lower than in 2016. Furthermore, the Supreme Court’s decision in Kokesh and the DOJ’s announcement of its new FCPA corporate enforcement policy both have the potential to impact both the level of FCPA enforcement activity and the form that such enforcement actions will take moving forward. Nonetheless, thanks largely to the Telia enforcement action, the 2017 FCPA enforcement actions still netted the second-highest total penalties of any year in the forty-year existence of the FCPA. As we explain in this year-end Trends & Patterns, among the highlights from 2017 were: Thirteen corporate enforcement actions—six of which were announced prior to January 20—with total sanctions of approximately $1.95 billion, makes 2017 a significantly less active year in FCPA enforcement than 2016, but the total sanctions assessed still represent the second-highest of any year in the history of the FCPA; The substantial penalties in the Telia and Keppel enforcement actions, and to a lesser extent in the SBM Offshore and Rolls-Royce enforcement actions, have distorted the average corporate sanctions for 2017, with none of the other nine enforcement actions involving a total penalty higher than $30.5 million; Nearly half of the 2017 FCPA enforcement actions involved Latin America, while only one involved China—a sharp drop from the fifteen 2016 FCPA enforcement actions that involved China; The Rolls-Royce corporate and individual enforcement actions offer an interesting case study in the variety of jurisdictional hooks the DOJ has at its disposal, and how it often pushes the boundary of what should be permissible; The Supreme Court’s decision in Kokesh has the potential to dramatically alter the way that the SEC brings FCPA enforcement actions, and comments from SEC officials suggest that the Commission has already begun to alter its approach in wake of this decision; Two of the year’s enforcement actions have arisen out of breached DPAs, a phenomenon that we may see more of given the large number of DPAs that have been entered into since FCPA enforcement actions significantly increased in the late 2000s; In November 2017, the DOJ announced that a revised version of the FCPA Pilot Program would be made permanent policy which, among other changes, will now offer a presumption of declination for companies that voluntarily disclose foreign bribery violations and subsequently cooperate, a significant variance from DOJ’s policy with respect to violations by corporations of other statutes; and One year into the Trump administration, it is clear that active enforcement of the FCPA will continue, albeit with some changes in the exercise of prosecutorial discretion at both the DOJ and the SEC. Recent Trends and Patterns in FCPA Enforcement 2 Enforcement Actions and Strategies Statistics In 2017, the DOJ and SEC resolved thirteen1 corporate enforcement actions: Mondelez, Biomet, SQM, Rolls-Royce, Orthofix, Las Vegas Sands, Linde, CDM Smith, Halliburton, Telia, Alere, SBM, and Keppel. In past years, the DOJ has exhibited a degree of restraint, apparently deferring to the SEC to bring civil enforcement cases in the less egregious matters, which has resulted in the SEC bringing a large number of enforcement actions, without parallel DOJ actions, albeit typically with lower penalty amounts. In 2017, however, the DOJ was slightly more active than the SEC, initiating charges in nine of the thirteen FCPA enforcement actions—six of which were brought only by the DOJ.2 For its part, the SEC was responsible for seven of the thirteen FCPA enforcement actions from 2017 and independently brought charges in four of those cases. Separately, the DOJ and SEC brought or unsealed FCPA-related charges against twenty-two individuals in 2017 (Hernandez-Comerma, Beech, Bahn, Sang, Harris, Woo, Cohen, Baros, Lorenz, Ardila-Rueda, Baptiste, Contoguris, 3 Finley, Kohler, Zuurhout, Barnett, Mace, Zubiate, Ho, Gadio, Steven, and Chow. We discuss the 2017 corporate enforcement actions followed by the individual enforcement actions in greater detail below. Corporate Enforcement Actions The 2017 corporate FCPA enforcement actions, while encompassing a variety of alleged bribery schemes, in many ways mirror schemes that have been the subject of past enforcement actions. The most significant were Telia, Keppel, SBM, and Rolls-Royce because of the size of the associated sanctions as well as the breadth of the alleged bribery schemes. In many ways, the case of Telia mirrors the VimpelCom enforcement action from February 2016. The DOJ charged Telia and its Uzbek subsidiary, Coscom, with conspiring to violate the anti-bribery provisions of the FCPA by offering and paying at least $330 million in bribes to a shell company in Uzbekistan under the guise of payments for lobbying and consulting services that never actually occurred, while the SEC alleged that Telia violated the anti-bribery and internal accounting controls provisions of the FCPA through the same conduct. Telia’s subsidiary Coscom pleaded guilty in U.S. District Court for the Southern District of New York; meanwhile, Telia entered into a three-year deferred prosecution agreement with the DOJ, and the SEC instituted settled administrative proceedings against the company. In aggregate, Telia agreed to pay criminal penalties of approximately $548 million to resolve the DOJ charges and related charges filed by the Public Prosecution Service of the Netherlands, and agreed to pay approximately $457 million in disgorgement to settle the SEC allegations. Because of certain offsets, Telia’s total payments to the DOJ, SEC, and foreign regulators will be approximately $965 1 This count includes public declinations issued by the DOJ under the FCPA Pilot Program. 2 This excludes the Las Vegas Sands enforcement action, which mirrored the SEC enforcement action brought against the same company in 2016. 3 The cases of Contoguris, Finley, Kohler, Zuurhout, and Barnett are outgrowths of the corporate enforcement action against Rolls-Royce. For purposes of this note, in particular the geographic distribution of enforcement actions, these are treated together with the Rolls-Royce enforcement action. Recent Trends and Patterns in FCPA Enforcement 3 million. However, Telia was not required to engage a compliance monitor in light of its demonstration to the government’s satisfaction of having implemented an effective and remedial anti-corruption compliance program. In December 2017, the DOJ announced that Keppel Offshore & Marine Ltd. (“KOM”), a Singapore-based company that operates shipyards and repairs and upgrades shipping vessels, agreed to pay a total criminal penalty of $422.2 million to resolve allegations of a decade-long scheme to pay millions of dollars in bribes to officials in Brazil. KOM’s subsidiary, Keppel Offshore & Marine USA Inc., pleaded guilty in U.S. District Court for the Eastern District of New York; meanwhile, Keppel entered into a deferred prosecution agreement with the DOJ. The case is the latest example of U.S. regulators sharing the proceeds of an FCPA settlement with countries where the bribery took place or where the defendant company is located. Of the $422.2 million total criminal penalty, KOM will pay approximately $105.5 million to the U.S., $105.5 million to Singapore, and $211.1 million to Brazil. In SBM, the DOJ announced in November 2017 that SBM Offshore, a Dutch oil services company, agreed to pay a $238 million sanction as a result of alleged bribery schemes spanning five countries that allegedly netted the company contracts valued at $2.8 billion. Specifically, according to the authorities, SBM conspired to violate the FCPA by allegedly making more than $180 million in payments to intermediaries in Brazil, Angola, Equatorial Guinea, Kazakhstan and Iraq, with the knowledge that a portion of those payments would be used to bribe foreign officials. The settlements are interesting given the backdrop that three years ago, SBM settled charges with the Dutch Public Prosecutor’s Service (Openbaar Ministrie, or “OM”) over related conduct, and paid the Netherlands $200 million in disgorged profits and a $40 million fine. Although the geographic and temporal scope of the conduct covered by SBM’s settlement with the DOJ is broader than the conduct covered by its 2014 settlement with the OM—which covered improper payments in Equatorial Guinea, Angola, and Brazil from 2007-2011—this could be viewed as piling on by the DOJ. In Rolls-Royce, the DOJ, the SFO, and Brazilian regulators alleged that Rolls-Royce engaged in a wide-spread bribery scheme that spanned multiple continents and decades. In January 2017, the enforcement agencies announced that Rolls-Royce had agreed to pay a total global sanction of $800 million, divided between a $170 million criminal penalty for the DOJ, a £497 million criminal penalty to the SFO, and $25.5 million to the Brazilian regulator. The DOJ credited Rolls-Royce with its payment to Brazilian regulators, as the conduct underlying that resolution overlapped with the conduct underlying part of the company’s resolution with the DOJ. We therefore have included this $25.5 million in our annual totals calculation, and treat the enforcement action as constituting a $195.5 criminal penalty. However, as the DPA contains no set-off for the amount paid by the company pursuant to its resolution with the SFO, and because that resolution covered conduct in different countries than the DOJ’s resolution with the exception of Thailand, we have not included the £497 million amount in the annual totals. In SQM, the other significant FCPA enforcement action in the first half of 2017, the DOJ and the SEC accused the Chilean mining company of failing to oversee a discretionary spending account through which SQM’s former CEO had allegedly made $14.75 million in payments to Chilean politicians, candidates, and individuals, companies, and charities connected thereto. Notably, neither the DOJ nor the SEC alleged that these payments were bribes but described them as “improper” because they had not been properly documented and, in some instances, violated Chilean tax or campaign financing limits. Specifically, the DOJ and the SEC highlighted two primary ways the CEO made “improper” payments: (i) payments to third-party vendors associated with foreign officials for nonexistent services or based on fraudulent contracts; and (ii) donations to foundations supported by foreign officials. Although these facts clearly raised books-and-records and internal controls issues—which are the offenses charged by the agencies—neither agency cited facts to demonstrate the payments were corrupt as opposed to a waste of corporate assets by the former CEO. The DOJ and the SEC levied a total combined penalty of approximately $30.5 million and imposed a two-year corporate compliance monitor. In other contexts we have questioned the merits of the SQM enforcement action, noting the lack of allegations of bribery, the existence of public and apparently credible investigations by the Chilean authorities, the lack of any U.S. nexus other than that the company was an issuer, the company’s remediation upon discovering the payments—including firing its long-term CEO, and other factors that would seem to have counseled against action by the enforcement agencies. What is particularly notable in this case apart from those issues is the decision by the DOJ to proceed on a criminal books-and-records/internal controls theory, a decision that implicitly acknowledges the lack of a U.S. nexus of the payments and which the DOJ rarely charges in the absence of chargeable bribery offenses. While the SEC’s decision to charge is consistent with its declared view that any inaccuracy in a company’s books and records is a potential harm to investors (albeit debatable in this case), it is not clear why a criminal enforcement action was justified in this case. Nevertheless, SQM stands as an example that any payments to officials without a well-documented and transparent purpose pose a risk of DOJ enforcement, which perhaps was the message the DOJ meant to send. Recent Trends and Patterns in FCPA Enforcement 4 This past year saw an unprecedented three instances of companies allegedly breaching or otherwise failing to satisfy the requirements of a DPA, with varying consequences for each of the three companies: Biomet originally faced FCPA charges from the DOJ and the SEC in March 2012, when it entered into a deferred prosecution agreement with the DOJ and agreed to retain an independent compliance monitor for three years. In 2013, however, Biomet learned about additional potential anti-bribery violations in Brazil and Mexico and notified the monitor. According to the DOJ, Biomet “knowingly and willfully continued to use a third-party distributor in Brazil known to have paid bribes to government officials on Biomet’s behalf,” even after entering into its 2012 DPA. The DOJ and the SEC alleged that Biomet also failed to implement an adequate system of internal accounting controls at a subsidiary in Mexico, which allegedly permitted the subsidiary to bribe Mexican customs officials. In addition to the total penalty of $30.5 million, Biomet once again agreed to a three-year independent compliance monitor in a new DPA entered into January 2017. The backdrop of Orthofix is similar, if less egregious. In 2012, the both the DOJ and the SEC entered into a settlement with Orthofix alleging that the company had violated the books and records and internal controls provisions of the FCPA through conduct that took place at a Mexican subsidiary. According to the SEC, the medical device company violated a 2012 injunction entered as part of that settlement by concealing its business dealings with various third-party distributors who funneled improper payments to doctors at state-owned hospitals in Brazil. Interestingly, the DOJ declined to bring charges for Orthofix’s conduct, and on the surface there does not appear to be any reason why the DOJ would not also enter into a second DPA with Orthofix as it did so with Biomet. Orthofix agreed to pay approximately $6.1 million to settle the enforcement action brought by the SEC. Although it did not result in further financial sanctions, in April 2017 Bilfinger disclosed that the DOJ had extended its 2013 DPA with the company. According to an April 2017 statement by the company, while “U.S. authorities believe we are taking the right steps regarding compliance . . . the maturity of the compliance system has not yet reached the desired level.” The remaining enforcement actions from 2017 were smaller: In Halliburton, the SEC alleged that Halliburton violated the books and records and internal accounting controls provisions of the FCPA by utilizing a local Angolan company to obtain business from the Angolan state oil company. Halliburton agreed to pay approximately $29.2 million to settle SEC charges stemming from the long-running investigation which commenced in 2011. In Mondelez, which will be discussed below in more detail, the SEC alleged that an acquired subsidiary, Cadbury, failed to monitor an agent’s activities in India and failed to accurately record the expenditures in its books and records. Specifically, Cadbury’s operations in India retained an agent with a “marble and tile” business to assist the company with obtaining licenses and approvals for the opening of a new plant. The company allegedly conducted no due diligence into the agent and had no visibility into how the individual used the money that he was paid. Notably, the SEC did not make any allegations in the settlement order that the funds paid to the third-party agent were actually used to pay bribes to any foreign official and charged Mondelez with violations only of the books-and-records and internal controls provisions. It is not clear whether the DOJ has declined to bring charges or whether it is still pursuing its investigation into this matter. Mondelez agreed to pay $13 million to settle the enforcement action brought by the SEC. Recent Trends and Patterns in FCPA Enforcement 5 In Las Vegas Sands, the DOJ alleged that the Las Vegas-based casino and resort company violated the FCPA’s books-and-records and internal controls provisions by making improper payments aimed at promoting the company’s casinos in Macau within mainland China. The allegations substantially overlapped with those underlying the company’s settlement with the SEC in 2016. Las Vegas Sands agreed to pay $6.96 million as part of a nonprosecution agreement entered into by the company. In Alere, the SEC alleged that the medical diagnostic equipment manufacturer violated the FCPA’s books-andrecords and internal controls provisions by making improper payments to foreign officials in Colombia and India. Alere’s settlement also involved allegations of accounting fraud to meet revenue targets. Alere agreed to pay approximately $13 million to settle the SEC charges. The DOJ also issued two public declinations with disgorgement in 2017, continuing the use of the novel settlement device created in 2016 in conjunction with the FCPA Pilot Program: In Linde, the DOJ declined to bring charges against Linde North America Inc. and Linde Gas North America LLC, both subsidiaries of the German manufacturer and supplier of industrial gases Linde Group, but required disgorgement of approximately $7.8 million and forfeiture of approximately $3.4 million, for a total penalty of approximately $11.2 million. The DOJ found that the Linde subsidiaries made corrupt payments to high-level officials at the National High Technology Center of the Republic of Georgia. In CDM Smith, the DOJ declined to bring charges against the engineering and construction firm, but required disgorgement of the $4 million in profits that the company allegedly obtained as a result of the conduct in question. The DOJ alleged that employees and agents of both CDM Smith and a wholly owned subsidiary in India paid over $1 million in bribes to government officials in exchange for various transportation infrastructure contracts. CDM Smith was also sanctioned on June 29, 2017 by the World Bank in the form of a conditional non-debarment, for failing to disclose that it was utilizing a subcontractor for a project in Vietnam. Upshot As mentioned above, the 2017 FCPA corporate enforcement actions netted sanctions totaling approximately $1.96 billion—significantly lower than the $6 billion netted in 2016, but nonetheless the second-highest total since the FCPA’s enactment in 1977.4 Although the majority of the 2017 corporate FCPA enforcement actions are small-to-medium value cases, the large settlements obtained in Telia, Keppel, SBM, and Rolls-Royce skewed the sanction total upwards. Indeed, these three cases make up approximately 92.6% of the total sanctions assessed in the 2017 FCPA enforcement actions. 