Table of Contents Recent Trends and Patterns in FCPA Enforcement i Enforcement Actions and Strategies 1 Statistics 1 Geography & Industries 5 Types of Settlements 6 Elements of Settlements 7 Case Developments 8 Perennial Statutory Issues 9 Jurisdiction 9 Books & Records Liability without Bribes 9 Successor Liability 10 Modes of Payment 10 Compliance Guidance 10 FCPA Pilot Program 10 Effective Internal Controls and Settlement Devices 11 Third-Party Due Diligence 12 Unusual Developments 12 The Trump Effect 12 Supreme Court Limits SEC’s Authority to Pursue Disgorgement 13 Private Litigation 14 Enforcement in the United Kingdom 15 SFO – English High Court Clarifies Extent of Litigation Privilege in Internal Investigations 15 SFO Update – Third and Fourth UK DPAs Approved 16 Conclusion 18 Recent Trends and Patterns in FCPA Enforcement 1 After a banner year in 2016 that included a record twenty-seven corporate enforcement actions, the two U.S. enforcement agencies, the DOJ and the SEC, continued this momentum over the course of the first three weeks of 2017. During this short span, the agencies brought six corporate enforcement actions and charges against six individuals. Following this spurt, however, there were no corporate FCPA enforcement actions until the declination with disgorgement in Linde announced on June 20, which was subsequently followed by the declination with disgorgement in CDM Smith announced ten days later on June 30. Although it is tempting to view this as a potential shift in enforcement practices under the Trump administration, the rest of 2017 will be more indicative of whether we are on the cusp of a new era of FCPA enforcement. Among the highlights thus far from 2017 were: Eight corporate enforcement actions with total sanctions of $272 million. This represents a significant drop from the twelve enforcement actions with total sanctions of $920.8 million that had been brought at this time in 2016; Much like the VimpelCom penalty in 2016, the Rolls-Royce penalty greatly distorts the picture, raising the average corporate sanction for 2017 to $34 million, whereas the true average, with outliers excluded, is slightly over half of this figure ($16.4 million). The median sanction of $12.1 million is broadly in line with those from 2015 ($13.4 million) and 2016 ($14.4 million); The Supreme Court’s decision in Kokesh has the potential to dramatically alter the way that the SEC brings FCPA enforcement actions; and Two of the year’s enforcement actions have arisen out of breached DPAs, a phenomenon that we may see more of given the large number of DPAs that have been entered into since FCPA enforcement actions significantly increased in the late 2000s. Enforcement Actions and Strategies Statistics Thus far in 2017, the DOJ and the SEC have resolved eight FCPA corporate enforcement actions: Mondelez, Biomet, SQM, Rolls-Royce, Orthofix, Las Vegas Sands, Linde, and CDM Smith. In recent years, the SEC has been far more active than the DOJ in bringing FCPA corporate enforcement actions. In the first half of 2017, however, the DOJ has been slightly more active than the SEC, bringing six enforcement actions as compared to the SEC’s four. In two matters (Biomet and SQM), the SEC and DOJ brought parallel enforcement actions, while the other enforcement actions involved standalone enforcement actions brought by the SEC (Mondelez and Orthofix) or the DOJ (Rolls-Royce, Las Vegas Sands, 1 Linde, and CDM Smith). Of the FCPA enforcement actions against individuals, 2017 has seen nine individuals charged by the DOJ and the SEC in connection with four separate FCPA enforcement actions. The DOJ has also been the 1 The DOJ’s enforcement action in Las Vegas Sands came approximately eight months after the SEC brought a similar enforcement action in April 2016. Recent Trends and Patterns in FCPA Enforcement 2 more active agency for these individual enforcement actions, having brought seven of the nine. It is worth noting, however, that only five—each brought by the DOJ—are truly new (Bahn, Sang, Harris, Woo, and Chi). The remaining two DOJ cases (Comerma and Beech) are outgrowths of the 2015 case of Rincon, while the two SEC cases (Cohen and Baros) are outgrowths of the 2016 Och-Ziff corporate enforcement action. We discuss the 2017 corporate enforcement actions followed by the individual enforcement actions in greater detail below. Of the 2017 corporate enforcement actions, the most significant, far and away, is RollsRoyce. In that case, the DOJ, the SFO, and Brazilian regulators alleged that RollsRoyce engaged in a wide-spread bribery scheme that spanned multiple continents and decades. In January 2017, the enforcement agencies announced that Rolls-Royce had agreed to pay a total global sanction of $800 million, divided between a $170 million criminal penalty for the DOJ, a $605 million criminal penalty to the SFO, and $25 million to the Brazilian regulator. However, the U.K. criminal penalty was imposed pursuant to a separate DPA that involved a broader range of conduct, and the Brazilian penalty came in the form of a separate leniency agreement; we have not included either of these settlement amounts in the annual totals. Biomet is also a significant case because of its background. Biomet originally faced FCPA charges from the DOJ and the SEC in March 2012, when it entered into a deferred prosecution agreement with the DOJ and agreed to retain an independent compliance monitor for three years. In 2013, however, Biomet learned about additional potential anti-bribery violations in Brazil and Mexico and notified the monitor. According to the DOJ, Biomet “knowingly and willfully continued to use a third-party distributor in Brazil known to have paid bribes to government officials on Biomet’s behalf,” even after entering into its 2012 DPA. The DOJ and the SEC alleged that Biomet also failed to implement an adequate system of internal accounting controls at a subsidiary in Mexico, which allegedly permitted the subsidiary to bribe Mexican customs officials. In addition to the total penalty of $30.5 million, Biomet once again agreed to a three-year independent compliance monitor in its DPA entered into January 2017. In contrast to Biomet, the DOJ opted to extend the DPA for Bilfinger this year but did not bring additional charges. The backdrop of Orthofix is similar, if less egregious. In 2012, the SEC entered into a settlement with Orthofix alleging that Orthofix had violated the books and records and internal controls provisions of the FCPA through a Mexican subsidiary. According to the Orthofix enforcement action from 2017, the medical device company violated a 2012 injunction obtained by the SEC after allegedly concealing its business dealings with various third-party distributors who funneled improper payments to doctors at state-owned hospitals in Brazil. Interestingly, the DOJ declined to bring charges for Orthofix’s conduct. Recent Trends and Patterns in FCPA Enforcement 3 In SQM, the other significant FCPA enforcement action in the first half of 2017, a Chilean mining company was accused by both the DOJ and the SEC of failing to oversee a discretionary spending account through which SQM’s CEO had allegedly made $14.75 million in improper payments to Chilean politicians, candidates, and individuals connected thereto. Notably, neither the DOJ nor the SEC alleged that these payments were bribes, but inferred that they were nevertheless in some way “improper” because they had not been properly documented and, in some instances, violated Chilean tax or campaign financing limits. The DOJ’s information and the SEC’s cease-anddesist order highlighted two primary ways the CEO made “improper” payments: (i) payments to third-party vendors associated with foreign officials for nonexistent services or based on fraudulent contracts; and (ii) donations to foundations supported by foreign officials. But in neither case did the enforcement agencies explain precisely what made these payments “improper”—i.e., whether they were in fact illegal or whether they were simply a waste of corporate assets that was improperly documented. The DOJ and the SEC levied a total combined penalty of approximately $30.5 million and imposed a two-year corporate compliance monitor. This enforcement action is particularly notable because of the DOJ’s involvement. The settlement papers highlight no evidence of a corrupt quid pro quo between SQM and any officials receiving payments, and no evidence of a benefit being sought by, or afforded to, the company as a result