On March 26, 2018, the Securities and Exchange Commission (SEC) announced that Kinross Gold Corporation, a Canadian mining company with shares on the New York Stock Exchange, had settled claims of civil Foreign Corrupt Practices Act (FCPA) violations involving inadequate accounting controls over two West African subsidiaries. In the order, the SEC stated that despite conducting pre-acquisition due diligence and several post-acquisition audits that found widespread anti-corruption compliance and accounting deficiencies, Kinross took three years to implement controls after acquiring the subsidiaries, failed to remediate the issues discovered by its own due diligence, and failed to consistently apply its own internal accounting controls after implementing them.1 As part of the settlement order, Kinross was ordered to pay a $950,000 fine and report on its efforts to improve its internal accounting controls for one year.2

Kinross acquired Tasiast Mauritanie Limited S.A. and Chirano Gold Mines Ltd., owners and operators of two mines in Mauritania and Ghana, respectively, in September 2010 for approximately $7.1 billion. As part of the acquisition, Kinross conducted due diligence on the companies’ prior owner, Red Back Mining, Inc., which revealed that no anti-corruption compliance program or associated internal accounting controls existed. Despite these findings, after acquiring Tasiast and Chirano, Kinross allowed Red Back’s existing practices to continue, including permitting low-level employees to interact with vendors with government affiliations and to make largely unmonitored petty cash payments.

In 2011, Kinross’s internal audit group found that its internal accounting controls at Tasiast and Chirano were inadequate for FCPA compliance, but Kinross management did not immediately take action. Additional audits at both mines in 2012 revealed ongoing issues, including inconsistent adherence to accounting controls for purchasing and disbursements and the lack of a meaningful contracting process. Although management said it was committed to remediating the issues, the SEC noted that follow-up audits in 2013 revealed that significant issues remained, and that as a result, payments were made by the subsidiaries for several years “without reasonable assurances that the payments were for their stated purpose or with management’s approval.”3

Further, the SEC stated that after finally implementing improved internal accounting controls in 2013 to ensure compliance with the FCPA and Kinross’s code of conduct, Kinross failed to maintain those controls in at least two instances in 2014. In one instance, Kinross awarded a $50 million contract for logistical support to a company preferred by high-level Mauritanian government officials. In another, an individual with Mauritanian government connections approached Kinross to facilitate ongoing relations with Kinross executives and Mauritanian officials, and was hired as an independent consultant without necessary levels of due diligence.

The SEC’s enforcement of internal controls and books and records violations at Kinross and its subsidiaries makes clear that the U.S. government will closely scrutinize foreign acquisitions by listed U.S. companies, and remains undeterred in its effort to prosecute potential FCPA violations even in the absence of any evidence of bribery. With respect to what U.S. enforcement authorities will expect in terms of a pre- and post-acquisition process, the SEC and Department of Justice’s (DOJ) Resource Guide to the FCPA provides that a company subject to the FCPA should take several steps when considering a potential acquisition:

(1) conduct thorough risk-based FCPA and anti-corruption due diligence on potential new business acquisitions;

(2) ensure that the acquiring company’s code of conduct and compliance policies and procedures regarding the FCPA and other anti-corruption laws apply as quickly as is practicable to newly acquired businesses or merged entities;

(3) train the directors, officers, and employees of newly acquired businesses or merged entities, and when appropriate, train agents and business partners, on the FCPA and other relevant anti-corruption laws and the company’s code of conduct and compliance policies and procedures;

(4) conduct an FCPA-specific audit of all newly acquired businesses or merged entities as quickly as practicable; and

(5) disclose any corrupt payments discovered as part of its due diligence of newly acquired businesses or merged entities.4

It may be impossible to completely eliminate risk in foreign acquisitions, but the Kinross case, and other cases involving a theory of “successor liability,” show that pre-acquisition diligence is not enough. Companies must take meaningful efforts to affect necessary remediations, implement strong compliance programs, and then closely monitor the real-world results of those programs. Also, while the U.S. government may not require perfection on Day One post-acquisition, any company that permits a notable delay creates significant risk for itself.

Although the Kinross case was a civil SEC settlement, there is every reason to believe that DOJ would, if the facts were available, take a similar approach toward criminal enforcement.