4 The “outliers” included in the “Total Criminal and Civil Fines Imposed on Corporations: 2002-2016” are as follows: Siemens (2008); KBR (2009); BAE, Snamprogetti, and Technip (2010); JGC (2011); Alstom (2014); Odebrecht/Braskem, Teva, VimpelCom, Och-Ziff, JP Morgan, Embraer (2016); Telia (2017). Recent Trends and Patterns in FCPA Enforcement 6 As was the case with several of the most significant enforcement actions in 2016, a substantial portion of the $1.96 billion in sanctions will be paid to foreign governments rather than the U.S. Treasury. As part of Telia’s settlement with the DOJ and SEC, the company will receive credit for certain payments that may be made to Swedish and Dutch regulators. Specifically, the DOJ agreed to credit the $274 million criminal penalty paid to the Dutch prosecutor, and the SEC agreed to credit any disgorged profits that Telia pays to Swedish or Dutch regulators, up to half of the total SEC sanction. In addition, approximately $25.5 million of the $195.5 million criminal penalty levied against Rolls-Royce was paid to Brazil as part of a leniency agreement. Finally, of the $422.2 million total criminal penalty assessed against KOM, the company will pay approximately $105.5 million to the U.S., $105.5 million to Singapore, and $211.1 million to Brazil. These cases continue a trend seen in recent years of significant portions of FCPA penalties being paid to the treasuries of countries that brought parallel or related prosecutions, often including the home countries of the defendant company (but not necessarily the country whose officials were bribed). Thus, for 2017, while the pure average penalty is $151.2 million and the average penalty excluding any outliers5 is $83.3 million, the median penalty is $29.2 million. This is an unusually high average penalty excluding outliers, which is typically lower than or very similar to the median penalty. Indeed, the 2016 FCPA enforcement actions were much more typical of an FCPA enforcement year, with a pure average penalty of $223.4 million, an average penalty excluding outliers of $13.2 million, and a median penalty of $14.4 million. As can be seen in the chart below, the average penalty excluding outliers for 2017 is the highest for an enforcement year in recent memory, and is itself a bit of an outlier. Therefore, as has been the case year after year, the 2017 median is the most representative of the actual size of 2017 corporate penalties and reflects a general trend that FCPA enforcement actions generally range between $10 million and $30 million (excluding the median from 2014, which is an outlier given the low number of enforcement actions in that year). Indeed, setting aside Telia, Keppel, SBM, and Rolls-Royce, the average sanction for 2017 is $16 million. It remains to be seen whether the pace will rebound to the 2016 levels or continue to be relatively slower. There continue to be some large cases in the pipeline that have not yet been resolved, and DOJ and SEC officials have continued to make public statements to the effect that they have an active docket of other cases and have substantially increased the investigative and prosecutorial resources 5 For purposes of our statistics, the “average excluding outliers” refers to the pure average sanction excluding any outliers as calculated using the Tukey Fences model, which utilizes interquartile ranges. Recent Trends and Patterns in FCPA Enforcement 7 dedicated to FCPA enforcement. Furthermore, the DOJ’s new FCPA corporate enforcement policy, discussed in more detail below, is designed to both to encourage and reward companies for making voluntary disclosures and to streamline the resolution process. Individual Enforcement Actions On the individual side of the 2017 FCPA enforcement year, the defendants have been a mix of individuals serving varying roles in multiple alleged bribery schemes. Of the twenty-two different defendants, the DOJ brought charges against eighteen as part of eight separate enforcement actions: (i) Hernandez, Beech, and Ardila; (ii) Bahn, Ban, Harris, and Woo; (iii) Baptiste; (iv) Contoguris, Finley, Kohler, Zuurhout, and Barnett; (v) Mace and Zubiate; (vi) Ho and Gadio; (vii) Steven; and (viii) Chow. The SEC separately brought charges against three individual defendants in two separate enforcement actions: (i) Cohen and Baros; and (ii) Lorenz. As discussed below, these cases include a mix of executives, corporate managers, and middlemen/fixers. We note that, for the most part, the DOJ charges against individuals were separate from its corporate enforcement actions. Indeed, the only newly filed or unsealed corporate enforcement actions that spawned charges against individuals were the Rolls-Royce and SBM cases.6 That may be because of jurisdictional or evidentiary issues and the differing incentives to settle between corporations and individuals. On the other hand, it may be merely a timing issue, as the DOJ has in the past obtained indictments under seal and only announced the charges after an arrest or extradition request was filed. With the advent of the expanded FCPA Corporate Enforcement Policy (see below), it will be interesting to see whether the percentage of corporate enforcement actions that spawn charges against individuals will increase, given the emphasis, consistent with the Yates memo, on companies earning a declination by, in part, providing information against culpable employees. On the SEC side, Steven Peikin, the newly-appointed co-Director of the SEC’s Enforcement Division, has also highlighted the SEC’s focus on bringing enforcement actions against individual company officials. In particular, he described individual liability as a core principle of FCPA enforcement, calling it a more effective deterrent than corporate liability alone. These statements mirror the justification put forth by the DOJ for the new FCPA Corporate Enforcement Policy. While Mr. Peikin noted that it is especially challenging to hold individuals accountable under the FCPA because the officers in question are often foreign citizens with limited U.S.-based assets, the co-Director confirmed that the SEC will continue to prioritize partnerships with other national regulators as part of the SEC’s enforcement efforts in targeting assets held outside the United States for disgorgement. Executives As we discussed in last year’s Trends & Patterns, 2016 was notable for the number of C-suite executives that were the subject of FCPArelated charges, with ten such individuals—in the cases of Cueto, Frost, Ping, Och, Frank, Ng, Ray, Ramnarine, Perez, and Zimmer— being charged. Although the 2017 individual FCPA charges targeted a number of executives, there are only two C-suite executives among the ranks, with one of those individuals being the CEO of a third-party, rather than at the actual corporate entity that was subject 6 The Cohen and Baros enforcement actions arose out of the Och-Ziff enforcement action from 2016, while the Steven enforcement action arose out of the Embraer enforcement action from 2016. Recent Trends and Patterns in FCPA Enforcement 8 to an enforcement action. This can be seen as the latest example of the DOJ’s and SEC’s struggles to hold the highest-ranking executives accountable for alleged FCPA violations. The two C-suite executives charged were Mace, the CEO of SBM Offshore, and Contoguris, the founder and CEO of one of the intermediaries involved in the Rolls-Royce bribery scheme. In Mace, the former CEO of SBM Offshore was accused of authorizing payments in furtherance of bribery schemes entered into by other SBM Offshore employees and of deliberately avoiding learning that those payments were bribes. It is worth noting that the relevant conduct primarily occurred prior to Mace becoming CEO of the company, and therefore doesn’t represent the type of marquee C-suite guilty plea that the agencies seek to secure as part of significant corporate enforcement actions. In November 2017, Mace pleaded guilty to conspiracy to violate the FCPA. In Contoguris, the founder and chief executive officer of Gravitas, an intermediary involved in the Rolls-Royce bribery scheme, was accused of paying bribes to various individuals in order to help Rolls-Royce and secure and maintain contracts with a Central Asian gas pipeline joint venture project. After securing the contracts, Rolls-Royce’s U.S. subsidiary allegedly paid Contoguris a percentage of the payments it received from the joint venture, which Contoguris in turn allegedly divided with a foreign official and other co-conspirators. Contoguris was charged with one count of conspiracy to violate the FCPA, one count of conspiracy to launder money, seven counts of violating the FCPA, and ten counts of money laundering. The case is currently ongoing. The government has, however, gone after lower executives in a number of cases, including in the Och-Ziff, Embraer, Rolls-Royce, and SBM cases. The SEC cases of Cohen and Baros arose out of the 2016 corporate enforcement action against Och-Ziff. Two other executives from Och-Ziff—CEO Daniel Och and CFO Joel Frank—previously settled charges against them, but Cohen and Baros are currently contesting the charges against them. The SEC’s complaint alleges that Cohen, who headed Och-Ziff’s European office, and Baros, an investment executive on Africa-related deals, were the masterminds behind the alleged Och-Ziff bribery scheme and caused tens of millions of dollars in bribes to be paid to high-level government officials in Africa. Specifically, the SEC alleged that they authorized bribes to officials of the Libyan Investment Authority sovereign wealth fund to induce them to invest in the sovereign wealth fund’s assets in funds managed by Och-Ziff. In addition, they allegedly directed efforts to secure mining deals to benefit Och-Ziff by directing bribes to corruptly influence government officials in a number of countries in Africa. In Steven, a former sales executive of Embraer was charged with participating in a scheme to bribe a high-level Saudi Arabian government official to obtain a contract for the sale of $93 million worth of aircraft for Embraer to the state-owned national oil company of Saudi Arabia. Although Steven is the first individual charged in the U.S. for involvement in the Embraer enforcement action, it is worth noting that Brazilian authorities have charged eleven individuals for their alleged involvement in Embraer’s misconduct in the Dominican Republic, while Saudi Arabian authorities have charged two individuals for their alleged involvement in Embraer’s misconduct in the country. In Finley, a former senior executive in energy at Rolls-Royce who was responsible for the sales division was charged for his participation in the Rolls-Royce bribery scheme. In July 2017, Finley pleaded guilty to one count of conspiracy to violate the FCPA and one count of violating the FCPA. Finally, in Zubiate, a former sales and marketing executive at SBM subsidiaries in the United States was accused of using a third-party sales agent to pay bribes to foreign officials at Petrobras in exchange for preferential treatment for SBM and its U.S. subsidiary when bidding for oil contracts. Zubiate also admitted engaging in a kickback scheme with the bribe-paying sales agent for SBM and its U.S. subsidiary. Corporate Managers The 2017 FCPA enforcement actions included a small number of cases against corporate managers. In Lorenz, a regional vice president of oil & gas company Halliburton allegedly caused the company to violate the books and records and internal accounting controls provisions of the FCPA by utilizing a local Angolan company to obtain business from the Angolan state oil company. Lorenz, who allegedly spearheaded the conduct that formed the basis for the company’s settlement, agreed to pay a $75,000 penalty for “causing” the company’s underlying violations, circumventing internal accounting controls, and falsifying books and records. In Barnett and Zuurhout, a former regional director in energy at Rolls-Royce (Barnett) and a former energy sales employee at RollsRoyce (Zuurhout) admitted to participating in a conspiracy to engage commercial advisors who would use their commission payments Recent Trends and Patterns in FCPA Enforcement 9 from Rolls-Royce to bribe foreign officials in a number of countries to help Rolls-Royce secure an improper advantage and obtain and retain business with foreign governments and instrumentalities across the globe. Both individuals pleaded guilty to one count of conspiracy to violate the FCPA. Finally, in Chow, a former senior member of Keppel Offshore’s legal department admitted to participating in a conspiracy to engage thirdparty agents to bribe foreign officials in Brazil. The Information filed against Chow alleges that he created and executed agreements on behalf of Keppel with consulting companies that falsely represented that payments were made to a Keppel agent for his assistance and support in discussions and negotiations with prospective customers when, in fact, portions of these payments were being paid as bribes. On August 29, 2017, Chow pleaded guilty to conspiracy to violate the FCPA. Middlemen/Fixers Among the twenty-two individual defendants charged in connection with an FCPA enforcement action, several served as middlemen who funneled bribes from another individual/entity to a foreign official (Kohler, Hernandez, Ardila, Beech, Ho, Gadio, and Baptiste). In Kohler, an Austrian citizen who was employed at an unnamed German company that acted as a “Technical Advisor” in the infrastructure, oil and gas, and energy sectors was charged with participating in the bribery scheme to funnel bribes to government officials for the benefit of Rolls-Royce. In June 2017, Kohler pleaded guilty to one count of conspiracy to violate the FCPA. The cases of Hernandez, Ardila, and Beech all arose from the corruption scandal involving PDVSA with U.S. businessmen Abraham Jose Shiera Bastidas and Roberto Enrique Rincon Fernandez at the center. With the three guilty pleas entered in 2017, ten individuals have now pleaded guilty in connection with this alleged bribery scheme. In Hernandez, the DOJ accused Juan Jose Hernandez Comerma—a former general manager of one of Abraham Jose Shiera Bastidas’ companies—of providing travel, entertainment, and cash bribes to certain PDVSA officials. Hernandez pleaded guilty to the charges, and is scheduled to be sentenced in February 2018. In Ardila, the DOJ accused Fernando Ardila Rueda—a former sales director and partial owner of several companies owned by Abraham Jose Shiera Bastidas—of paying bribes and providing other things of value to certain PDVSA purchasing analysts. Hernandez pleaded guilty to one count of conspiring to violate the FCPA and one count of violating the anti-bribery provision of the FCPA. In Beech, the owner of a Florida company was charged with conspiring with other key individuals in the PDVSA bribery scheme to pay bribes to officials at PDVSA to obtain business for his and other’s companies. Beech pleaded guilty to one charge of conspiracy to violate the anti-bribery provisions of the FCPA, and is scheduled to be sentenced in February 2018. The cases of Ho and Gadio involve an alleged scheme to bribe high-level government officials in Chad and Uganda to secure business advantages for a Chinese oil & gas company. The schemes in both countries allegedly involved the use of a Virginia-based energy nongovernmental organization to funnel bribes to government officials. The cases against both defendants are pending as of December 2017. In Baptiste, a retired U.S. Army colonel was charged with participating in an alleged conspiracy to bribe Haitian officials related to a port infrastructure project. The indictment alleged that Baptiste solicited bribes from undercover FBI agents in Boston who posed as potential investors in connection with a proposed port development project in Haiti, and that Baptiste proposed to funnel corrupt payments through a non-profit company in Maryland. The case against Baptiste is pending as of December 2017. Miscellaneous One of the more unusual sets of cases arose out of an alleged bribery scheme gone wrong. In the cases of Bahn, Sang, Harris, and Woo, the DOJ announced multiple charges stemming from an alleged scheme to pay $2.5 million in bribes to facilitate a commercial real estate transaction in Vietnam. The DOJ claimed the payments were intended to reach a Middle Eastern sovereign wealth fund and induce the fund to acquire the property involved in the transaction. However, the DOJ also claims that Harris falsely claimed to have a relationship with the foreign official and instead pocketed the payments that were allegedly intended to influence the foreign official. Bahn, Sang, and Woo were each charged with conspiracy to violate the FCPA—as well as substantive violations of the anti-bribery provisions of the FCPA for Bahn and Sang—as well as other conspiracy and money laundering charges. Harris was not charged with any FCPA-related counts, and was instead charged with wire fraud, identity theft, and money laundering. Recent Trends and Patterns in FCPA Enforcement 10 Upshot Though the total number of individuals charged in FCPA enforcement actions in 2017 went down slightly from 2016 (twenty-two from twenty-seven), the numbers of individuals charged is generally in line with trends seen in recent years. With a few outliers (2009, 2012, 2015, and 2016), the DOJ and SEC have brought charges against fifteen to twentyfive individuals in connection with an FCPA enforcement action on an annual basis since 2007. That said, there are still a few points worth highlighting. First, although a number of the individuals charged in 2017 were executives, the year’s enforcement actions lacked the large number of C-suite executives that we saw in 2016. Second, a number of the charges against individuals stem from larger cases filed prior to 2017. Specifically, the Hernandez, Ardila, and Beech cases each relate to the Rincon, et al. cases that were filed in both 2015 and 2016, the Cohen and Baros cases arise out of the Och-Ziff corporate enforcement action from 2016, and the Steven case arises out of the Embraer corporate enforcement action from 2016. As a result, only sixteen of the FCPA enforcement actions against individuals in 2017 arose from truly new matters. Geography & Industries In our January 2017 Trends & Patterns, we discussed the striking focus of 2016’s FCPA enforcement actions on one country and one industry: China and healthcare. 