of the payments. Instead, the DOJ seemingly inferred a corrupt purpose from the fact that payments were made to officials or to entities affiliated with officials, including charities, and in some cases were justified by falsified invoices. Moreover, although the SEC has frequently charged books-and-records and internal controls violations based on the falsification of company records, notwithstanding a lack of evidence that the payments were for a corrupt purpose, it is notable that the DOJ, which has rarely done so, chose to do so in this case. It is not clear why a criminal enforcement action or monitorship was justified in this case—the allegedly improper payments were restricted to a single account and there was no allegation of widespread bribery from other accounts or in other parts of the company, not a single payment was alleged to have touched the U.S. financial system or involved U.S. persons, the company had discovered the conduct, terminated the CEO, and disclosed the payments to the Chilean tax authorities, and it had implemented new and stronger accounting controls. Furthermore, although in a number of recent cases, the DOJ has coordinated bringing charges against a foreign company with that company’s home regulators (e.g., Rolls-Royce, Odebrecht, and Embraer), in this case, perhaps as a result of the looming change in administration, it went forward on its own without waiting for an apparently credible investigation by the Chilean authorities to finish. Nevertheless, SQM stands as an example that any payments to officials without a well-documented and transparent purpose pose a risk of DOJ enforcement, which perhaps was the message the DOJ meant to send. The remaining enforcement actions were smaller: In Mondelez, which will be discussed below in more detail, the SEC alleged that an acquired subsidiary, Cadbury, failed to monitor an agent’s activities in India and failed to accurately record the expenditures in its books and records. Specifically, Cadbury’s operations in India retained an agent with a “marble and tile” business to assist the company with obtaining licenses and approvals for the opening of a new plant. The company allegedly conducted no due diligence into the agent, however, and had no visibility into how the individual used the money that he was paid. Notably, the SEC did not make any allegations in the settlement order that the funds paid to the third-party agent were actually used to pay bribes to any foreign official. The failure to specify whether the funds were used to bribe a foreign official was not an issue because the Commission only charged Mondelez with violations of the books-and-records and internal controls provisions. It is not clear whether the DOJ declined to bring charges, or whether it is still pursuing its investigation into this matter. In Las Vegas Sands, the DOJ alleged that the Las Vegas-based casino and resort company violated the FCPA’s books-and-records and internal controls provisions by making improper payments aimed at promoting the company’s casinos in Macau within mainland China. The allegations substantially overlapped with those underlying the company’s settlement with the SEC in 2016. In Linde, the DOJ declined to bring charges against the oil and gas company, but required disgorgement of $13 million. This marks the third time the DOJ has utilized this novel settlement structure and represents a larger amount of disgorgement than the first two such declinations issued in 2016. It is worth noting that the conduct described in the declination letter occurred between 2006 and 2009, all of which was more than five years before the declination letter. The Supreme Court’s decision in Kokesh, discussed in more detail below, could potentially limit future declinations with disgorgement that seek to reach conduct this far in the past. In CDM Smith, the DOJ declined to bring charges against the engineering and construction firm, but required disgorgement of the $4 million in profits that the company allegedly obtained as a result of the conduct in question. The DOJ alleged that employees and agents of both CDM Smith and a wholly owned subsidiary in India paid over $1 million in bribes to government officials in exchange for Recent Trends and Patterns in FCPA Enforcement 4 various transportation infrastructure contracts. The enforcement action represents the fourth declination with disgorgement issued by the DOJ under its FCPA Pilot Program. CDM Smith was also sanctioned on June 29, 2017 by the World Bank, in the form of a conditional non-debarment, for failing to disclose that it was utilizing a subcontractor for a project in Vietnam. Although Rolls-Royce was a significant enforcement action that yielded one of the larger U.S. penalties for an FCPA case, the majority of 2017 FCPA enforcement actions have resulted in small- to medium-sized corporate penalties. The Rolls-Royce penalty accounts for 62.4% of the total 2017 corporate penalties to date. Setting aside Rolls-Royce, corporate sanctions thus far in 2017 have been relatively modest—ranging from $4 million in CDM Smith to $30.5 million in both Biomet and SQM. As a result, while the pure average corporate penalty from 2017 thus far is $34 million, when we exclude the outliers, the average corporate penalty is $16.4 million. This figure is higher than the average corporate penalty excluding outliers from 2015 ($11.8 million) which, as we noted in our past Trends & Patterns, was among the lowest average corporate penalties in recent history. It is significantly lower, however, than the average corporate penalty excluding outliers of $73 million from 2016. The 2017 FCPA enforcement actions against individuals have largely been outgrowths of prior enforcement actions, with one new set of individual enforcement actions. Of the nine individual enforcement actions, the DOJ has been responsible for seven. The cases of Comerma and Beech stem from the PDVSA bribery investigation that netted Abraham Jose Shiera Bastidas and Roberto Enrique Rincon Fernandez in 2015, along with Millan, Ramos, Maldonado, and Gravina in late 2015 and early 2016. Milan, a former employee of Shiera, Recent Trends and Patterns in FCPA Enforcement 5 pleaded guilty in January 2016 and admitted to having assisted in the bribery scheme. The other three individuals, Ramos, Maldonado, and Gravina, were all former PDVSA employees and thus not directly subject to the FCPA. Instead, the government charged each of them with conspiracy to commit money laundering (and, in the case of Gravina, also tax fraud). Each former government official pleaded guilty to the charges in December 2015.2 With the addition of Comerma and Beech, a total of eight individuals have now been charged in connection with this bribery scheme. The SEC cases of Cohen and Baros similarly arise out of a prior enforcement action, in this case the Och-Ziff action from 2016. Two other executives from Och-Ziff previously settled charges against them in the case, but Cohen and Baros apparently have decided to fight any charges against them. Cohen and Baros are accused of being the masterminds behind the alleged bribery scheme that OchZiff settled in 2016. The SEC’s complaint alleged that Cohen, who headed Och-Ziff’s European office, and Baros, an investment executive on Africa-related deals, caused tens of millions of dollars in bribes to be paid to high-level government officials in Africa. Specifically, the SEC alleged that their misconduct induced the Libyan Investment Authority sovereign wealth fund to invest in funds managed by Och-Ziff. In addition, Cohen and Baros allegedly directed efforts to secure mining deals to benefit Och-Ziff by directing bribes to corruptly influence government officials in a number of countries in Africa. The only truly new individual enforcement actions in 2017 arise out of an alleged bribery scheme gone wrong. In the cases of Bahn, Sang, Harris, and Woo, the DOJ announced multiple charges stemming from an alleged scheme to pay $2.5 million in bribes to facilitate a commercial real estate transaction in Vietnam. The DOJ claimed the payments were intended to reach a Middle Eastern sovereign wealth fund and induce the fund to acquire the property involved in the transaction. The alleged scheme is unusual in that there does not appear to have been a foreign official actually involved. Instead, the third-party (Harris) falsely claimed to have a relationship with the foreign official, and instead pocketed the payments that were allegedly intended to influence the foreign official. Although the DOJ has been the more active agency thus far in 2017 when it comes to bringing individual enforcement actions, none of its actions target senior executives who were involved in bribery schemes. Instead, it was the SEC that brought charges against the purported masterminds of the alleged Och-Ziff bribery scheme, which was one of the largest prosecuted by the DOJ. This continued reticence by the DOJ to prosecute high-level executives is once again surprising in light of the 2015 announcement of the Yates Memo, which set out a new policy framework that requires companies to provide the names of individuals responsible for the alleged corrupt schemes in exchange for cooperation credit. The cases of Cohen and Baros will be particularly interesting to watch. As we have discussed in past Trends and Patterns, both the DOJ and SEC have consistently encountered difficulties in convicting senior executives in FCPA cases—as opposed to lower-level operations or sales employees—even when the corporation has been fully cooperative and even admitted to the illegal activity. The Cohen and Baros cases represent the latest high-profile opportunity for the government to secure a conviction, albeit a non-criminal one brought by the SEC. Geography & Industries In our January 2017 Trends & Patterns, we discussed the striking focus of last year’s FCPA enforcement actions on one country and one industry: China and healthcare. With a significantly smaller quantity of FCPA enforcement actions thus far in 2017, there is not as striking a trend. Nonetheless, it is clear that Latin America has been the primary focus; three of the eight corporate enforcement actions include allegations involving government officials in that region. The industries involved are familiar from FCPA enforcement actions in recent years: healthcare, aerospace, and mining, among others. 2 Although Ramos, Maldonado, and Gravina were charged and pleaded guilty in 2015, we include these cases in our 2016 statistics because they were unsealed in 2016. Recent Trends and Patterns in FCPA Enforcement 6 The high number of enforcement actions involving Latin America continues to be a trend in 2017. Of the total twelve enforcement actions (corporate and individual3 combined), five have involved alleged acts of bribery in Latin America (Rolls-Royce, 4 SQM, Biomet, Orthofix, and Comerma/Beech). More specifically, three of these five enforcement actions have involved conduct in Brazil. The prominence of Latin American enforcement actions is in line with trends in recent years, which have seen enforcement actions in the region steadily increasing. Of the remaining enforcement actions: two have involved allegations of bribery of foreign officials in former Soviet republics (Rolls-Royce and Linde); two have involved allegations of bribery of officials in South Asia (Mondelez and CDM Smith); two have involved allegations of bribery of officials in Sub-Saharan Africa (Rolls-Royce and Cohen/Baros); one has involved alleged improper payments in China (Las Vegas Sands); one has involved the alleged bribery of officials in the Middle East (RollsRoyce)5; one has involved the alleged bribery of officials in Southeast Asia (RollsRoyce); and one has involved the alleged bribery of officials in East Asia (Chi). The charts at the left detail the geographic breakdown of the FCPA enforcement actions (corporate and individual) from the past three years. In terms of industries, the enforcement actions thus far in 2017 have covered a wide range of industries. Of the twelve enforcement actions (combined), two have involved the healthcare industry (Biomet and Orthofix), a focus which reflects an ongoing trend. In each year since 2011, either the DOJ or the SEC has brought an FCPA enforcement action against at least one company in the healthcare sector: 2011 – Johnson & Johnson; 2012 – Biomet, Pfizer, Eli Lilly, Orthofix; 2013 – Stryker; 2014 – Bio-Rad, Bruker; 2015 – Bristol-Myers, Mead Johnson; 2016 – SciClone, PTC/Yuan, Nordion/Gourtevitch, Novartis, Olympus, and Analogic. Moreover, with several investigations into various other pharmaceutical and medical technology companies still ongoing, we expect this pattern to continue into the foreseeable future. The remaining enforcement actions covered a number of familiar industries: aerospace (Rolls-Royce); mining (SQM); and oil and gas (Linde), among others. Types of Settlements For the most part, the agencies have continued prior practices of resolving matters using a variety of settlement structures, with the choice of structure apparently related—but not always in a clear or consistent manner—to the seriousness of the conduct or the timing and degree of disclosure and cooperation. For its part, the SEC relied exclusively on administrative proceedings to resolve all four of its corporate FCPA enforcement actions thus far in 2017 (Mondelez, Biomet, SQM, and Orthofix). The SEC also filed a civil complaint against two individuals associated with Och-Ziff, which suggests that Cohen and Barros intend to put the SEC to its burden. Although the SEC has in recent years experimented with its own version of “deferred prosecution agreements” or “non-prosecution agreements,” it has not utilized this settlement structure to date in 2017. 3 For purposes of these geographic breakdowns, charges brought against individuals involved in the same bribery scheme are treated as one enforcement action. 4 It is also worth noting that the Rolls-Royce enforcement action involved conduct in a number of countries spanning multiple continents across the globe. 5 Because there was no actual foreign official involved in the alleged scheme in Bahn, et al., we have excluded this group of individual enforcement actions from our geographic breakdown calculations. Recent Trends and Patterns in FCPA Enforcement 7 The DOJ thus far in 2017 has used a range of settlement devices in each of its six enforcement actions (Rolls-Royce – DPA; Biomet – DPA/Plea Agreement; SQM – DPA; Las Vegas Sands – NPA; Linde and CDM Smith – Declination with Disgorgement). Much like the SEC, the DOJ’s decision to use a particular settlement device depends on the severity of the underlying conduct; however, there are two noteworthy points regarding the DOJ’s types of settlement for the 2017 FCPA enforcement year thus far. First, the DOJ continued its past practice of requiring the subsidiary at which most of the relevant misconduct took place to enter a guilty plea, albeit with a twist. In Biomet, a subsidiary located in Mexico, 3i Mexico, used a customs broker to pay bribes to Mexican customs officials to smuggle certain dental products into Mexico. By the time the DOJ’s investigation had concluded, however, 3i Mexico was no longer selling products and was in the process of winding down. 3i Mexico is wholly owned by another subsidiary of Zimmer Biomet, Jerds Luxembourg, which is the successor-in-interest. Based on this, the DOJ required Jerds Luxembourg to enter a guilty plea for the conduct that occurred at 3i Mexico. Second, in June 2017, the DOJ publically announced two declinations with disgorgement decision, against Linde and CDM Smith, in connection with the FCPA Pilot Program, the third and fourth times that the DOJ has utilized this novel settlement structure. As will be discussed in more detail below, the FCPA Pilot program, which incentivizes self-reporting and cooperation by companies with DOJ investigations, was extended in April 2017. The first two declinations with disgorgement in 2016 involved relatively low values of disgorgements ($2.7 million for HMT and $335,000 for NHC). Linde, on the other hand, agreed to disgorge approximately $11.2 million as part of its declination. This is a significant amount of money that actually makes it one of the more significant enforcement actions thus far in 2017. This further calls into question whether there is a substantial difference between a declination and other settlement structures used by the DOJ, as we discussed in the January 2017 Trends and Patterns. Elements of Settlements Sentencing Guidelines. Of the six corporate enforcement actions brought by the DOJ,6 Biomet was the only instance where the defendant did not receive a sentencing discount. This is perhaps not particularly surprising, given the fact that Biomet was accused of breaching its DPA from the DOJ’s 2012 enforcement action against it. On the other hand, the fact that Rolls-Royce received a discount can be viewed as a surprising development. While the company was