2017 once again saw a striking focus on a particular region: Latin America. The charts to the right show the geographic breakdown of the FCPA enforcement actions from 2017, 2016, and 2015 (corporate and individual), and show that nearly half of the FCPA enforcement actions from 2017 involved Latin America. Of the total nineteen enforcement actions,7 nine involved alleged acts of bribery in Latin America (Biomet, SQM, Rolls-Royce, Orthofix, Comerma/Beech/Ardila-Rueda, Alere, Baptiste, SBM, and Keppel). While Latin America has featured prominently in past FCPA enforcement years, this is a sharp increase and squares with public comments from agency officials that they expect more FCPA enforcement actions coming out of the region. We suspect that the officials’ statements are probably based on the significant number of entities in the region currently under investigation (e.g., Petrobras and Wal-Mart), additional cases likely arising from the 2014 World Cup and 2016 Olympics in Brazil, and ongoing cooperation between U.S. and Latin American enforcement agencies. After Latin America, the 2017 FCPA enforcement actions are fairly evenly distributed across the regions that have typically been the focus of such actions. Five of the 2017 FCPA enforcement actions have involved officials from the Middle East and Northern Africa (RollsRoyce, Cohen/Baros, Bahn et al., SBM, and Steven) or sub-Saharan Africa (Rolls-Royce, Cohen/Baros, Halliburton, SBM, and Ho/Gadio); four have involved officials from Russia and the former Soviet republics (Rolls-Royce, Linde, Telia, and SBM); three have involved improper conduct in India (Mondelez, CDM, and Alere); one involved improper conduct in Southeast Asia (Rolls-Royce); and one centered on a bribery scheme in China (Las Vegas Sands). With regard to industries, the DOJ and SEC continued to focus on two industries that have historically been a source of a large number of FCPA enforcement actions: healthcare & life sciences and the oil & gas industries. Four of the year’s enforcement actions have involved the oil & gas industries (Linde, Halliburton, SBM, and Keppel), while three of the year’s 7 For the purpose of this geographic analysis, we treat corporate enforcement actions and charges against individuals that arise out of those enforcement actions as one enforcement action. Similarly, we treat groups of related cases against individuals that are not, as of yet, connected to a corporate matter as a single matter for this purpose. Recent Trends and Patterns in FCPA Enforcement 11 enforcement actions have involved the healthcare & life sciences industries (Biomet, Orthofix, and Alere), although of these only Alere is a truly new enforcement action, with Biomet and Orthofix both arising out of breaches of previously entered into DPAs. As we have mentioned in the past, the DOJ’s and SEC’s focus on the healthcare industry in 2017 is part of a much longer trend. Since 2011, either the DOJ or SEC has brought an FCPA enforcement action against at least one company in the healthcare sector: 2011—Johnson & Johnson; 2012—Biomet, Pfizer, Eli Lilly, Orthofix; 2013—Stryker; 2014—Bio-Rad, Bruker; 2015—Bristol-Myers, Mead Johnson; 2016— SciClone, PTC/Yuan, Nordion/Gourtevitch, Novartis, Olympus, and Analogic. Moreover, with several investigations into various other pharmaceutical and medical technology companies still ongoing, we expect this pattern to continue into the foreseeable future. Generally, the 2017 FCPA enforcement actions have encompassed a broad array of additional industries, including: Healthcare & Life Sciences Biomet, Orthofix, Alere Aerospace & Airlines Rolls-Royce Telecommunications Telia Oil & Gas Linde, Halliburton, SBM, Keppel Mining SQM Engineering & Construction Baptiste Entertainment Las Vegas Sands Food & Beverage Mondelez Types of Settlements For the most part, the agencies have continued prior practices of resolving matters using a variety of settlement structures, with the choice of structure apparently related—but not always in a clear or consistent manner—to the seriousness of the conduct or the timing and degree of disclosure and cooperation. We discuss the SEC’s and DOJ’s settlement devices below. SEC For its part, the SEC relied exclusively on administrative proceedings to resolve all seven of its corporate FCPA enforcement actions in 2017. As in recent years, none of these seven were contested enforcement actions. The SEC also filed a civil complaint against two individuals associated with Och-Ziff, which suggests that Cohen and Barros intend to put the SEC to its burden. Although the SEC has in recent years experimented with its own version of “deferred prosecution agreements” or “non-prosecution agreements,” it did not utilize this settlement structure in 2017. This stands in contrast to 2016, when the SEC utilized administrative proceedings, complaint and consent orders, non-prosecution agreements, public declinations, and a deferred prosecution agreement. DOJ The DOJ in 2017 used a range of settlement devices in each of its nine enforcement actions. Further, 2017 saw the DOJ continuing to utilize declinations with disgorgement, a trend likely to continue under the agency’s new FCPA corporate enforcement policy. The list below sets out the various settlement devices the DOJ used in its 2017 FCPA enforcement actions against corporate entities: Plea Agreements Jerds Luxembourg Holding S.ár.L. (Biomet’s subsidiary),Coscom LLC (Telia’s Uzbek subsidiary), SBM Offshore USA Inc. (SBM Offshore’s U.S. subsidiary), and Keppel Offshore & Marine USA Inc. (Keppel Offshore & Marine’s U.S. subsidiary) Deferred Prosecution Agreements Biomet, SQM, Rolls-Royce, Telia, SBM, and Keppel Non-Prosecution Agreements Las Vegas Sands Public Declinations with Disgorgement CDM Smith, Linde Elements of Settlements Within Guidelines Sanctions. Of the seven corporate enforcement actions brought by the DOJ,8 Biomet was the only instance where the defendant did not receive a sentencing discount. This is perhaps not particularly surprising, given the fact that Biomet was accused of 8 We exclude the declinations with disgorgement in Linde and CDM Smith from this discussion, as those did not involve a sentencing analysis. Recent Trends and Patterns in FCPA Enforcement 12 breaching its 2012 DPA. On the other hand, the fact that Rolls-Royce received a discount can be viewed as a surprising development. While the company was given cooperation and remediation credit, the company’s reported failure to self-report and the massive scope of the alleged bribery scheme at issue would have been expected to weigh heavily against any sentencing discount. Likewise, in the FCPA enforcement action resulting in the largest penalty paid to U.S. authorities as part of an FCPA settlement, Telia also received a sentencing discount despite reportedly failing to voluntarily disclose the violations. Finally, Keppel failed to receive voluntary selfdisclosure credit, but also received a 25% sentencing discount. That Rolls-Royce, Telia, and Keppel received a discount suggests that the DOJ may weigh cooperation and remediation as more important factors when assessing whether to offer a discount, and, as they are consistent with the treatment of cases under the Pilot Program (and now the FCPA Corporate Enforcement Policy), suggests that the DOJ’s approach to determining the penalty is largely consistent whether or not the company qualifies for treatment under those policies. This notion is supported by last year’s VimpelCom and Olympus actions, in which the DOJ awarded the two defendants a discounted sanction below the base fine recommended by the Sentencing Guidelines, even though neither company voluntarily disclosed the improper conduct to enforcement agencies. In fact, the last two instances in which a company received a sanction within the Sentencing Guidelines range were the 2014 cases of Alstom and Marubeni, where neither company initially cooperated with authorities. With the DOJ’s new FCPA Corporate Enforcement Policy, these trends appear set to continue. Under the terms of the Policy, when a company has satisfied the voluntary self-disclosure, cooperation, and remediation requirements of the policy, but aggravating circumstances overcome the presumption of a declination, the DOJ still will recommend a 50% reduction in penalty from the low end of the Sentencing Guidelines fine range. This set percentage discount is a slight shift from the FCPA Pilot Program, which stated that a company “may” be awarded a 50% reduction in penalty under analogous circumstances. Furthermore, even if a company does not voluntarily disclose misconduct, it may still be in line to receive up to a 25% sentencing discount from the bottom of the Sentencing Guidelines range if it adequately cooperates and remediates. This approach mirrors the principles that were laid out in the FCPA Pilot Program, and, when coupled with the recent trends in sentencing discounts discussed above, suggests that it will continue to be the case that extremely few FCPA enforcement actions result in a penalty at or above the bottom of the Sentencing Guidelines range. Self-Disclosure, Cooperation, and Remediation. None of the DOJ’s seven corporate enforcement actions9 received self-disclosure credit, but all seven did receive cooperation credit. Each of the companies received remediation credit, although in the case of SQM, at the time the parties resolved the enforcement action, SQM had not had the opportunity to test its enhanced compliance program and, purportedly as a result, the DOJ imposed a compliance monitor. Importantly, in each of the 2017 corporate enforcement actions by the DOJ, the DOJ has highlighted the fact that the companies disciplined and terminated the individuals responsible for the misconduct. As we discussed in our January 2017 Trends & Patterns, the DOJ has been trending towards emphasizing terminations as part of its remedial requirements. Monitors. In February 2016, Andrew Weissmann, then the Chief of the DOJ’s Fraud Section, stated that the DOJ would review its approach to the use of monitors. In 2016, nine companies that were subject to FCPA enforcement actions saw the DOJ or the SEC impose a corporate monitor requirement as part of the sanction (VimpelCom, Olympus, Las Vegas Sands, LATAM, Och-Ziff, Embraer, Odebrecht, Braskem, and Teva). This trend continued over the first half of 2017, with the cases of Biomet, SQM, and Orthofix all involving the imposition of a corporate monitor. The installation of monitors in Biomet and Orthofix is not particularly surprising, as both of these enforcement actions arose out of failing to comply with prior DPAs. In our view, the imposition of an anti-bribery compliance monitor in SQM was surprising, given that neither agency alleged bribery in its pleadings, and the controls weaknesses, which had allowed the company’s former CEO unsupervised discretion over a single cost center, had been remediated. In contrast, the DOJ did not impose monitors in the Rolls-Royce, Telia, SBM, and Keppel enforcement actions, presumably because the companies had demonstrated, during the lengthy period of the investigation, that they had implemented rigorous and effective compliance programs and could be relied upon to self-report the progress of their compliance efforts. This would be consistent with the terms of the new FCPA Corporate Enforcement Policy, which states that a company that “has voluntarily self-disclosed, fully cooperated, and timely and appropriately remediated” would “generally not require appointment of a monitor if a company has, at the time of resolution, implemented an effective compliance program.” Financial Hardship. Although the enforcement action itself was announced in 2016, in April 2017 the DOJ confirmed that Odebrecht would not be able to pay the U.S. criminal penalty that it had originally been assessed. Originally, Odebrecht agreed to pay $260 million in criminal penalties to the U.S., which represented ten percent of the total global penalty assessed by U.S., Brazilian, and Swiss regulators. Since agreeing to the global settlement in December, however, Odebrecht has suffered extensive collateral damage in the form of significant lost contracts that have destabilized the company’s financial situation. As a result, in April 2017 the DOJ moved to reduce Odebrecht’s U.S. criminal penalty from $260 million to $93 million, though the company’s global penalty of $2.6 billion remains 9 We exclude the declinations with disgorgement in Linde and CDM Smith from this discussion, as those did not involve a sentencing analysis. Recent Trends and Patterns in FCPA Enforcement 13 unchanged.10 This type of criminal penalty reduction is not unheard of, and the DOJ has considered the financial health of the company in the context of past FCPA enforcement actions. In the Odebrecht case, the DOJ had already agreed once to reduce the global criminal penalty from $4.5 billion to $2.6 billion in light of Odebrecht’s inability to pay. Although the plea agreement contained a mechanism for the authorities to verify Odebrecht’s claims that it could not pay and potentially to increase the penalty, the April 2017 reduction was unexpected; presumably the government’s verification efforts, although not spelled out in its sentencing memorandum, persuaded it that this further reduction was justified. Consideration of whether a criminal penalty would substantially jeopardize the continued viability of the company apparently was also a factor weighed by the DOJ in determining the penalty for SBM. Specifically, the deferred prosecution agreement noted that this factor was considered in determining the penalty amount. Again, there is no insight into what qualifies as a penalty that would substantially jeopardize the viability of the company. This factor may continue to play a role in FCPA enforcement actions, as the DOJ’s newly announced FCPA Corporate Enforcement Policy considers the company’s ability to pay the costs of cooperation, not merely the penalty, in determining whether the company qualifies for a cooperation credit under the Policy. Recidivism. There is a rare and still relatively small group of recidivist FCPA violators (e.g., Marubeni, Vetco Gray). That list grew in 2017 with the Biomet and Orthofix enforcement actions. New questions have emerged regarding recidivism in light of the new FCPA Corporate Enforcement Policy, as the policy does not provide insight into what types or features of previous criminal settlements will result in a company being considered a recidivist. It is not clear whether the DOJ will consider only prior FCPA cases, or whether criminal cases in other contexts will result in a company being considered a recidivist, a question that could be of particular importance for financial institutions that in recent years have been penalized in a number of criminal matters (e.g., money laundering and sanctions). It’s also unclear whether the DOJ will view past FCPA settlements differently based on the form of the penalty. Specifically, it is possible that a guilty plea by a company will be treated differently than a deferred or non-prosecution agreement, which could present the DOJ with grounds to exercise discretion in whether to consider a company a recidivist. Disgorgement. One interesting aspect of the DOJ’s Biomet enforcement action is that it required the company to disgorge the profits it allegedly obtained as a result of the bribery scheme. It is unusual for the DOJ to require companies to disgorge profits, as this penalty is typically left to the SEC, with the DOJ instead typically obtaining a similar remedial penalty through forfeiture. Disgorgement is also, obviously, a key issue for the SEC in light of the Kokesh decision. As discussed below, the Kokesh decision may sharply limit the SEC’s ability to collect the full scope of illicit gains. It did not, however, directly address whether the SEC is entitled to collect disgorgement at all as opposed to the monetary penalties specifically authorized in the securities laws, and the SEC continued to collect disgorgement in its 2017 enforcement actions. Case Developments Magyar Executive Settlements. Since December 2011, the SEC’s case against the three Magyar executives lingered in the courts as the executives challenged the SEC’s charges on multiple grounds, including jurisdiction. The long-running saga came to a conclusion in 2017. In February 2017, Tamas Morvai—a Hungarian citizen who was an executive of Magyar Telekom—agreed to pay the SEC a $60,000 penalty to resolve charges against him. Subsequently, in April 2017, the two remaining defendants—Elek Straub and Andra Balogh—settled, with Straub agreeing to pay a $250,000 penalty and Balogh agreeing to pay a $150,000 penalty and with both executives agreeing to a five-year bar from serving as an officer or director of any SEC-registered public company. Hoskins. As discussed