given cooperation and remediation credit, the company’s failure to self-report and the massive scope of the alleged bribery scheme at issue would have been expected to weigh heavily against any sentencing discount. That Rolls-Royce did in fact receive a discount suggests that the DOJ may weigh cooperation and remediation as more important factors when assessing whether to offer a discount. This notion is supported by last year’s VimpelCom and Olympus actions, in which the DOJ awarded the two defendants a discounted sanction below the base fine recommended by the Sentencing Guidelines, even though neither company voluntarily disclosed the improper conduct to enforcement agencies. In fact, the last two instances in which a company received a sanction within the Sentencing Guidelines range were the 2014 cases of Alstom and Marubeni, where neither company initially cooperated with authorities. These recent trends would suggest that the only way a company will not receive a discount is if it refuses to cooperate altogether with the DOJ’s and the SEC’s investigations. Self-Disclosure, Cooperation, and Remediation. None of the DOJ’s six corporate enforcement actions7 received self-disclosure credit, but all six did receive cooperation credit. Each of the companies received remediation credit, although in the case of SQM, at the time the parties resolved the enforcement action, SQM had not had the opportunity to test its enhanced compliance program and as a result agreed to the imposition of a compliance monitor. Importantly, in each of the 2017 corporate enforcement actions by the DOJ, the DOJ has highlighted the fact that the companies disciplined and terminated the individuals responsible for the misconduct. As we discussed in our January 2017 Trends and Patterns, the DOJ has been trending towards emphasizing terminations as part of its remedial requirements. Monitors. In February 2016, Andrew Weissmann, then the Chief of the DOJ’s Fraud Section, stated that the DOJ would review its approach to the use of monitors. In 2016, nine companies that were subject to FCPA enforcement actions saw the DOJ or the SEC impose a corporate monitor requirement as part of the sanction (VimpelCom, Olympus, Las Vegas Sands, LATAM, Och-Ziff, Embraer, 6 We exclude the declinations with disgorgement in Linde and CDM Smith from this discussion, as those did not involve a sentencing analysis. 7 We exclude the declinations with disgorgement in Linde and CDM Smith from this discussion, as those did not involve a sentencing analysis. Recent Trends and Patterns in FCPA Enforcement 8 Odebrecht, Braskem, and Teva). This trend appears to be continuing in 2017, with the cases of Biomet, SQM, and Orthofix all involving the imposition of a corporate monitor. The installation of monitors in Biomet and Orthofix is not particularly surprising, as both of these enforcement actions arose out of failing to comply with prior DPAs. Nonetheless, the enforcement actions thus far in 2017 seem to indicate that the DOJ and the SEC will continue to focus on imposing these types of requirements. Financial Hardship. Although the enforcement action itself was announced in 2016, in April 2017 the DOJ confirmed that Odebrecht would not be able to pay the U.S. criminal penalty that it had originally been assessed. Originally, Odebrecht agreed to pay $260 million in criminal penalties to the U.S., which represented ten percent of the total global penalty assessed by U.S., Brazilian, and Swiss regulators. Since agreeing to the global settlement in December, however, Odebrecht has suffered extensive collateral damage in the form of significant lost contracts that have destabilized the company’s financial situation. As a result, in April 2017 the DOJ reduced Odebrecht’s U.S. criminal penalty from $260 million to $93 million, though the company’s global penalty of $2.6 billion remains unchanged. This type of criminal penalty reduction is not unheard of, and indeed the DOJ has considered the financial health of the company in the context of past FCPA enforcement actions. In the 2012 NORDAM enforcement action, for example, the DOJ justified a fine below the Sentencing Guidelines by noting that a fine within that range would jeopardize the long-term viability of the company. In that case, however, the reduction occurred at the time of settlement, rather than subsequently at sentencing. The Odebrecht sentencing memorandum does not provide any insight into how the DOJ determined that the company was unable to pay the full settlement amount, and thus provides little guidance to companies that may find themselves in similar situations. Disgorgement. One interesting aspect of the DOJ’s Biomet enforcement action is that it required the company to disgorge the profits it allegedly obtained as a result of the bribery scheme. It is unusual for the DOJ to require companies to disgorge profits, as this penalty is typically left to the SEC, with the DOJ instead typically obtaining a penalty through forfeiture. It is possible that this may be a change in the DOJ’s strategy in light of the Kokesh case that was pending before the Supreme Court at the time of the Biomet enforcement action. Time will tell whether the DOJ’s decision in Biomet represents the beginning of a shift in DOJ enforcement action strategy. Declination. Biomet and Orthofix present an interesting contrast in decisions by the DOJ whether to bring enforcement actions against particular companies. The circumstances of each case were very similar. In Biomet, the company allegedly violated a prior DPA by failing to improve compliance programs and internal controls, such that a subsidiary of the company committed additional violations of the FCPA following the original 2012 DPA. Orthofix also entered into a DPA in 2012, and also allegedly engaged in conduct subsequent to its DPA that violated FCPA provisions. Despite these similarities, the DOJ declined to bring charges against Orthofix, while at the same time entering into a second DPA with Biomet, instead leaving Orthofix to the SEC. On the surface, there does not appear to be any reason why the DOJ would not also enter into a second DPA with Orthofix, and we can only speculate as to why the DOJ opted for this course of inaction. Case Developments Magyar Executive Settlements. Since December 2011, the SEC’s case against the three Magyar executives lingered in the courts as the executives had sought to challenge the SEC’s charges on multiple grounds, including jurisdiction. The long-running saga came to a conclusion in April 2017, when the two remaining defendants—Elek Straub and Andra Balogh—entered into settlements and Judge Sullivan entered judgment in the matter. Ray. Douglas Ray, who pleaded guilty in October 2016 to conspiracy to violate the FCPA and commit wire fraud, was sentenced to eighteen months in prison in March 2017. Thiam. In May 2017, former Guinean Minister of Mines, Mahmoud Thiam, was convicted by a federal jury of one count of dealing in criminal derived property and one count of money laundering. As we reported in the January 2017 Trends and Patterns, the charges against Thiam stemmed from a separate bribery scheme involving a group of unnamed Chinese companies. According to the DOJ, Thiam had attempted to conceal approximately $8.5 million in bribes from two unnamed Chinese companies in exchange for “official actions” he took to secure the companies valuable mining rights in Guinea. Although the charges against Thiam did not relate to any current FCPA enforcement action, they were noteworthy for Thiam’s relationship to the corruption scandal and litigation involving BSGR and Rio Tinto in the Simandou region of Guinea—Thiam was a named defendant in Rio Tinto’s lawsuit against BSGR in 2014. Recent Trends and Patterns in FCPA Enforcement 9 Mebiame. In May 2017, Samuel Mebiame, a Gabonese national, was sentenced to two years in prison for acting as a “fixer” who allegedly helped funnel bribes, including cash and gifts, to various African officials in exchange for valuable mining concessions for OchZiff. Mebiame pleaded guilty to the charges in December 2016. Firtash. On February 22, 2017, an Austrian court of appeals cleared the way for Dymtro Firtash to be extradited to the U.S. to face charges on alleged violations of the FCPA. This ruling shifts the focus in the case to U.S. prosecutors, who now face a decision on whether to follow through and seek an extradition request for Firtash. Such a decision could potentially bring into conflict the DOJ’s interest in enforcing