below, the district court’s decision on jurisdiction has been appealed to the Second Circuit and was argued earlier this year. As of December 2017, a decision is pending. Ray. Douglas Ray, who pleaded guilty in October 2016 to conspiracy to violate the FCPA and commit wire fraud, was sentenced to eighteen months in prison in March 2017. Ray was also ordered to pay $589,698.87 in restitution. Thiam. In May 2017, former Guinean Minister of Mines, Mahmoud Thiam, was convicted by a federal jury of one count of dealing in criminal derived property and one count of money laundering. Although the charges against Thiam did not relate to any current FCPA enforcement action, they were noteworthy for Thiam’s relationship to the corruption scandal and litigation involving BSGR and Rio Tinto 10 The $167 million reduction in Odebrecht’s U.S. criminal penalty—required to be paid by June 30, 2017—was added to the payments to be made to Brazil and Switzerland, which are to be made in installments through December 31, 2021, thus leaving the total $2.6 billion global penalty unchanged. Recent Trends and Patterns in FCPA Enforcement 14 in the Simandou region of Guinea—Thiam was a named defendant in Rio Tinto’s lawsuit against BSGR in 2014. In August 2017, Thiam was sentenced to seven years in prison. Mebiame. In May 2017, Samuel Mebiame, a Gabonese national, was sentenced to two years in prison for acting as a “fixer” who allegedly helped funnel bribes, including cash and gifts, to various African officials in exchange for valuable mining concessions for OchZiff. Mebiame pleaded guilty to the charges in December 2016. Ng. In July 2017, Ng Lap Seng was convicted on all counts by a jury following a four-week trial. As a refresher, on November 22, 2016, the DOJ filed a superseding indictment against Ng and a co-conspirator charging the defendants with one count of conspiracy to violate the FCPA and two substantive counts of violating the FCPA—in addition to conspiracy to commit money laundering, money laundering, conspiracy to defraud the United States, bribery, and obstruction of justice. Ng’s sentencing is presently scheduled for January 2018. Firtash. In 2014, U.S. prosecutors charged Dmytro Firtash, the politically-connected Ukrainian oligarch and former owner of the gas company RosUkrEnergo, with violating the FCPA, RICO, and the federal money laundering statute after he allegedly paid $18.5 million to Indian officials in exchange for valuable mining rights in the country. Although a lower Austrian court initially denied the U.S. extradition request, finding it was “politically motivated,” an Austrian court of appeals cleared the way on February 22, 2017 for Firtash to be extradited to the U.S. Firtash subsequently filed, before any potential extradition, a motion to dismiss the charges currently pending against him in the Northern District of Illinois.11 On December 18, 2017, the Austrian Supreme Court announced that Firtash’s case had been referred to the European Court of Human Rights after Firtash requested a retrial. A few days later on December 21, 2017, it was reported that the U.S. extradition order for Firtash had been stayed pending a preliminary ruling from the European Court of Human Rights. In a letter to the court, Firtash’s U.S. counsel indicated that it is “unlikely” that Firtash will be extradited to the U.S. in the immediate future. Richters. In February 2017, Amadeus Richters, a former director of a Florida-based telecommunications company who allegedly bribed officials in Haiti, was arrested and made an initial court appearance in Miami. Richters had been considered a fugitive since his indictment in July 2011 for his role in the Haiti Telco case. Richters faces a litany of charges stemming from his alleged involvement in that scheme: one count of conspiracy to violate the FCPA and to commit wire fraud, six counts of FCPA violations, one count of conspiracy to commit money laundering, and nineteen counts of money laundering. Siriwans. In March 2017, former Thailand official, Juthamas Siriwan, and her daughter, Jittisopha Siriwan, were sentenced to time in prison by a Bangkok court for allegedly taking bribes from a Hollywood producer, Gerald Green, and his wife, Patricia Green. The Greens each served prison sentences of six months for FCPA offenses and money laundering in 2010 and 2011. Harder. In July 2017, the district court sentenced Dmitrij Harder to 60 months in prison. Harder had been previously indicted by a federal grand jury in January 2015 for allegedly violating the FCPA’s anti-bribery provisions and the Travel Act for his participation in a scheme to bribe the foreign European banking official, and ultimately pleaded guilty in February 2016 to two counts of violating the FCPA. 11 For further discussion of the Firtash case, you may wish to refer to the article co-authored by Philip Urofsky and Zach Torres-Fowler, titled “The Firtash Case May Present Jeff Sessions’ Department of Justice With Its First Real Test on FCPA Enforcement,” that was published in Bloomberg BNA’s Criminal Law Reporter on March 1, 2017 (available at http://www.shearman.com/~/media/Files/NewsInsights/Publications/2017/03/UrofskyFowlerCrLversionCorrect_FCPA_030117.pdf). Recent Trends and Patterns in FCPA Enforcement 15 Perennial Statutory Issues Jurisdiction The DOJ and SEC have historically interpreted the FCPA’s jurisdictional requirements extremely broadly, claiming that slight touches on U.S. territory such as a transaction between two foreign banks that cleared through U.S. banks or, even more tenuously, an email between two foreign persons outside the U.S. that transited through a U.S. server, were sufficient. In 2017, the charges against individuals involved in the Rolls-Royce bribery scheme offer an interesting case study in the variety of jurisdictional hooks the DOJ has at its disposal, and how it often pushes the boundary of what should be permissible. The DOJ’s and SEC’s broad jurisdictional theories were on full display in their enforcement actions against Rolls-Royce, its U.S. subsidiary, and several individuals allegedly involved in the bribery scheme, which were marked with frequently vague jurisdictional pleading. The DPA entered into by the company and charges brought against individuals were entered into or filed over the span of a number of months, and the jurisdictional theories relied on in each of the cases differ. Because they were not always spelled out and sometimes seem even contradictory, we spend some time outlining the apparent jurisdictional theories and some potential issues raised by them. The original criminal Information filed against Rolls-Royce plc charged the U.K. parent company with conspiracy between the U.K. parent, its U.S. subsidiary, Rolls-Royce Energy Systems, Inc. (“RRESI”), two U.K. employees of the parent (one of whom was presumably James Finley), and two RRESI employees (one of whom was presumably Keith Barnett). Oddly, although only Rolls-Royce plc was charged, the objects of the conspiracy were violations of both the domestic concern (§78dd-2) and “any person” (§78dd-3) sections of the FCPA. With respect to the former, there do not appear to be any allegations in the Information of how Rolls-Royce, a U.K. company, violated the domestic concern subsection except, of course, that there were domestic concerns who were alleged to be parties to the conspiracy. With respect to “any person,” which requires proof of territorial jurisdiction, the information charged that Rolls-Royce “as a person other than an issuer or domestic concern, through its employees and agents, while in the territory of the U.S., did [commit acts in violation of the FCPA].” This seems relatively unproblematic, as there are allegations of acts in the U.S. which Rolls-Royce would appear to have, at the least, authorized, as well as allegations of emails sent between Rolls-Royce and RRESI individuals. On the same day the Rolls-Royce DPA was filed, the DOJ filed a guilty plea entered by Keith Barnett. As Barnett is a U.S. citizen, jurisdiction was not an issue, and he was charged with conspiracy to violate dd-2 as “a ‘domestic concern’ and an ‘employee’ and ‘agent’ of a ‘domestic concern.’” The next plea was entered on June 6, 2017, and involved Andreas Kohler, a foreign national and resident, who worked for the “Technical Advisor,” an international engineering and consulting firm which purported to provide independent engineering advice and project management, but was actually involved in the bribery scheme. Despite not being a U.S. citizen or resident and not being employed by a U.S. company, Kohler was charged with conspiring to violate the domestic concern section of the FCPA (§78dd-2), but not the territorial jurisdiction section (§78dd-3). It is possible that Kohler was charged as an agent of a domestic concern (i.e., RRESI), but it is also possible that the government is taking the position that an individual does not have to fall into one of the enumerated categories in dd-2 (officer, director, employee, or agent or stockholder) to be guilty of conspiracy. It is also worth noting that there is no charge of aiding and abetting or accomplice liability, as the DOJ tried in Hoskins without, so far, success. Furthermore, there is an argument to be made that since the Technical Advisor was technically retained by the Kazakh government and accepted a portion of the corrupt payments, it could not have been part of the conspiracy because it was in fact the bribe recipient. Such an individual or company, of course, cannot violate the FCPA under United States v. Blondek. 12 Shortly thereafter, Aloysius Zuurhout pleaded guilty. Zuurhout is a foreign national and resident who was employed by a Dutch subsidiary of Rolls-Royce. Similarly to the charges against Kohler, Zuurhout was charged with conspiracy to violate the domestic concern provisions of §78dd-2; although the DOJ does not specifically allege any jurisdictional basis for this action, we assume it is taking the position, although, again, it does plead this, that Zuurhout could be viewed as an agent of RRESI since he was alleged to be responsible for “assist[ing] in the sale of equipment, including equipment that was manufactured or assembled by RRESI.” Furthermore, the Information notes that Zuurhout traveled to the United States and sent an email while in the United States regarding the conspiracy. Presumably these acts would have been sufficient to establish jurisdiction under §78dd-3, so it is curious that the DOJ did not charge under that provision. 12 United States v. Blondek, 741 F. Supp. 116 (N.D. Tex. 1990). Recent Trends and Patterns in FCPA Enforcement 16 The next month, James Finley entered into a plea agreement. Finley’s plea is best viewed in light of the Hoskins decision, discussed above and in our January 2017 FCPA Trends & Patterns, and may be the most problematic of the Rolls-Royce matters. Finley is a foreign national and resident and, moreover, is an employee of Rolls-Royce who was responsible for oversight of RRESI. He is defined as an “agent” of the FCPA (strangely, given the DOJ did not explicitly say this for Zuurhout or Kohler). However, like Hoskins in the Alstom case, Finley did not work for RRESI, and instead was above it in the corporate chain. On its face, this appears to be a very similar factual backdrop as in the Hoskins case, where this jurisdictional attempt was rebuffed by the district court judge. That the DOJ nonetheless appears to be continuing to rely on this jurisdictional theory raises the question of whether the government is simply going to ignore the Hoskins district court opinion until it is confirmed by the Second Circuit, and possibly ignore it even then outside of the Second Circuit, or is confident that it can prevail on the issue of agency even within the terms of the Hoskins decision. It is our suspicion the DOJ is slightly more confident in charging this way in this case because Finley seems to have had an active role in selling the products involved in the bribery scheme. Significantly, the DOJ did not charge Finley with accomplice liability, a jurisdictional basis that was also rejected by the district court in Hoskins. Finally, in October 2017, the DOJ indicted a fifth person allegedly involved in the Rolls-Royce scheme—Petros Contoguris—who is also a foreign national and resident. Contoguris was the owner of the Intermediary. This time the DOJ was clear that he acted as an agent when it came to the substantive FCPA counts against him, but the DOJ did not specify that he acted as an agent of a domestic concern for the charge of conspiracy to violate the FCPA. The money laundering counts raise a different, but interesting, issue. Contoguris is charged with both conspiracy and substantive counts of violating 18 USC §1956(a)(2)(A) and (B). Using §1956(a)(2)(A) as the basis for this charge is straightforward, as it is clear that a transfer funds from the U.S. to outside of the U.S. (or vice versa) to promote a specified unlawful activity—which includes violating the FCPA—is sufficient. The DOJ’s theory under theory under §1956(a)(2)(B), however, is that the payments from the Kazakh joint venture to RRESI, which were payments under the contracts that were won as a result of the bribery scheme, were themselves proceeds of bribery. In other words, the payments were not the bribe money itself, but were instead the results of the bribe. This is a novel theory of money laundering prosecution that we have not seen before in an FCPA-related case. Books & Records Liability without Bribes By definition, every FCPA bribery case must involve an act of furtherance towards the payment of a bribe to a “foreign official.” This year’s SEC enforcement actions, however, once again demonstrate that the books-and-records and internal controls provisions are much broader than the FCPA’s anti-bribery provision, and the government can charge companies with violating those accounting provisions whenever it can show the falsification of company records. In Mondelez, the SEC charged Mondelez International, formerly known as Kraft Foods, with books-and-records and internal controls violations for allegedly failing to conduct adequate due diligence to identify and resolve potential corruption risk associated with the hiring of a third-party agent by Cadbury, a company which Mondelez was acquiring. The acquired subsidiary also failed to monitor the agent’s activities and failed to accurately record the expenditures in its books and records. This resulted in the agent being paid over $90,000 which, when combined with the company’s failure to monitor, could have been used to violate anti-bribery provisions. However, as has been the case in a number of recent SEC enforcement actions (e.g., Cueto, Analogic, and Hyperdynamics), the SEC did not make any allegations in the settlement order that the funds paid to the third-party agent were actually used to pay bribes to any foreign official. Even more starkly, the SEC and DOJ actions against SQM demonstrate the government’s ability to charge questionable payments as the basis for an FCPA enforcement action even when it cannot demonstrate that the payments are bribes. In that case, the company permitted its CEO to have discretionary control over a cost center from which he made millions of dollars (in local currency) in payments to persons, companies, and charities associated with political figures, some of whom were candidates for public office or were current or former government officials. In some instances, the payments were alleged to be “improper” under local laws, and were supported by false invoices that did not reveal the true purpose or recipient of some of the payments. Although neither the DOJ nor the SEC alleged bribery, both agencies charged the company with books-and-records and internal controls violations (in the DOJ’s case with willful falsification and willful failure to implement internal financial controls, presumably based on the intent of the now-fired CEO). Successor Liability The Mondelez enforcement action also highlights the successor liability risks associated with acquisitions of companies that have engaged in conduct potentially in violation of anti-corruption laws. In that case, Mondelez undertook a hostile takeover of Cadbury. As noted in the SEC’s order, the nature of the acquisition limited the ability of Mondelez to conduct pre-acquisition due diligence, and the company instead undertook substantial post-acquisition due diligence. During this post-acquisition due diligence, however, the company Recent Trends and Patterns in FCPA Enforcement 17 failed to identify a relationship between Cadbury’s Indian subsidiary and an agent retained to assist with securing government licenses and approvals for the opening of a new plant. Although Mondelez subsequently discovered the relationship and conducted an internal investigation, it did not self-disclose to the U.S. government. The SEC’s decision to hold both Mondelez and Cadbury liable for this conduct emphasizes the government’s view that successor liability applies in the context of FCPA enforcement actions. In Biomet, a subsidiary located in Mexico, 3i Mexico, used a customs broker to pay bribes to Mexican customs officials to smuggle certain dental products into Mexico. By the time the DOJ’s investigation had concluded, however, 3i Mexico was no longer selling products and was in the process of winding down. 3i Mexico is wholly owned by another subsidiary of Zimmer Biomet, Jerds Luxembourg, which is the successor-in-interest. Based on this, the DOJ required Jerds Luxembourg to enter a guilty plea for the conduct that occurred at 3i Mexico. Modes of Payment The FCPA enforcement actions in 2017 generally alleged schemes similar to those seen in the past, with the majority involving local consultants, agents, or other intermediaries. Third-Party Intermediaries. The majority of the FCPA enforcement actions from 2017 resolved FCPA violations arising from the use of third-party intermediaries. In Rolls-Royce, the company was accused of utilizing local consultants in a variety of jurisdictions to funnel bribes to foreign officials in exchange for government contracts. In Biomet, the medical device company was accused of using third-party customs brokers to funnel bribes to customs officials. In Orthofix, the medical device company was accused of utilizing third-party distributors to funnel improper payments to doctors at state-owned hospitals. In Mondelez, Cadbury’s Indian subsidiary hired a third-party agent to assist in obtaining government licenses and approvals, and failed to conduct proper due diligence and monitoring of this agent’s activities. Fake Invoices. A number of the enforcement actions in 2017 involved allegations that the company engaged in payment schemes that involved fake invoices. In SQM, for example, payments were made from the CEO’s discretionary account to third-party vendors associated with political officials, and many of those payments were allegedly documented with invoices for services that were not rendered. Charitable Contributions. As mentioned above, in the case of SQM the DOJ and the SEC seemingly alleged that charitable contributions could serve as a mode of payment that would give rise to FCPA books-and-records or internal control violations, although many of these donations appeared to be bona fide and neither the DOJ nor the SEC alleged any quid pro quo agreement in connection with the donations. Although the allegations in the 2016 case of VimpelCom similarly involved donations to charities associated with government officials, the allegations in that case suggesting a quid pro quo were much more explicit than those in SQM. Recent Trends and Patterns in FCPA Enforcement 18 Compliance Guidance FCPA Corporate Enforcement Policy One of the most significant developments discussed in last year’s Trends & Patterns was the DOJ’s announcement of its FCPA Pilot Program, which set out the DOJ’s expectations for how a company should manage an FCPA investigation and the potential rewards— including significant reductions in criminal fines—if a company chose to follow the DOJ’s guidance. The Program was set to expire in April 2017; however, approximately a month beforehand, Acting Assistant Attorney General Kenneth Blanco announced that the Program would remain in effect for the foreseeable future while the DOJ evaluated its “utility and efficacy.” In November 2017, the DOJ announced that the principles underlying the FCPA Pilot Program would be incorporated into a new FCPA Corporate Enforcement Policy, which has been formally incorporated into the U.S. Attorneys’ Manual, the Department’s policy manual. The new Policy goes a step farther than the former Pilot Program and states that when a company adequately voluntarily self-discloses, cooperates, and remediates, a presumption will arise that the matter will be resolved through a declination, rather than an enforcement action (although the company still may be required to pay disgorgement, forfeiture, or restitution). This presumption may, however, be overcome should there be aggravating circumstances regarding the seriousness of the offense or the nature of the offender. The Policy notes that these aggravating circumstances include, but are not limited to: (i) the involvement of company executives in the misconduct; (ii) the fact that the company made a significant profit from the misconduct; (iii) the pervasiveness of the misconduct; and (iv) whether the company is a criminal recidivist. In that case, the company may be required to resolve the matter through a plea or a deferred or nonprosecution agreement, in which case it would have to pay fines and other penalties under the Sentencing Guidelines, albeit with set recommended discounts for voluntary disclosure and cooperation. We first comment briefly on the core components of the Policy: Voluntary Disclosure Credit. As we noted in the context of the FCPA Pilot Program, although the DOJ purports to move the ball somewhat by providing for specific maximum percentages in exchange for voluntary disclosure, complete cooperation, and appropriate remediation, these clear lines largely reflect—or even roll back—the DOJ’s prior informal approach to FCPA enforcement. In pre-Pilot Program cases such as VimpelCom, the DOJ awarded a 45% reduction below the guidelines range even though the company had not voluntarily disclosed the improper conduct. The same is true for the 2014 cases of Alcoa and HP. It is curious, then, that the effect of the new Policy, which says that the Department will award “at most” a 25% reduction without a voluntary disclosure, actually reduces the incentives for cooperation to foster the goal of inducing more voluntary disclosures. The Keppel enforcement action from 2017 also highlights a potential risk of voluntarily self-disclosing in hopes of qualifying for a reduced penalty under the Corporate Enforcement Policy. In that case, the company self-disclosed potential FCPA violations, but did not receive credit because the DOJ had been made aware of the conduct from other sources. Cooperation Credit. Much like the FCPA Pilot Program, the Policy provides that, in the absence of a voluntary disclosure, a company may still receive up to 25% off the bottom of the Guidelines if it cooperates with the government’s investigation. In several cases that were settled after the Pilot Program’s announcement, the DOJ has granted slightly under a 25% reduction to companies that allegedly did not voluntarily disclose; for example, both Och-Ziff and Embraer received 20% discounts off the bottom of the fine range. We also can’t help but note that all seems negotiable: in Teva, the DOJ awarded the company a 20% discount for cooperation, resulting in the company paying only a 5% penalty for having failed to cooperate in earlier stages of the investigation, including by allegedly making “vastly overbroad assertions of attorney-client privilege” and failing to provide documents on a timely basis. Even more glaring is the government’s agreement in the Odebrecht/Braskem case to award the full 25% discount for cooperation even after including in the Statement of Facts an entire section entitled “Obstruction of Justice” (and including a threepoint enhancement in the Guidelines calculation) that describes an organized effort, including the payment of additional bribes, to prevent the production of certain records and to destroy other records or to degrade certain data. De-confliction. One area that generated uncertainty in the context of the FCPA Pilot Program was the concept of “de-confliction,” which the Pilot Program used without any real explanation as to its meaning or practical aspects, thus causing confusion among companies and defense counselors. As a result, the DOJ felt compelled to make public statements that confirmed that “deconfliction” means taking steps during an internal investigation to ensure that certain individuals are interviewed first by the DOJ, rather than the company’s counsel. Indeed, the DOJ cited Teva’s willingness to “defer witness interviews to de-conflict with the Fraud Section’s investigation” as a relevant consideration in Teva’s DPA. This concept was disturbing to some companies, who felt that it prevented them from conducting a full and credible internal investigation for an indefinite period, thus limiting their ability to provide accurate information as part of their cooperation and to implement effective remediation, including discipline of wrongdoers. Recent Trends and Patterns in FCPA Enforcement 19 The DOJ sought to address those concerns somewhat in the Policy, stating “requests to defer investigative steps, such as the interview of company employees or third parties, will be made for a limited period of time and will be narrowly tailored to a legitimate investigative purpose. . . . Once the justification dissipates, the Department will notify the company that the Department is lifting its request.” There are a number of questions and issues raised by the new Corporate Enforcement Policy: First, the breadth of the expansion of the FCPA Pilot Program to yield the new FCPA Corporate Enforcement Policy is highly unexpected, and in many ways surprising from a prosecutorial viewpoint, particularly viewed in light of generally applicable principles of corporate criminal liability and the DOJ’s own Principles of Federal Prosecutions of Business Organizations. While we are not complaining, of course, it is unprecedented to create a presumption that the company will not be prosecuted if it voluntarily discloses and adequately cooperates. In introducing the Policy, Deputy Attorney General Rod Rosenstein emphasized that “[i]t makes sense to treat corporations differently than individuals, because corporate liability is vicarious; it is only derivative of individual liability.” However, that is true of all corporate crimes, and, indeed, the Principles clearly state that “[c]orporations should not be treated leniently because of their artificial nature.” Some have analogized this Policy to the Antitrust Division’s amnesty program. However, whereas antitrust cartel cases by definition involve a horizontal conspiracy involving at least two—and usually more—competitors, FCPA cases are more likely to involve a single company or, at most, a vertical structure involving the company and one or more agents or intermediaries. Thus, in the cartel context, the government realizes a benefit from encouraging and rewarding disclosure because the information obtained from the leniency applicant can be used to prosecute the other companies at the same level of the conspiracy. This will rarely be the case in the context of an FCPA investigation. There are three other justifications that have been put forward by DOJ officials to justify this variance from prior practice. First, there is the resources justification: Rosenstein noted that by encouraging robust compliance programs and voluntary disclosures, the DOJ will be able to free prosecutors to work on other “horrendous crimes.” Second, there is the prosecution of individuals justification: by encouraging voluntary disclosure, Rosenstein noted that the Policy would “enhance our ability to identify and punish culpable individuals.” That explanation is consistent with the Yates Memo’s focus on requiring corporations to provide complete and timely information concerning wrongdoing executives and employees, but we would note that the Principles, which are also in the U.S. Attorney’s Manual, explicitly disavow this approach, noting that “[a] corporation should not be able to escape liability merely by offering up its directors, officers, employees, or agents.” Finally, there is the foreign evidence justification: Dan Kahn, the head of the Fraud Section’s FCPA Unit, noted in a recent conference that one difference between FCPA cases and other corporate crimes is that the evidence is often located overseas and it was “easier” to have corporations produce it than to go through more formal requests to foreign governments. This explanation is also reflected in the Policy’s list of required cooperation: “[t]imely preservation, collection, and disclosure of relevant documents and information relating to their provenance, including . . . disclosure of overseas documents.” Second, it appears that the declination presumption embodied in the Policy is the new category of enforcement invented by the Pilot Program—“declination with disgorgement”—in which the government announces that the company violated the FCPA and collects a penalty denominated as “disgorgement.” Indeed, the Policy notes that a “declination pursuant to the [Policy] is a case that would have been prosecuted or criminally resolved except for the company’s voluntary disclosure, full cooperation, remediation, and payment of disgorgement, forfeiture, and/or restitution. If a case would have been declined in the absence of such circumstances, it is not a declination pursuant to this Policy.” (Emphasis added). Thus, although denominated as a “declination,” the declinations posited by the Policy are, in reality, another point on the spectrum of enforcement—one with perhaps less onerous terms (e.g., no monitor) and less collateral consequences (e.g., no admission of facts that can be used against the company in other matters). Such a declination, however, still carries with it substantial financial and reputational costs that may linger long after the matter is resolved. The significant costs associated with an FCPA investigation, of course, will also remain. The requirement that a company disgorge entirely to qualify for the Policy represents an additional potential problem for convincing companies to buy into the program. By its very nature, disgorgement represents the repayment of illicit gains, and the government cannot be seen as allowing anyone—whether a corporation or individual criminal—to retain any portion of illicit gains. In this sense, the benefits that could in theory be gained by a company through the program may in fact be illusory in the case of the large-scale bribery schemes that have generated the largest FCPA settlements. Once the amount of illicit gain is determined, it will be difficult for the enforcement agencies to agree to any lesser amount, while a financial penalty is much more open to negotiation. Third, there is uncertainty among defense counsel about what qualifies as criminal recidivism, as the Policy does not provide insight into what types or features of previous criminal settlements will result in a company being considered a recidivist. It is not clear whether the Recent Trends and Patterns in FCPA Enforcement 20 DOJ will consider only prior FCPA cases, or whether criminal cases in other contexts will result in a company being considered a recidivist, a question that could be of particular importance for financial institutions that in recent years have been penalized in a number of criminal matters (e.g., money laundering and sanctions). It’s also unclear whether the DOJ will view past FCPA settlements differently based on the form of the penalty. Specifically, it is possible that a guilty plea by a company will be treated differently than a deferred or non-prosecution agreement, which could present the DOJ with grounds to exercise discretion in whether to consider a company a recidivist. As defense counsel and advisors to our corporate clients, we welcome, of course, any opportunity to obtain a less onerous resolution. Some of us, however, remember a day when the government would actually decline cases because they were too small, the evidence too equivocal or inadmissible, or the company’s cooperation and remediation so valuable. Here, the Policy essentially calls upon companies to provide the government with a case on a silver platter, including evidence that the government might never have discovered, or, if it did discover it, might not have easily acquired, or, if it did acquire it, might not be able to use in court. Having held out the carrot of a “declination” as an incentive for going this extra mile, we expect that some of our clients might be disturbed to find that the carrot is simply a smaller stick. Third-Party Due Diligence A number of the 2017 corporate enforcement actions involved an alleged bribery scheme that utilized third-party distributors or consultants. While the use of third-party intermediaries to funnel bribes is not a novel concept, the DOJ’s and SEC’s emphasis on these types of bribery schemes in 2017 shows that enforcement agencies continue to believe that third-party due diligence is a fundamental part of effective compliance programs. Indeed, in the cases of Mondelez and Las Vegas Sands, neither the DOJ nor the SEC alleged that the companies had paid bribes to foreign officials. Instead, the mere fact that the company paid money to a third-party, without knowing how the third-party would use the funds, was sufficient to trigger liability under the accounting provisions of the FCPA. While the DOJ and the SEC under the Trump administration may shy away from pursuing FCPA accounting provision violations as aggressively as they did under the Obama administration, the need to ensure that companies can adequately check and confirm that their third-party partners are not improperly using funds will always be a critical element of FCPA compliance. Recent Trends and Patterns in FCPA Enforcement 21 Unusual Developments Trump’s Impact on FCPA Enforcement Now that we are nearly one year into Donald Trump’s term as president of the United States, it seems a good time to take stock of what changes, if any, his administration has had on FCPA enforcement policy. As we discussed in last year’s Trends & Patterns, the election of Trump raised serious questions among bloggers and commentators over the future of the FCPA. Predictions on potential FCPA enforcement policy changes ranged from “the sky is falling” to a continuance of the status quo, and we posited that the reality was likely to fall somewhere in between the two extremes, with the most probable outcome being that little would change under the Trump administration. One year in, this appears to generally be the case. Enforcement Policy Changes at the DOJ and the SEC While it is true that this year has seen a slowdown in the number of FCPA enforcement actions, a temporary dip is not surprising at the beginning of a new administration, particularly given the unusual delays in appointing and confirming senior officials at Main Justice and the U.S. Attorney’s Offices. The president himself does not change enforcement policy by instructing prosecutors which cases to pursue and which to drop—or, at least, he’s not supposed to. His appointees, however, will set priorities and influence attitudes to some degree, thus potentially shifting enforcement policies at the DOJ and SEC. The new appointees at the SEC and DOJ have indicated they intend to continue enforcing the FCPA. Attorney General Jeff Sessions stated in an April speech that “[w]e will continue to strongly enforce the FCPA and other anti-corruption laws.” At the SEC, Chairman Jay Clayton is on record calling the FCPA