the FCPA and the Trump Administration’s pro-Russian posture. Firtash subsequently filed, before any potential extradition, a motion to dismiss the charges currently pending against him in the Northern District of Illinois.8 Richters. In February 2017, Amadeus Richters, a former director of a Florida-based telecommunications company who allegedly bribed officials in Haiti, was arrested and made an initial court appearance in Miami. Richters had been considered a fugitive since his indictment in July 2011 for his role in the Haiti Telco case. Richters faces a litany of charges stemming from his alleged involvement in that scheme: one count of conspiracy to violate the FCPA and to commit wire fraud, six counts of FCPA violations, one count of conspiracy to commit money laundering, and 19 counts of money laundering. Siriwans. In March 2017, former Thailand official, Juthamas Siriwan, and her daughter, Jittisopha Siriwan, were sentenced to time in prison by a Bangkok court for allegedly taking bribes from a Hollywood producer, Gerald Green, and his wife, Patricia Green. The Greens each served prison sentences of six months for FCPA offenses and money laundering in 2010 and 2011. Perennial Statutory Issues Jurisdiction Over the past decade, the DOJ has repeatedly asserted expansive theories of jurisdiction over foreign persons, particularly in cases in which foreign corporations have chosen to settle rather than contest the charges—and jurisdiction—in a U.S. court. Although some judges in specific cases have expressed some concerns about this approach, most recently in the Hoskins case, the DOJ apparently has not backed away from its commitment to reach foreign companies by any means. The Second Circuit heard argument in March 2017 on the DOJ’s appeal of the Hoskins decision, a case which could have a dramatic impact on the DOJ’s aggressiveness in utilizing expansive theories of jurisdiction over foreign persons which are rarely challenged in court. In essence, Hoskins argued in district court that Congressional intent was clear when delineating the three jurisdictional bases of the FCPA, and that the DOJ cannot circumvent these jurisdictional bases by charging him under a theory of accomplice liability. In August 2015, Judge Arterton of the District Court of Connecticut agreed with this argument, holding that the government was required to show direct liability of Hoskins as an agent of a domestic concern to utilize accomplice liability as a jurisdictional hook. We expect a decision from the Second Circuit in the coming months for this heavily-watched case, which has the potential to dramatically impact how the DOJ brings FCPA cases. Books & Records Liability without Bribes As we have discussed in past Trends and Patterns, every FCPA case as a general matter has involved the payment of a bribe to a “foreign official.” This year’s SEC enforcement actions, however, once again provide an example that the “foreign official” element only applies to the FCPA’s anti-bribery provisions, not its books-and-records and internal controls provisions. Indeed, the books-and-records and internal controls provisions are much broader than the FCPA’s anti-bribery provision, and the government can charge companies with violating those accounting provisions whenever it can show the falsification of company records. In Mondelez, the SEC charged Mondelez International, formerly known as Kraft Foods, with books-and-records and internal controls violations for allegedly failing to conduct adequate due diligence to identify and resolve potential corruption risk associated with the hiring 8 For further discussion of the Firtash case, you may wish to refer to the article co-authored by Philip Urofsky and Zach Torres-Fowler, titled “The Firtash Case May Present Jeff Sessions’ Department of Justice With Its First Real Test on FCPA Enforcement,” that was published in Bloomberg BNA’s Criminal Law Reporter on March 1, 2017 (available at http://www.shearman.com/~/media/Files/NewsInsights/Publications/2017/03/UrofskyFowlerCrLversionCorrect FCPA 030117.pdf). Recent Trends and Patterns in FCPA Enforcement 10 of a third-party agent by Cadbury, a company which Mondelez was acquiring. The acquired subsidiary also failed to monitor the agent’s activities and failed to accurately record the expenditures in its books and records. This resulted in the agent being paid over $100,000 which, when combined with the company’s failure to monitor, could have been used to violate anti-bribery provisions. As has been the case in a number of recent SEC enforcement actions (e.g., Cueto, Analogic, and Hyperdynamics), the SEC did not make any allegations in the settlement order that the funds paid to the third-party agent were actually used to pay bribes to any foreign official. The failure to specify whether the funds were used to bribe a foreign official was not a problem because the Commission only charged Mondelez with violations of the books-and-records and internal controls provisions. Mondelez is the latest stark example of how expansive the SEC’s reach is when it comes to these statutory provisions. Successor Liability The Mondelez enforcement action also highlights the successor liability risks associated with acquisitions of companies that have engaged in conduct potentially in violation of anti-corruption laws. In that case, Mondelez undertook a hostile takeover of Cadbury. As noted in the SEC’s order, the nature of the acquisition limited the ability of Mondelez to conduct pre-acquisition due diligence, and the company instead undertook substantial post-acquisition due diligence. During this post-acquisition due diligence, however, the company failed to identify a relationship between Cadbury’s Indian subsidiary and an agent retained to assist with securing government licenses and approvals for the opening of a new plant. Although Mondelez subsequently discovered the relationship and conducted an internal investigation, it did not self-disclose to the U.S. government. The SEC’s decision to hold both Mondelez and Cadbury liable for this conduct emphasizes the government’s view that successor liability applies in the context of FCPA enforcement actions. Modes of Payment The FCPA enforcement actions thus far in 2017 have generally exhibited schemes similar to those seen in the past, with the majority involving local consultants, agents, or other intermediaries. Third-Party Intermediaries. Multiple companies thus far in 2017 have resolved FCPA violations arising from the use of third-party intermediaries. In Rolls-Royce, the company was accused of utilizing local consultants in a variety of jurisdictions to funnel bribes to foreign officials in exchange for government contracts. In Biomet, the medical device company was accused of using third-party customs brokers to funnel bribes to customs officials. In Orthofix, the medical device company was accused of utilizing third-party distributors to funnel improper payments to doctors at state-owned hospitals. In Mondelez, Cadbury’s Indian subsidiary hired a thirdparty agent to assist in obtaining government licenses and approvals, and failed to conduct proper due diligence and monitoring of this agent’s activities. Fake Invoices. A number of the enforcement actions thus far in 2017 have involved allegations that the company engaged in payment schemes that involved fake invoices. In SQM, for example, payments were made from the CEO’s discretionary account to third-party vendors associated with political officials, and many of those payments were allegedly documented with invoices for services that were not rendered. Charitable Contributions. As mentioned above, in the case of SQM the DOJ and the SEC seemingly alleged that charitable contributions could serve as a mode of payment that would give rise to FCPA violations, although many of these donations appeared to be bona fide and neither the DOJ nor the SEC alleged any quid pro quo agreement in connection with the donations. Although the allegations in VimpelCom similarly involved donations to charities associated with government officials, the allegations in that case were much stronger than those in SQM. Compliance Guidance FCPA Pilot Program Among the most significant developments in FCPA enforcement over the course of last year was the announcement, and subsequent implementation, of the one-year FCPA Pilot Program. The Program was set to expire in April 2017; however, approximately a month Recent Trends and Patterns in FCPA Enforcement 11 beforehand, Acting Assistant Attorney General Kenneth Blanco announced that the Program would remain in effect for the foreseeable future while the DOJ evaluated its “utility and efficacy.” As a refresher, the FCPA Pilot Program sets out the DOJ’s expectations of how a company should manage an FCPA investigation and the potential rewards, including significant reductions in criminal fines if a company chooses to follow the DOJ’s guidance. The guidance states that the DOJ expects companies to: (i) voluntarily disclose the wrongful conduct to the DOJ in a timely manner; (ii) fully cooperate with the DOJ over the course of the investigation; and (iii) if necessary, make the appropriate remedial efforts to ensure that the company prevents similar conduct from occurring again. If, over the course of the investigation, a company establishes that it has met the three requirements to the DOJ’s satisfaction, it “may” receive a 50% reduction off the bottom of the Sentencing Guidelines fine range, will “generally” not be directed to appoint a monitor, and the DOJ will consider declining prosecution altogether (provided that the company disgorges all of the profits from the alleged scheme). The FCPA Pilot Program also states that if a company does not voluntarily disclose the wrongful conduct, it may still receive up to a 25% reduction from the bottom of the Sentencing Guidelines fine range. Overall, while its future may be in question, the DOJ’s frequent use of the FCPA Pilot Program over the past year indicates that the Department has viewed the Program as a boon to enforcement priorities. As then-Assistant Attorney General Leslie Caldwell remarked in November 2016, “[a]lthough I can’t share precise figures, anecdotally we’ve seen an uptick in the number of companies coming in to voluntarily disclose potential FCPA violations.” Indeed, over the course of 2016 and 2017, the DOJ has made a not-so-subtle push to promote the Pilot Program, publically announcing declinations in seven different cases (Akamai, Nortek, Johnson Controls, NCH, HMT, Linde, and CDM Smith). Furthermore, we understand that the DOJ has confidentially issued several more declinations pursuant to the FCPA Pilot Program since April 2016. Given the above, we would be surprised to see the Department get rid of the FCPA Pilot Program any time soon. That said, as the DOJ debates the FCPA Pilot Program internally, the departure of Andrew Weissman as chief of the Fraud Section to join Special Counsel Robert Mueller’s investigation of alleged Russian meddling in the 2016 Presidential Election is bound to impact how DOJ officials view the Program going forward. Unofficially, the FCPA Pilot Program was the brainchild of Weissmann, and now, with the chief proponent of the Program no longer at the Fraud Section, the future of the Program rests with a series of recently appointed Department officials. For the reasons discussed above, we doubt that the DOJ will do away with the FCPA Pilot Program altogether; however, it is plausible that the recent Trump appointees could alter the program in a way that offers companies more guarantees of reductions in criminal sanctions or declinations in exchange for self-disclosure, cooperation, and remediation. Effective Internal Controls and Settlement Devices If the actions against Biomet and Orthofix stand for anything, they are reminders that if a company is the subject of an FCPA enforcement action, it is critical for the company to timely and effectively implement internal controls. It is not sufficient for a company to simply pay a criminal fine and wipe its hands clean of its other obligations. Biomet and Orthofix were the subjects of FCPA enforcement actions in 2012, through which the companies entered into resolutions that not only obligated them to pay millions of dollars in fines, but also to implement remedial measures concerning their FCPA compliance programs. Notwithstanding those obligations, the companies allegedly allowed several bribery schemes to continue well after 2012. Indeed, in the case of Biomet, company officials were able to circumvent internal controls so that the company could allegedly pay bribes to foreign officials through the very same Brazilian distributor that gave rise to some of the charges in 2012. Enforcement agencies’ increased scrutiny of whether companies are adhering to their enhanced compliance program obligations following an FCPA enforcement action is similarly apparent with the recent disclosure by Bilfinger that the DOJ had extended its deferred prosecution agreement with the company, following Bilfinger’s 2013 FCPA enforcement action. According to a statement by the company in April 2017, while “U.S. authorities believe we are taking the right steps regarding compliance . . . the maturity of the compliance system has not yet reached the desired level.” As the number of FCPA enforcement actions have slowly increased over the past decade, it may not be surprising that the DOJ and the SEC are paying closer attention to their past FCPA enforcement resolutions to ensure that companies are satisfying their obligations. Recent Trends and Patterns in FCPA Enforcement 12 Biomet, Orthofix, and now Bilfinger demonstrate that the timely and effective implementation of corporate compliance programs is just as important to enforcement agencies as the criminal fine. Third-Party Due Diligence With the exceptions of SQM, Linde, and CDM Smith, all of the 2017 corporate enforcement actions to date involved an alleged bribery scheme that utilized third-party distributors or consultants. While the use of third-party intermediaries to funnel bribes is not a novel concept, the DOJ’s and SEC’s emphasis on these types of bribery schemes in 2017 shows that enforcement agencies continue to believe that third-party due diligence is a fundamental part of effective compliance programs. Indeed, in the cases of Mondelez and Las Vegas Sands, neither the DOJ nor the SEC alleged that the companies had paid bribes to foreign officials. Instead, the mere fact that the company paid money to a third-party, without knowing how the third-party would use the funds, was sufficient to trigger liability under the accounting provisions of the FCPA. While the DOJ and the SEC under the Trump administration may shy away from pursuing FCPA accounting provision violations as aggressively as they did under the Obama administration, the need to ensure that companies can adequately check and confirm that their third-party partners are not improperly using funds will always be a critical element of FCPA compliance. Unusual Developments The Trump Effect As we noted in past Trends & Patterns, in a single interview several years ago then-businessman Donald Trump made his dislike for the FCPA known and caused many to question what the future would hold for the statute. Now, nearly six months into the Trump administration’s term, as explained below, that effect may not be what many would have expected. Flurry of Activity in Late 2016 and Early 2017 In the 75-day period between the President Trump’s election and his inauguration, the DOJ and the SEC resolved ten corporate enforcement actions and filed charges against twelve individual defendants. While there is always an uptick in FCPA enforcement actions towards the end of each year as prosecutors attempt to close out their cases, there is little doubt that the incoming Trump administration was an added impetus for prosecutors to move quickly. Indeed, we typically see a sharp drop off in the number of enforcement actions just after the New Year; however, the rate at which the DOJ and the SEC announced FCPA enforcement actions continued steadily up until Inauguration Day. Since January 20, the SEC has brought new charges against only two individuals—Michael Cohen and Vanja Baros—for their involvement in the 2016 FCPA enforcement action against Och-Ziff, and the DOJ has issued two declinations with disgorgement against Linde and CDM Smith in June 2017. Whether unfounded or not, the flurry of activity just before President Trump’s inauguration and the subsequent drop-off appears to be an indication of how fearful prosecutors were that the incoming administration would hamper enforcement efforts. Despite DOJ and SEC Departures, New Appointees Signal Continuity Another noteworthy effect of Trump’s election on the DOJ and the SEC has been the slew of departures of enforcement officials, leaving a void that could allow Trump appointees to shape the enforcement agencies’ approach to FCPA enforcement going forward. Indeed, with a few