a “powerful and effective tool.” While making predictions about this administration’s policies may be a futile endeavor, all of the evidence thus far indicates FCPA enforcement will continue in a business-as-usual fashion. It is interesting in light of these statements that DAG Rosenstein, in announcing the new FCPA Corporate Enforcement Policy, felt it necessary to introduce his remarks by first stating the justification for anti-bribery enforcement (“[i]t stifles innovation, fuels inefficiency, and inculcates distrust of government”; “[i]t leads to increased prices, substandard products and services, and reduced investment”; “crime syndicates and authoritarian rules use corruption to enrich themselves . . . consolidate political power and defeat legitimate political adversaries”) but then, oddly, went on to state “it is not for the Department of Justice to say whether the FCPA reflects sound policymaking. The United States Congress made that judgment.” Following this lukewarm endorsement, it was not surprising that he argued that one benefit of the new Policy would be to free prosecutors to work on other matters—those involving “other financial crimes” and “different threats to the American people, including terrorism, gang violence, drug trafficking, child exploitation, and human smuggling.” If this is, indeed, the goal of the revamped FCPA Corporate Enforcement Policy, it will be interesting to see how many FCPA cases are actually investigated by the Department, as opposed to managing voluntary disclosures, and whether resources will be reallocated within the Department as the Policy takes hold, especially in light of the expansion of attorneys hired by the Fraud Section in recent years to focus on FCPA enforcement. The Trump administration’s recently released National Security Strategy might provide some institutional weight to the Department’s and the SEC’s FCPA enforcement efforts, in that it emphasized foreign corruption as a key threat to U.S. interests. The White House’s NSS repeatedly referenced foreign corruption in several different contexts: vowing to “fight corruption so U.S. companies can compete fairly in transparent business climates;” prioritizing technology development because “[s]uch technologies can reduce corruption, increase transparency, and help ensure that money reaches its intended destination;” threatening to “suspend aid rather than see it exploited by corrupt elites;” and chastising “China’s often extractive economic footprint on the [African] continent.” At a minimum, the NSS indicates that foreign corruption is a prevalent topic in the current administration, although some of the language seems angled less towards promoting prosecution of corruption and more towards painting foreign countries as dishonestly abusing the U.S. to support President Trump’s “America First” trade policy agenda. At this point, the messages are mixed, and we will have to wait and observe which direction dominates, if any. At the SEC, enforcement has dropped significantly since the Trump administration took power. In the past, the SEC has consistently brought more cases than the DOJ, an unsurprising fact since the Commission often focuses on less egregious bribery schemes that do not rise to the level of justifying criminal action. This was, however, a reflection of the previous Chairman’s (and her head of Enforcement’s) “broken windows” strategy, in which the goal of deterrence was perceived to be furthered by emphasizing the risk of enforcement, i.e., “no case is too small.” We understand that the new team at the SEC has a different view, and, if so, we would expect to see fewer small corporate cases and, likely, more individual cases going forward. Further, the SEC must also grapple with the implications of the Supreme Court’s decision in Kokesh, which is discussed in further detail below. Recent Trends and Patterns in FCPA Enforcement 22 Reform of the Dodd-Frank Act During the course of the presidential election season, candidate Trump repeatedly promised to repeal (or at minimum significantly amend) the Dodd-Frank Act. A repeal of the statute could impact the SEC’s current FCPA enforcement strategies in a number of ways, depending on the extent of a potential repeal. First, and most significantly, a full repeal of Dodd-Frank would limit the ability of the SEC to use administrative proceedings in future FCPA enforcement actions. The potential loss of the administrative proceeding mechanism would force the SEC to pursue its FCPA enforcement actions through the federal courts. The loss of administrative proceedings would almost undoubtedly make it more difficult to pursue charges against individuals willing to put the Commission to its burden. Second, a repeal of Dodd-Frank would potentially do away with the SEC’s Whistleblower Program (at least in the form that currently exists). Whether the Whistleblower Program has generated actual FCPA enforcement actions is a bit of a black box given the program’s confidentiality requirements (although it has been reported that the 2015 enforcement action against BHP Billiton was the result of a whistleblower). According to the SEC’s statistics, FCPA violations reported through the Whistleblower Program have made up a relatively small portion of the overall tips (approximately 4%–5% over the last three years). As a result, a loss of the SEC’s Whistleblower Program, though significant for other areas of SEC enforcement, may not have that significant of an impact on the FCPA. Trump Executive Order Sanctions Thirteen Individuals for Corruption and Human Rights Abuses Under the Global Magnitsky Act On December 20, 2017, President Trump signed an Executive Order, “Blocking the Property of Persons Involved in Serious Human Rights Abuse or Corruption,” which imposed sanctions on thirteen individuals around the world for various human rights or corruptionrelated offenses, ranging from directing an ethnic cleansing and ordering extrajudicial killings of political opponents to participating in global bribery schemes and running organized crime syndicates. Trump issued the sanctions under authority granted to him by the Global Magnitsky Human Rights Accountability Act of 2016—the first such use of the authority. The Global Magnitsky Act notably expands the United States’ ability to punish extraterritorial corruption that occurs outside even the exceptionally broad jurisdictional requirements of the FCPA; indeed, three of the sanctioned individuals (and many affiliated companies) were targeted because of their involvement in schemes that resulted in FCPA enforcement actions, such as Och-Ziff and Odebrecht. Going forward, jurisdiction is an increasingly flimsy wall. The Global Magnitsky Act follows in the footsteps of the Magnitsky Act of 2012, which was passed after the high-profile illegal detention, torture, and death of Sergey Magnitsky after he uncovered a massive corruption conspiracy in Russia. The original Magnitsky Act acknowledged the importance of fighting corruption to prevent human rights abuses and enabled the President to sanction individuals involved in Mr. Magnitsky’s death or who commit “gross violations” of human rights against individuals who, like Mr. Magnitsky, sought to expose illegal activity and promote human rights in Russia. The new Global Magnitsky Act contains similar provisions sanctioning human rights abusers, but it also allows the President to sanction “any foreign person determined . . . to be a current or former government official . . . directly or indirectly engaged in corruption, including the misappropriation of state assets, the expropriation of private assets for personal gain, corruption related to government contracts or the extraction of natural resources, or bribery.” Now, individuals no longer need commit a gross violation of human rights to potentially become subject to U.S. sanctions—corruption alone will do. The Global Magnitsky Act also sweeps affiliated entities and those who attempt or materially assist sanctionable corruption under its purview. The assortment of nefarious activities conducted by the thirteen sanctioned individuals to land them on this notorious list demonstrates the degree to which the Act considerably broadens the scope of type of activity targeted by sanctions. For instance, this first round of sanctions included Dan Gertler, “an international businessman and billionaire, who used his connections with the president of the Democratic Republic of the Congo, as well as other officials, to amass his fortune through hundreds of millions of dollars’ worth of opaque and corrupt mining and oil deals”—a story we are already familiar with after the 2016 FCPA enforcement actions against Och-Ziff. Indeed, Mr. Gertler was widely alleged to be the “infamous Israeli businessman” at the heart of the corruption scheme that resulted in charges by the DOJ and SEC against five individual co-conspirators and over $400 million in penalties. While the DOJ and SEC never filed charges against Mr. Gertler, his inclusion on the Global Magnitsky Act list effects punishment on him which may have greater consequences than any FCPA-based enforcement action by freezing all of his U.S. assets and blocking him from accessing the U.S. financial system. Nineteen of the companies owned or controlled by Mr. Gertler were also sanctioned, as was his associate, Pieter Albert Deboutte. Similarly, President Trump’s Executive Order identified Angel Rondon Rijo, a Dominican businessman who acted as a conduit of bribes from Odebrecht to various officials as part of the bribery scheme that resulted in over $4.5 billion in fines. Mr. Rijo may have escaped the numerous global enforcement actions against Odebrecht and its participants, but his addition to the Global Magnitsky list ensures he will not get off scot-free. Recent Trends and Patterns in FCPA Enforcement 23 The first round of sanctions under the Global Magnitsky Act indicates that it may be a powerful tool for punishing a myriad of different corruption-related crimes worldwide and manifests the United States’ intention to “impose tangible and significant consequences on those who commit serious human rights abuse or engage in corruption.” However, it is difficult to draw any conclusions about the future application of the Act because of the wide breadth of its potential scope. During a Department of State press conference, one reporter asked for “more detail on why you chose this one individual,” to which one official responded, “I would not infer from this one designation that we’re determining only that this individual is responsible, nor would I infer one way or the other what our future intended actions are.” This vague response did not allay concerns that sanctions will be applied somewhat arbitrarily (or with political motivations) to individuals without due process, even in cases in which the government might not have prevailed at trial even if the individual came within U.S. jurisdiction. However, most of the U.S. economic sanctions regimes operate on a similar basis, and the Global Magnitsky Act merely elevates corruption to the ranks of terrorism, narcotics trafficking, nuclear proliferation, cyber-crime, illegal diamond trafficking, transnational criminal organization, and sanctions-evasion, all of which can land a foreign individual on the U.S. economic sanctions list. Limits on SEC’s Pursuit of Disgorgement and Declaratory Relief: Kokesh v. SEC On June 5, 2017, the Supreme Court issued a unanimous decision in Kokesh v. SEC, 13 holding that disgorgement was subject to the five-year statute of limitations on enforcing “any civil fine, penalty, or forfeiture.” Kokesh jettisoned the SEC’s long-held assertion that disgorgement was an equitable remedy not subject to the limitations period, thus setting off a ripple effect through the SEC’s past enforcements and its future enforcement strategies—including in the FCPA realm. Some of the justices even questioned whether the SEC had the authority to demand disgorgement, but that question was deferred for another day. One clear consequence of Kokesh is that it may incentivize the SEC to increase the speed of its FCPA investigations, which have been known to drag on for years. Indeed, the SEC’s co-Director of Enforcement, Steven Peikin, said in a speech in November that after Kokesh the SEC has “no choice but to respond by redoubling our efforts to bring cases as quickly as possible.” We can also probably expect to see more tolling agreements, although Peikin disclaimed any “resort to some sort of reflexive serving of tolling agreement at the beginning of the investigation.” Defendants have also relied on Kokesh to block enforcement actions by the SEC or to claw back disgorgement barred by the Supreme Court’s decision. In SEC v. Cohen & Baros, 14 the defendants filed motions to dismiss the FCPA charges against them because all of the conduct alleged by the SEC occurred outside the statute of limitations. In its opposition, the SEC argued that the defendants cannot use Kokesh as an affirmative defense to liability—rather than to block penalties—and that Kokesh does not bar injunctive and declarative remedies. At least two federal circuit courts have found that injunctive relief is not subject to the time bar, but the Eleventh Circuit found in United States v. Graham15 that declarative remedies are penalties under the statute of limitations statute. Other courts have expressed disfavor with respect to “obey the law” injunctions, which require companies and individuals to do what they, like everyone else, are required to do anyhow. The Eastern District of New York had not issued a decision in Cohen as of publication, and it would be difficult to predict any result, but this case certainly merits attention as an important step in post-Kokesh enforcements. What the courts have made clear, however, is that Kokesh can be used to vacate disgorgement orders that are time-barred. Indeed, the Eighth Circuit did just that in SEC v. Collyard, 16 holding that the defendants were not required to pay $240,000 in disgorgement for conduct that occurred from 2004 to 2006. While Collyard is not an FCPA-related case, the logic still applies, and it is possible that other defendants may move to vacate their disgorgement orders in the next few months. Similarly, a class action in the District of Massachusetts seeks to use Kokesh to recover disgorgement already paid pursuant to what the plaintiffs claim were “illegally assessed disgorgement penalties.” The class covers all persons who paid disgorgement that would now be blocked by the five-year statute of limitations—approximately $14.9 billion. Although this case has not been decided yet, it represents a far-reaching effort to challenge the SEC’s disgorgement authority in the wake of Kokesh. Finally, it is worth noting that Kokesh does not seem to present the same difficulties for the DOJ. The Kokesh decision not only prevents the SEC from obtaining disgorgement if it brings an action outside the limitations period, it also limits the amount of disgorgement to those illicit gains obtained by the company during the limitations period. In other words, if a company paid bribes over a lengthy period, the SEC would only be able to force disgorgement of any gains the company realized in the last five years. In contrast, the DOJ has the 13 Kokesh v. SEC, 137 S.Ct. 1635 (2017). 14 SEC v. Cohen, No. 1:17-cv-00430-NGG-LB (E.D.N.Y. filed Jan. 26, 2017). 15 SEC v. Graham, 823 F.3d 1357 (11th Cir. 2016). 