exceptions, nearly all of the officials responsible for shaping FCPA enforcement policy at the DOJ and the SEC have left the agencies following Trump’s election. Notwithstanding the fears that a Trump administration would fundamentally change the FCPA, to date, Trump’s appointees have expressed a continued commitment to FCPA enforcement. At the DOJ, both Attorney General Jeff Sessions and then-Acting Deputy Assistant Attorney General Trevor McFadden9 publicly confirmed that the DOJ would continue to enforce the FCPA. Likewise, SEC 9 Trevor McFadden has since been nominated to become a federal judge at the U.S. District Court for the District of Columbia. Recent Trends and Patterns in FCPA Enforcement 13 Chair, Jay Clayton—once a critic of the DOJ’s and the SEC’s FCPA enforcement policies—has since called the FCPA a “powerful and effective tool” and stated that fighting corruption involving companies and foreign governments is an “important governmental mission.”10 Ultimately, we will have to see whether the appointees’ rhetoric stands up to scrutiny. Indeed, as mentioned above, following the Presidential inauguration, there has been little activity in the FCPA space by the DOJ and the SEC. While a lag in enforcement activity caused by the changing administrations is not surprising, the longer the period of inactivity, the more we will have to wonder whether President Trump’s apparent disdain for the FCPA is negatively impacting enforcement of the statute. Supreme Court Limits SEC’s Authority to Pursue Disgorgement On June 5, 2017, the Supreme Court issued its long-awaited decision in Kokesh v. SEC where it held, in a 9-0 opinion authored by Justice Sotomayor, that the five-year statute of limitations set forth in 28 U.S.C. § 2462 applied to the SEC’s claims seeking disgorgement. Prior to Kokesh, the SEC had taken the position that the five-year statute of limitations only applied to “action[s], suit[s] or proceeding[s] for the enforcement of any civil fine, penalty, or forfeiture” and did not encompass the equitable remedy of disgorgement. The SEC’s reading of 28 U.S.C. § 2462 enabled the Commission to impose massive disgorgement requirements on defendants— particularly in FCPA enforcement actions. Below we set out the facts surrounding Kokesh and what the decision could mean for future FCPA enforcement. In 2009, the SEC brought an enforcement action against Charles Kokesh, alleging that Kokesh violated various securities laws by concealing the misappropriation of $34.9 million between 1995 and 2009. Following a trial, in which a jury determined that Kokesh had, in fact, violated the law, the district court ordered Kokesh to disgorge the entire $34.9 million after concluding that 28 U.S.C. § 2462’s five-year statute of limitations did not apply to disgorgement. On appeal to the Tenth Circuit, Kokesh argued that the district court’s order violated 28 U.S.C. § 2462 because disgorgement was precisely the type of penalty that fell within the meaning of the statute. As a result, Kokesh claimed that he could only be ordered to disgorge the funds that he misappropriated within five years of the SEC’s suit—approximately $5 million. The Tenth Circuit disagreed and affirmed the district court’s ruling. The Supreme Court reversed, holding that disgorgement was, in fact, a penalty to which the five-year statute of limitations must apply. Specifically, the Court explained that where the disgorgement sought was to remedy a public wrong (as opposed to a wrong against an individual) and was imposed for punitive purposes (rather than compensating an individual victim), it would treat the disgorgement as a penalty. The implications of Kokesh on FCPA enforcement are potentially significant. First, the decision may prompt the SEC to abandon any ongoing investigations where the conduct in question falls outside the five-year statute of limitations period and, at a minimum, will require the SEC to accelerate its charging decisions to ensure that the Commission can now satisfy the disgorgement requirements of 28 U.S.C. § 2462. While the SEC could still bring actions to obtain remedial relief such as injunctions and monitors beyond five years, it seems unlikely that it would choose to use its resources where there was no chance at a monetary sanction. Second, Kokesh will almost inevitably factor into companies’ decisions of whether to voluntarily disclose misconduct. In theory, although not advisable, a company could withhold information regarding misconduct from the SEC until the statute of limitations period expired to avoid liability. We would caution, however, that if a company were to do so, it could still be subject to severe criminal penalties. Unlike 10 On June 8, 2017 the SEC announced that Jay Clayton’s former partner in private practice, Steven Peikin, a former Assistant U.S. Attorney in the Southern District of New York, was selected to be co-Director of the SEC’s Enforcement Division. As we have noted previously, given Commissioner Clayton’s relatively little experience in enforcement, he may defer to his heads of Enforcement concerning the types and scope of enforcement actions the SEC brings in the FCPA arena. See Shearman & Sterling LLP, Jay Clayton Nomination as SEC Chair and its Impact on the Commission’s FCPA Enforcement Priorities (available at http://www.shearman.com/en/newsinsights/publications/2017/01/impact-of-jay-clayton-nomination-as-sec-chair). Recent Trends and Patterns in FCPA Enforcement 14 the rule in Kokesh, criminal conspiracy law permits the government to seek penalties based on profits realized over the entire life of the conspiracy provided that at least one overt act occurs within the limitations period. Third, while the SEC is now more likely to press for companies to waive the statute of limitations during pre-enforcement negotiations, it remains possible that the Commission could radically reshape its approach to disgorgement to avoid 28 U.S.C. § 2462. In Kokesh, the Court treated disgorgement as a penalty within the meaning of 28 U.S.C. § 2462 in large part because the funds were ultimately paid to the U.S. Treasury and not the victims of the crime. However, the SEC is entirely capable of structuring a disgorgement sanction such that the funds go to the victims of the crimes—even in FCPA cases where the victims of corruption—the citizens and taxpayers of a foreign country—are inherently diffuse. Take the case of Giffen as an example. In Giffen, an American businessman allegedly engaged in a scheme to pay bribes to the president and other officials of Kazakhstan, according to the indictment. Following Giffen’s guilty plea to having made certain corrupt gifts to Kazakh officials, the DOJ seized funds that had been deposited into the Swiss bank accounts of Kazakh officials through a forfeiture action and agreed with the Swiss and Kazakh governments that the funds would be deposited into a World Bank trust fund to oversee the conveyance of the funds to poor Kazakh children and other philanthropic efforts. Although this was perhaps a unique situation, it provides a possible model by which the SEC could characterize disgorgement as restitution rather than punishment. Finally, as a parting note, the timing of Kokesh is particularly interesting in light of the recent settlements in the SEC’s ongoing case against the Magyar executives. In 2012, the Magyar executives sought an interlocutory appeal of the court’s decision to deny the defendant’s motion to dismiss, arguing that under that the misconduct underlying the Commissions’ case fell outside the five-year statute of limitations set out in 28 U.S.C. § 2462 and that a reversal of the district court’s decision would bring a swift end to the case. Ironically, Judge Sullivan denied the request, in part, on the grounds that “even if reversal would eliminate the SEC’s claim for civil penalties, the claims for disgorgement and injunctive relief would still survive.” Following Kokesh, the Magyar executives would have seemingly had a case to argue that the SEC could no longer pursue its claims for disgorgement (or civil penalties for that matter) against them. However, because the three defendants settled before the Supreme Court announced Kokesh, the Commission may have very well dodged a bullet. Private Litigation While there are a number of civil lawsuits stemming from FCPA enforcement actions and investigations pending in the U.S. courts, the most interesting of these cases over the past six months has been the whistleblower retaliation suit of Sanford Wadler against