16 SEC v. Collyard, 861 F.3d 760 (8th Cir. 2017). Recent Trends and Patterns in FCPA Enforcement 24 advantage of utilizing the powerful tool of conspiracy law, which permits the DOJ to charge the entire conspiracy, provided that one overt act took place within the limitations period, and then seek criminal penalties based upon the gross gain or loss resulting from that conspiracy. Further, the DOJ has the advantage of being able to toll the statute of limitations unilaterally for up to three additional years if it files requests with foreign governments to obtain foreign evidence. Confidentiality of Privileged Investigative Materials and Compliance Monitor Reports The confidentiality of documents related to investigations by regulatory agencies faced several attacks this year. While courts have generally upheld the confidentiality of these documents, some did find exceptions and require disclosure thus adding to the risks corporations must consider in deciding whether to accept a settlement offer that contains reporting requirements or an independent monitor—or even whether to voluntarily disclose potential violations in the first place. In the context of one of the year’s biggest stories—the Office of the Special Counsel’s investigation into the Trump administration’s potential collusion with Russia—the District Court for the District of Columbia granted a motion to compel the former counsel of two highlevel Trump campaign members, Paul J. Manafort, Jr. and Richard W. Gates, to testify before a grand jury regarding certain aspects of her prior representations of these clients. Specifically, the subpoena at issue in In re Grand Jury Investigation17 required the counsel to testify on the source of information she relied on in two letters submitted to the DOJ’s Foreign Agent Registration Act unit containing allegedly false and misleading information. The district court rejected claims of attorney-client privilege and work product protection on several bases, but most importantly it found that the attorney-client privilege had been implicitly waived by the inclusion of factual statements in large part expressly attributed to Manafort’s and Gates’s recollections in the FARA submissions. The court’s decision was narrow, since it only found that the privilege had been waived with regard to the source of the false statements, but it represents a notable caution as to the importance of maintaining the confidentiality of attorney-client communications. Similarly, the District Court for Southern Florida carved out a small slice from the confidentiality of attorney-client communications by requiring the law firm Morgan, Lewis & Bockius to disclose materials provided to the SEC during the course of its defense of General Cable in 2013. In SEC v. Herrera, 18 the SEC charged two former General Cable executives, Mathias Francisco Sandoval Herrera and Maria Cidre, in connection with the fraud perpetrated by General Cable for which it paid a $6.5 million penalty. In 2013 as part of the General Cable investigation, Morgan Lewis voluntarily provided the SEC with oral summaries of twelve witness interviews. Because the SEC was General Cable’s “adversary” at the time, the court ordered General Cable to disclose “the notes of the meeting with the SEC concerning the twelve witness interviews which were orally downloaded to the SEC at that meeting and the portion of the interview memorandum read to the SEC”—and Morgan Lewis complied on December 13, 2017. Morgan Lewis requested the court to reconsider ordering the disclosure of the interview notes and memoranda relating to the twelve witness interviews at issue, and the court’s decision is pending at the time of publication. This decision is remarkable for what it requires to be disclosed, but it is important to note where the court drew the line—it refused to compel disclosure of materials provided to General Cable’s auditor, Deloitte, because they were not “adversaries.” It also did not require disclosure of the twenty-eight interviews not summarized by Morgan Lewis at the SEC meeting. These limitations provide important guidance in deciding what information to provide in voluntary disclosures to the SEC and other regulatory authorities. Interestingly, the court in In re Grand Jury Investigation also addressed whether interview notes were protected from disclosure not by the attorney-client privilege but by the attorney work product protection. In that case, the court held that even asking counsel whether she had memorialized her conversations with her clients constituted an improper effort to obtain “opinion work product” (at least without greater foundation than provided by the Special Counsel). The court’s decision may be relevant with respect to interview memoranda prepared by counsel in the course of an internal investigation, at least if they are not read to the government as may have happened in the General Cable matter. Rather, in In re Grand Jury Investigation, the court held that the “fact that an attorney memorialized, in writing or another form, particular client communications reveals her ‘thought processes’ . . . by showing her ‘focus in a meaningful way,’ . . . particularly if the attorney only recorded a client’s communications that she considered significant in some way.” Alternatively, the Second Circuit’s decision in United States v. HSBC Bank19 to prevent the unsealing of a corporate monitor’s report was finalized after the district court granted the government’s motion to dismiss on December 12, 2017, foreclosing any certiorari attempts. The Second Circuit’s refusal to unseal the monitor’s report filed with the district court pursuant to a deferred prosecution agreement 17 In re Grand Jury Investigation, Misc. Action No. 17-2336 (BAH), 2017 WL 4898143 (D.D.C. filed Oct. 2, 2017). 18 SEC v. Herrera, No. 1:17-cv-20301-JAL (S.D. Fla. filed Jan. 24, 2017). 19 United States v. HSBC Bank USA, N.A., 863 F.3d 125 (2d Cir. 2017). Recent Trends and Patterns in FCPA Enforcement 25 provides critical protection to the highly sensitive information about a corporation contained within the reports, including its compliance with laws and details of its compliance programs. It also clarified that the government is not required to provide the district court with updates regarding an institution’s compliance with a DPA, thus limiting judicial oversight and further reducing the risk that any reports would become accessible to the public. Relatedly, in 100Reporters LLC v. DOJ, 20 an investigative nonprofit news organization seeks to obtain access to corporate compliance monitor reports through a different channel—that is, a Freedom of Information Act Request. The case was filed in July 2014 after the DOJ refused to comply with the Plaintiff’s request for the monitor reports in connection with its 2008 settlements with Siemens AG and its subsidiaries. As of December 2017, the Plaintiff’s Motion for Summary Judgment remains pending, but the DOJ, backed by Siemens, remains committed to fighting the FOIA request and protecting the confidentiality of the reports. Overall, 2017 brought mixed results regarding confidentiality of information provided to regulatory agencies as part of FCPA and other investigations. While these new points of entry should not change the ultimate decision of corporations to cooperate in investigations or to agree to post-settlement reporting requirements, corporations subject to investigation would be remiss in failing to draw lessons and adjust their tactics to avoid the landmines uncovered in this year’s cases. Continued Cooperation between U.S. and Foreign Regulators 2017 marked the twentieth anniversary of the OECD Anti-Bribery Convention, and, fittingly, the year saw an upsurge in international cooperation between U.S. and foreign regulators to investigate and settle FCPA cases. Further, several countries treaded into novel enforcement territory and expanded the reach of their anti-bribery laws this year. Perhaps the greatest showing of international cooperation this year was the case of Telia, in which U.S., Dutch, and Swedish regulators cooperated in the investigation and landed a $965 million global settlement. As multijurisdictional investigations increasingly take hold in FCPA enforcement, officials have claimed the global settlements are fair and do not involve “double dipping” or “piling on.” In the DOJ’s press release announcing the Telia settlement, Acting Assistant Attorney General Kenneth Blanco pointed to the terms as evidence of the authorities’ efforts “to reach fair, appropriate and coordinated resolutions.” Indeed, the risk of international double jeopardy was addressed by the Paris Court of Appeals in 2016—albeit in the context of an individual criminal action. Specifically, the Paris court held that prosecuting Geoffrey Tesler, the intermediary in the TSKJ cases, in France for the same alleged bribery to which he pleaded guilty in the United States violated the International Covenant on Civil and Political Rights because Mr. Tesler could not deny the allegations or otherwise defend himself in the French proceeding without violating the terms of the plea agreement with the U.S. authorities. The decision was based, in part (and perhaps unconvincingly), on the court’s view of the U.S. plea agreement as coercive and “involuntary,” and the decision’s scope may be further limited to only U.S.-French investigations in the individual criminal context. Finally, no similar restrictions would apply in the reverse situation—that is, when an individual is first convicted in France he or she can still face charges in the U.S. While it may be limited, the Tesler case builds a few blocks back into the wall obstructing full international cooperation in FCPA prosecutions. Increased cooperation can also be seen in this year’s settlements with Rolls-Royce, which appears to have been spearheaded by the SFO, and SBM Offshore, in which the DOJ explicitly accounted for SBM’s settlement with Dutch authorities and the ongoing investigation by Brazilian authorities when calculating the company’s penalty. This year’s internationally prosecuted cases follow on the heels of 2016’s watershed global settlement against Odebrecht, in which Brazil, Switzerland, and the United States secured a $4.5 billion penalty—the largest in FCPA history. While Rolls-Royce and other cases represent successful joint enforcements between the U.S. and the U.K., there was not always such smooth sailing across the pond this year. In the criminal prosecution of the LIBOR manipulation scheme, two defendants, Anthony Allen and Anthony Conti, secured vacatur of their convictions when the Second Circuit held that the prosecution violated the Fifth Amendment’s protections against self-incrimination when it indirectly utilized Allen’s and Conti’s compelled testimony from the U.K. Financial Conduct Authority’s investigation. During the course of its investigation, the FCA provided one of the witnesses in the case, Paul Robson, with transcripts of Allen’s and Conti’s compelled testimony, which he reviewed and annotated. The Second Circuit found that this exposure to the defendants’ involuntary testimony potentially tainted Robson’s testimony, and the prosecution failed to meet the heavy burden to affirmatively “prove that the evidence it proposes to use is derived from a legitimate source wholly independent of the compelled testimony”—indeed, the record showed that Robson’s testimony was meaningfully different after he reviewed the involuntary testimony. The prosecution’s inability to demonstrate that a jury would have convicted Allen and Conti without Robson’s “essential” but 20 100Reporters LLC v. DOJ, No. 1:14-cv-01264-RC (D.D.C. filed July 24, 2014). Recent Trends and Patterns in FCPA Enforcement 26 tainted testimony secured the Second Circuit’s decision to dismiss the indictments, thus casting a shadow of doubt over future crossborder investigations with any countries that allow compelled testimony. The issue is further complicated because the U.S. authorities took precautions to prevent Fifth Amendment issues, including requesting to interview witnesses before the FCA and establishing a wall between the investigations. However, the FCA provided Robson with the compelled testimony—a bell which the U.S. authorities could not unring or hope to control. Increased communication of the Fifth Amendment’s restrictions may help prevent problems, but expecting foreign authorities to understand and act according to U.S. law may be unrealistic and unreasonable, even in these times of increased international cooperation. While the U.S. and the U.K. sort out the growing pains of conducting joint enforcement actions, other countries are becoming more active in pursuing anti-bribery enforcements. For example, France expanded its anticorruption laws (Sapin II) to parallel those in the U.S. and U.K. this year and allow its authorities to bring enforcement actions in extraterritorial cases with a French connection. Significantly, Sapin II placed an affirmative duty on French companies of a certain size to implement effective compliance controls, arguably going beyond both the FCPA and the Bribery Act in that respect. France also issued its first deferred prosecution agreement this year—a familiar tool in FCPA enforcement. The combination of increased territorial reach and utilization of new settlement mechanisms may signal that France is ready to step up as a global anti-bribery force, or at a minimum is finally responding to criticism from the OECD about its “limited efforts” to combat bribery. Similarly, Canada upheld its first individual foreign bribery conviction against Nazir Karigar. This conviction marks only the fourth conviction under Canada’s Corruption of Foreign Public Officials Act since its passage in 1999, and it was notable not only as the first individual conviction but also as a first demonstration of the Canadian courts’ willingness to prosecute even where there was no evidence that a bribe actually changed hands. Argentina also expanded its anti-bribery laws in 2017, including provisions to reward companies for cooperation with authorities. Finally, Singapore entered into its first FCPA joint-enforcement action and received over $105 million of the global criminal penalty against Keppel Offshore & Marine Ltd. All of these cases certainly signal that international cooperation and foreign prosecution of corruption has matured since the signing of the OECD Convention and other international agreements in the late 1990s. Sandra Moser, the Acting Chief of the DOJ Fraud Section, recently opined, “[a]t the risk of sounding overly optimistic, it seems clear that the tide is irreversibly turning toward global recognition of the unacceptable costs of corruption.” If, however, Ms. Moser is right, and foreign enforcement is picking up the slack and investigating and prosecuting their own companies, then the justification for the U.S. authorities to insert themselves into cases in which there is little or no U.S. nexus, and little or no harm to U.S. interests, becomes much less defensible. We completely understood the government’s apparent strategy of holding their OECD counterparts’ feet to the fire and, by using expansive and imaginative prosecution theories, sending the message that “we will prosecute your companies if you won’t” in the absence of apparent political will to pursue such cases in the home countries of some of the world’s largest multilateral companies. If, however, that has now changed, at least on a country-bycountry basis, the arguments for the U.S. authorities stretching the statute, sometimes beyond recognition, to reach foreign companies with only a tangential relationship to the U.S. are no longer sustainable, and such prosecutions, rather than serving an overriding strategic goal of encouraging active and effective enforcement throughout the world, simply start to look like prosecution for the sake of prosecution. Recent Trends and Patterns in FCPA Enforcement 27 Private Litigation Consistent with private FCPA-related litigation in the past, 2017 has seen a number of derivative and securities lawsuits filed due to the disclosure of FCPA investigations and enforcement actions. While there is no private right of action under the FCPA, the plaintiffs’ bar may have a new tool to punish companies for related conduct. On September 19, 2017, a federal district court in New York allowed a putative securities fraud class action to proceed against VEON Ltd.—formerly known as VimpelCom—and several of its current and former executives for violations of Sections 10(b) and 20(a) of the Securities Exchange Act of 1934. In In re VEON Ltd. Securities Litigation, 21 the plaintiffs had alleged that VEON failed to disclose in its SEC filings that it had engaged in a bribery scheme in Uzbekistan and that, as a result, its statements about the company’s growth were materially misleading. VEON sought to dismiss the case on the ground that the plaintiffs’ claims were an impermissible attempt to enforce the FCPA through a private right of action, but the court rejected this argument, holding that the plaintiffs’ allegations were sufficiently distinct to plead violations of Sections 10(b) and 20(a) of the Exchange Act. VimpelCom, of course, entered into a deferred prosecution agreement with the DOJ in February 2016, pleading guilty to conspiracy to violate the anti-bribery and books-and-records provisions of the FCPA and a substantive violation of the internal controls provision of the FCPA. In the complaint commencing this civil litigation, the plaintiffs relied on VimpelCom’s admissions in the DPA. In largely denying VEON’s motion to dismiss, the court held that VEON’s alleged failure to disclose its bribery scheme—when it stated that its sales and marketing efforts in Uzbekistan resulted in increased subscribers and revenues—made those and similar statements an adequate basis to bring a claim. Regarding alleged misstatements concerning governmental authorities in Uzbekistan, the court held that general disclosures about the relevant oversight bodies were true and therefore not a sufficient basis to assert a claim. In light of the company’s admitted bribes, however, its statement that “all owners of telecommunication networks have equal rights and enjoy equal protection guaranteed by the law” was materially misleading and therefore could form the basis of a claim. In addition, the court held that certain of VEON’s statements about its internal controls could serve as the basis for a claim because plaintiffs alleged that those statements regarding the “existence and efficacy” of those controls were knowingly false. Notably, however, the court found that, to the extent the plaintiffs’ claim was based on the failure to follow internal controls, without more, that aspect of the claim was dismissed because it constituted “mismanagement,” which cannot support a claim for securities fraud. The court separately held that the plaintiffs had sufficiently alleged fraudulent intent on the part of the VEON executives, and that this intent could be attributed to the company. This case highlights that, while alleged FCPA violations alone cannot give rise to a private right of action, plaintiffs may be able to sustain securities claims based on alleged criminal wrongdoing if they can sufficiently plead that the failure to disclose such conduct made the company’s other disclosures materially misleading. 21 In re Veon Ltd. Sec. Litig., No. 15-cv-08672 (ALC), 2017 WL 4162342 (S.D.N.Y. Sept. 17, 2017). Recent Trends and Patterns in FCPA Enforcement 28 Enforcement in the United Kingdom SFO – English High Court Clarifies Extent of Litigation Privilege in Internal Investigations In our January 2017 Trends & Patterns, we discussed the December 2016 decision in The RBS Rights Issue Litigation22 in which the High Court ruled that notes and summaries prepared by counsel of employee and ex-employee witness interviews do not attract legal advice privilege, and considered how—when taken together with the SFO’s stated public approach to privilege—corporations and their legal advisers ought to conduct internal investigations. Despite the SFO’s assertions that “substantively there isn't even a cigarette paper between” its and the DOJ’s respective approaches to resolving investigations or prosecutions, we considered that the SFO, in fact, has been taking a different approach. This is in part demonstrated by the decision in In re Grand Jury Investigation, described supra at pages 26-27, and the language in the new DOJ FCPA Corporate Enforcement Policy which explicitly states that cooperation entails “attribution of facts to specific sources where such attribution does not violate the attorney-client privilege” and further emphasizes, “eligibility for full cooperation credit is not predicated upon waiver of the attorney-client privilege or work product protection.” (Emphasis added.) Our view has been reinforced by the SFO’s recent success in challenging an assertion of litigation privilege over certain documents created as part of an internal investigation into alleged corruption, which is the latest example of the SFO’s increasing appetite to challenge claims to legal professional privilege. In Serious Fraud Office v Eurasian Natural Resources Corporation Ltd, 23 the High Court held that several classes of documents, which ENRC had produced in the course of an internal investigation, did not attract litigation privilege and so were not protected from disclosure. Breaking new ground, the Court held that prosecution—i.e., litigation—“only becomes a real prospect once it is discovered that there is some truth in the accusations, or at the very least that there is some material to support the allegations of corrupt practices.” Consequently, the Court held that documents created during the course of an internal investigation will only attract litigation privilege once there is a real prospect of a prosecution—i.e., when “the prosecutor is satisfied that there is a sufficient evidential basis for prosecution and the public interest test is also met.” The Court also rejected ENRC’s contention that the SFO’s criminal investigation into its conduct should be treated as adversarial litigation for the purposes of attracting litigation privilege. Instead, the Court considered that an SFO investigation is “a preliminary step taken, and generally completed, before any decision to prosecute is taken . . . . Such an investigation is not adversarial litigation.” In October 2017, ENRC was granted leave to appeal the Court’s decision to the Court of Appeals. Nevertheless, the High Court’s judgment, when taken together with The RBS Rights Issue Litigation judgment, raises real concern that documents which may be privileged in one jurisdiction, such as the U.S., may have to be disclosed in another. However, in October 2017, ENRC was granted leave to appeal the Court’s decision to the Court of Appeal. To assist in any future claim to litigation privilege, we recommend that companies: (i) maintain a record—and, if appropriate, an analysis—of all communications with, and actions taken by, the SFO (this will be of use if and when subsequently there is a need to determine when adversarial proceedings came into prospect); and (ii) maintain a record, or otherwise document, the purpose for which particular documents are produced (this will assist in asserting that a document or class of documents were created for this dominant purpose of the litigation). SFO Update – Third and Fourth UK DPAs Approved On January 17, 2017, the English High Court approved the UK’s third DPA between the SFO and Rolls-Royce plc and Rolls-Royce Energy Systems Inc. Allegations of Rolls-Royce’s conduct first surfaced in 2012 when concerns about the company’s civil aerospace business in China and Indonesia were posted on the internet. Once it became aware of the posts, the SFO asked Rolls-Royce to provide it with information, and the company immediately commenced an internal investigation, during which it uncovered further issues in the three business areas. In December 2013, the SFO started its criminal investigation into Rolls-Royce’s activities. 22  EWHC 3161 (Ch). For a further discussion of this case, you may wish to refer to our prior client publication, Shearman & Sterling, High Court Rules That Witness Interview Notes Are Not Covered by Legal Advice Privilege. 23  EWHC 1017 (QB). Recent Trends and Patterns in FCPA Enforcement 29 According to the DPA, Rolls-Royce had engaged in various bribery and corrupt activities (including failing to prevent bribery) in China, India, Indonesia, Malaysia, Nigeria, Russia, and Thailand over twenty-four years in relation to its civil aerospace, defence aerospace and its former energy businesses. This conduct resulted in the SFO charging Rolls-Royce with one count of false accounting between March 2005 and September 2009; six counts of conspiracy to corrupt between January 1989 and December 2009; and five counts of failing to prevent bribery between July 2011 and November 2013. Under the terms of the DPA24—which will expire on January 17, 2022—Rolls-Royce is required to pay £258,170,000 in disgorgement of gross profits, together with a financial penalty of £239,082,645 and the SFO’s costs of £13 million. In respect of the financial penalty, the Court applied harm multiplier figures ranging from 250% to 400% as against each of the twelve counts, totalling £478,165,290. However, the Court considered that, under the circumstances, a 50% discount was appropriate given Rolls-Royce: (i) had entered an early guilty plea (resulting in a 33% discount); and (ii) had “demonstrated extraordinary cooperation” with the SFO. The level of Rolls-Royce’s cooperation satisfied the Court that, in the circumstances, a further discount of 16.7% (taking the total discount to 50%) was justified. Given that the SFO’s investigation was not triggered by Rolls-Royce self-reporting, it may seem at first glance surprising that the SFO offered a DPA and that the Court agreed to permit it. Indeed, the Court’s initial reaction when it first considered the SFO’s request to approve the DPA was that if Rolls-Royce “were not to be prosecuted in the context of such egregious criminality over decades, involving countries around the word, making truly vast corrupt payments and, consequentially, even greater profits, then it was difficult to see when any company would be prosecuted.” However, the SFO advanced the case that the nature and extent of Rolls-Royce’s cooperation had been extraordinary such that, in the particular circumstances of the case, the Court “should not distinguish between its assistance and that of those who have self-reported from the outset.” On reflection, the Court considered the following countervailing factors as supporting the case for approving the DPA: Co-operation: the Court was satisfied that, from the moment the SFO first asked questions of Rolls-Royce in 2012, the company “could not have done more to expose its own misconduct, limited neither by time, jurisdiction or area of business.” Prior Conduct: there was nothing to suggest that Rolls-Royce previously had been implicated in corrupt activities. Corporate Compliance: (i) in 2013, Rolls-Royce had appointed an independent corporate compliance expert to conduct an independent review of its ethics and compliance procedures; (ii) the company had taken various steps to enhance those procedures, including recruiting experienced compliance personnel in key positions (e.g., Head of Risk and Head of Compliance) as well as Local Ethics Advisers; (iii) Rolls-Royce reviewed 250 intermediary relationships and suspended 88 of them; and (iv) as a result of its internal investigation, the company took disciplinary action against thirty-eight employees in its Civil Aerospace, Energy, and Marine divisions, resulting in the dismissal of six employees and the resignation of a further eleven, with others being sanctioned. Change of Culture and Personnel: none of Rolls-Royce’s board or senior management were implicated in the misconduct or otherwise held positions where they should have been aware of the company’s culture and practices. The Court “highly commended” Rolls-Royce's Board for all that the company had done since 2012. The Impact of Prosecution: the Court considered that a conviction would “undeniably affect [Rolls-Royce’s ability] to trade in the world where . . . it is a world leader and has a reputation for excellence . . . [and] it is not difficult to visualize that the direct losses to revenue which would be caused by debarment” from public procurement contracts (which represent around 30% of the company’s business), exclusion from other contracts and reduced R&D. Debarment and exclusion would “clearly have significant, and potentially business critical, effects” on the company's financial position, which could result in a very negative share price impact and more serious impacts on shareholder confidence, future strategy and, by extension, the company’s long-term viability. The Court also considered that these repercussions could impact on third parties, including: (i) adversely affecting the UK’s defense industry, to which Rolls-Royce supplies engines, nuclear propulsion technology and aftermarket services; (ii) consequential financial effects on the supply chain; (iii) impairment of competition in highly concentrated markets; and (iv) possible group-wide redundancies and possible weakening for Rolls-Royce’s financial covenant for pensions. 24 Which can be found at Deferred Prosecution Agreement - SFO v Rolls-Royce. Recent Trends and Patterns in FCPA Enforcement 30 Nevertheless, the Court stated that the “national economic interest is irrelevant” as a factor in deciding whether to allow the DPA as was any suggestion that a company in Rolls-Royce’s position is immune from prosecution—“it is not.” Cost-Saving: the Court agreed that approving the DPA would “avoid the significant expenditure of time and money which would be inherent in any prosecution.” Incentive to Others: the Court also considered that approving the DPA would be likely to incentivise the exposure and selfreporting of misconduct by organisations in a similar position to Rolls-Royce. The English High Court approved the UK’s fourth DPA on April 10, 2017 between the SFO and Tesco Stores Limited (“TSL”), a subsidiary of the UK supermarket giant Tesco Plc. This is the first UK DPA which does not relate to bribery offences, but arises out of TSL’s false accounting practices. The DPA relates only to TSL’s potential criminal liability and does not address whether liability of any sort attaches to Tesco or any current or former employee or agent of Tesco or TSL. The SFO initiated its investigation into Tesco following allegations against TSL of false accounting between February and September 2014. Tesco subsequently admitted that, in a trading statement published on August 29, 2014, it had overstated its profits by £326 million. Under the terms of the DPA (which, for reasons explained below, has not been made public) TSL is required to pay a financial penalty of £129 million and, in a separate agreement, Tesco agreed with the UK Financial Conduct Authority (“FCA”) that it will pay a further £85 million in compensation to Tesco’s investors who were adversely affected by the false trading statement, as part of the FCA’s compensation scheme. In addition, Tesco will also pay both the SFO’s and the FCA’s associated legal costs, resulting in a total of £235 million in penalties, compensation, and legal costs. The SFO also charged three former TSL executives—Carl Rogberg, Christopher Bush, and John Scouler—in relation to this affair. Each has been charged with one count of Fraud by Abuse of Position, contrary to sections 1 and 4 of the UK Fraud Act 2006, and one count of False Accounting, contrary to section 17 of the UK Theft Act 1968. All three pleaded not guilty, and the trial commenced in September 2017. As of December 2017, the trial was ongoing. In order to prevent prejudicing the trial, the Court imposed reporting and publication restrictions on: (i) the DPA itself; (ii) the statement of facts in support of the DPA; (iii) any report of the hearing at which the DPA was approved; and (iv) the Court’s reasons for approving the DPA. The restrictions will remain in force until after the conclusion of the trial. This is the first time reporting restrictions of this nature and extent have been imposed on an approved UK DPA. In July 2016, the English Court approved and published the UK’s second DPA between the SFO and a UK SME, referred to only as “XYZ Ltd” as reporting restrictions prevented the disclosure of the company’s name due to ongoing and related criminal proceedings. The first three UK DPAs differed markedly from one another, not only in terms of the factual context, offences committed and quantum, but also as regards the Court’s reasons for approving each of those DPAs, and the calculation and rationale for the quantum of the disgorgements and financial penalties. Until the reporting restrictions are lifted, and TSL’s DPA and the Court’s reasons are published, it remains to be seen whether TSL’s DPA breaks any new ground (and, if so, how) and whether there are any lessons to be learned from TSL’s experience. UK Government – New Plans for Tackling Economic Crime Following the June 2017 general election, it appeared that the UK government had shelved long-held plans to fold the SFO into the National Crime Agency (NCA). However, in December 2017, the Home Secretary Amber Rudd announced plans to introduce legislation to give the NCA powers to “directly task” the SFO although the latter will continue to operate as an independent organization. The exact consequences of the proposals will not be clear until details of the plan are published by the government. The Home Secretary also announced plans for a new National Economic Crime Centre that will be part of the NCA. The center is intended to be a multi-agency effort which will plan, task and coordinate operational responses across agencies to tackle economic crime. Plans for the center are currently being developed by a multi-agency team including the City of London Police, SFO, Financial Conduct Authority, the Home Office, Crown Prosecution Service and HM Revenue and Customs. Recent Trends and Patterns in FCPA Enforcement 31 SFO – Investigations, Charges and Convictions New Investigations In July 2017, the SFO announced it had opened an investigation into suspected corruption by the Rio Tinto group in its business operations in the Republic of Guinea. We understand the investigation relates to a payment made in 2011 by Rio Tinto to a consultant working on an iron ore deposit project in Guinea. It is reported that Rio Tinto alerted the SFO, the DOJ and the Australian Federal Police about the payment. In August 2017, the SFO announced it was investigating suspected corruption by British American Tobacco plc. We understand that the investigation relates to alleged bribery of officials in east Africa to undermine anti-smoking laws. Charges In November 2017, the SFO charged four individuals in relation to the SFO’s ongoing bribery investigation into Unaoil. Ziad Akle, Basil al-Jarah, Paul Bond and Stephen Whiteley have all been charged with offences of conspiracy to make corrupt payments contrary to section (1) of the Criminal Law Act 1977 and contrary to section 1 of the Prevention of Corruption Act 1906. The SFO, which launched its investigation into Unaoil in March 2016 following a series of reports (which were published in the Australian media) alleging corrupt behavior by a number of international corporations seeking to secure business in the Middle East, is investigating Unaoil, its officers, employees and agents in respect of various alleged offences of bribery, corruption and money laundering. Convictions In September 2017, the logistics and freight forwarding company FH Bertling Ltd was convicted for corruption offences of conspiracy to make corrupt payments to an agent of the Angolan state oil company, Sonangol, in respect of a contract worth approximately $20 million. Six current and former employees of the company were also convicted of the same offences. The relevant conduct took place between January 2004 and December 2006. The convictions were for conspiracy to make corrupt payments, contrary to section (1) of the Criminal Law Act 1977 and section (1) of the Prevention of Corruption Act 1906. In October 2017, three of the individuals convicted were each given a twenty month sentence, suspended for two years, a £20,000 fine, payable within three months with a default sentence of one year for non-payment and were disqualified from being company directors for five years. The company is due to be sentenced in September 2018. Recent Trends and Patterns in FCPA Enforcement 32 Conclusion One year into the Trump administration, it is clear that active enforcement of the FCPA will continue, albeit with some changes in the exercise of prosecutorial discretion at both the DOJ and the SEC. That being said, 2017 saw the continuation of recent trends indicating that anti-bribery regulators across the globe are continuing to become more active. Only time will tell whether this results in the U.S. pulling back its FCPA enforcement activity and deferring more to local regulators, while also making sure to not pile on penalties. If you wish to receive more information on the topics covered in this publication, you may contact your regular Shearman & Sterling contact person or any of the following: Philip Urofsky Washington, D.C. +1.202.508.8060 firstname.lastname@example.org Danforth Newcomb New York +1.212.848.4184 email@example.com Stephen Fishbein New York +1.212.848.4424 firstname.lastname@example.org Patrick D. Robbins San Francisco +1.415.616.1210 email@example.com Paula Howell Anderson New York +1.212.848.7727 firstname.lastname@example.org Mark D. Lanpher Washington, D.C. +1.202.508.8120 email@example.com Jo Rickard London +44.20.7655.5781 firstname.lastname@example.org Masahisa Ikeda Tokyo +03.5251.1601 email@example.com Brian G. Burke New York +1.212.848.7140 firstname.lastname@example.org Robert Ellison São Paulo +55.11.3702.2220 email@example.com Susanna Charlwood London +44.20.7655.5907 firstname.lastname@example.org 599 LEXINGTON AVENUE | NEW YORK | NY | 10022-6069 | WWW.SHEARMAN.COM Copyright © 2018 Shearman & Sterling LLP. Shearman & Sterling LLP is a limited liability partnership organized under the laws of the State of Delaware, with an affiliated limited liability partnership organized for the practice of law in the United Kingdom and Italy and an affiliated partnership organized for the practice of law in Hong Kong.