his former employer, Bio-Rad. In November 2014, Bio-Rad Laboratories, a medical diagnostics and life sciences manufacturing and sales company based in California, resolved an FCPA enforcement action for allegedly bribing foreign officials in Russia, Vietnam, and Thailand. As a result of the enforcement action, Bio-Rad paid $55 million in criminal and civil penalties. Sanford Wadler, Bio-Rad’s General Counsel, claimed that following the 2014 FCPA Enforcement Action, he began investigating evidence of potential FCPA violations in China and accused the company of “stonewalling” his efforts. Wadler stated that during the investigation, he uncovered evidence of a bribery scheme but could not perform a proper audit because the company prevented him from obtaining the documents he needed. After nearly two years of submitting requests for documents, Wadler blew the whistle and presented a memo which reported the potential FCPA violations to Bio-Rad’s audit committee. According to Wadler, shortly after informing the audit committee of his findings, the company fired him. Wadler filed suit in May 2015 and proceeded to trial in February 2017. During the week-long trial, Bio-Rad claimed that Wadler’s firing had nothing to do with the ongoing FCPA investigation but rather, was due to a pattern of abusive and incompetent conduct. According to Bio-Rad, Wadler was “asleep at the wheel” when the conduct giving rise to the company’s 2014 FCPA enforcement action took place and that “[h]e had to go from being an FCPA slacker to an FCPA whistleblower.” Bio-Rad added that Wadler “conducted absolutely no due diligence or review before making these reports to the audit committee” and that “[w]ithout consulting experts, he went ahead and made serious FCPA allegations when he knew nothing about the FCPA and nothing about China.” Recent Trends and Patterns in FCPA Enforcement 15 After three hours of deliberation, the jury found that Wadler had reasonably thought that Bio-Rad had violated the FCPA through its operations in China and that Sarbanes-Oxley protected Wadler’s report to the audit committee. The jury also found that Bio-Rad would not have terminated Wadler had he not reported his allegations to the audit committee. As a result, the jury awarded Wadler $2.96 million in lost wages plus $5 million in punitive damages. While we have seen whistleblower cases in the past, the Wadler case is a reminder that companies have to take whistleblowers seriously. In cases where employees raise genuine concerns over potential FCPA risks, companies must carefully manage the allegations. Ignoring employees’ concerns—even if unfounded—and, even worse, firing an employee who felt obligated to report his or her findings up the chain of command, only exposes a company to potential legal liability. In the case of Bio-Rad, the company’s failure to carefully manage and address Wadler’s concerns only added insult to injury after the company’s 2014 FCPA enforcement action. Enforcement in the United Kingdom SFO – English High Court Clarifies Extent of Litigation Privilege in Internal Investigations In our January edition, we discussed the December 2016 decision in The RBS Rights Issue Litigation11 in which the High Court ruled that notes and summaries prepared by counsel of employee and ex-employee witness interviews do not attract legal advice privilege, and considered how—when taken together the SFO’s stated public approach to privilege—corporations and their legal advisers ought to conduct internal investigations. Despite the SFO’s assertions that “substantively there isn't even a cigarette paper between” its and the DOJ’s respective approaches to resolving investigations or prosecutions, we considered that the SFO, in fact, has been taking a different approach. Our view has been reinforced by the SFO’s recent success in challenging an assertion of litigation privilege over certain documents created as part of an internal investigation into alleged corruption, which is the latest example of the SFO’s increasing appetite to challenge claims to legal professional privilege. In Serious Fraud Office v Eurasian Natural Resources Corporation Ltd, 12 the High Court held that several classes of document, which ENRC had produced in the course of an internal investigation, did not attract litigation privilege and so were not protected from disclosure. Breaking new ground, the Court held that prosecution—i.e., litigation—“only becomes a real prospect once it is discovered that there is some truth in the accusations, or at the very least that there is some material to support the allegations of corrupt practices.” Consequently, the Court held that documents created during the course of an internal investigation will only attract litigation privilege once there is a real prospect of a prosecution—i.e., when “the prosecutor is satisfied that there is a sufficient evidential basis for prosecution and the public interest test is also met.” The Court also rejected ENRC’s contention that the SFO’s criminal investigation into its conduct should be treated as adversarial litigation for the purposes of attracting litigation privilege. Instead, the Court considered that an SFO investigation is “a preliminary step taken, and generally completed, before any decision to prosecute is taken . . . . Such an investigation is not adversarial litigation.” We understand that ENRC is appealing this decision. Nevertheless, this judgment, when taken together with The RBS Rights Issue Litigation judgment, raises real concern that documents which may be privileged in one jurisdiction, such as the U.S., may have to be disclosed in another. To assist in any future claim to litigation privilege, we recommend that corporates: (i) maintain a record—and, if appropriate an analysis— of all communications with, and actions taken by the SFO (this will be of use if and when subsequently there is a need to determine when adversarial proceedings came into prospect); and (ii) maintain a record, or otherwise document, the purpose for which particular 11  EWHC 3161 (Ch). For a further discussion of this case, you may wish to refer to our prior client publication, Shearman & Sterling, High Court Rules That Witness Interview Notes Are Not Covered by Legal Advice Privilege. 12  EWHC 1017 (QB). Recent Trends and Patterns in FCPA Enforcement 16 documents are produced (this will assist in asserting that a document or class of documents were created for this dominant purpose of the litigation). SFO Update – Third and Fourth UK DPAs Approved On January 17, 2017, the English High Court approved the UK’s third DPA between the SFO and Rolls-Royce Plc and Rolls-Royce Energy Systems Inc. Rolls-Royce had engaged in various bribery and corrupt activities (including failing to prevent bribery) in China, India, Indonesia, Malaysia, Nigeria, Russia, and Thailand over twenty-four years in relation to its civil aerospace, defence aerospace and its former energy businesses. Rolls-Royce was faced with twelve charges: one count of false accounting between March 2005 and September 2009; six counts of conspiracy to corrupt between January 1989 and December 2009; and five counts of failing to prevent bribery between July 2011 and November 2013. Allegations of Rolls-Royce’s conduct first surfaced in 2012 when concerns about the company’s civil aerospace business in China and Indonesia were posted on the internet. Once it became aware of the posts, the SFO asked Rolls-Royce to provide it with information and the company immediately commenced an internal investigation, during which it uncovered further issues in the three business areas. In December 2013, the SFO started its criminal investigation into Rolls-Royce’s activities. Under the terms of the DPA13—which will expire on January 17, 2022—Rolls-Royce is required to pay £258,170,000 in disgorgement of gross profits, together with a financial penalty of £239,082,645 and the SFO’s costs of £13 million. In respect of the financial penalty, the Court applied harm multiplier figures ranging from 250% to 400% as against each of the twelve counts, totalling £478,165,290. However, the Court considered that, under the circumstances, a 50% discount was appropriate given Rolls-Royce: (i) had entered an early guilty plea (resulting in a 33% discount); and (ii) had “demonstrated extraordinary cooperation” with the SFO. The level of Rolls-Royce’s cooperation satisfied the Court that, in the circumstances, a further discount of 16.7% (taking the total discount to 50%) was justified. Given that the SFO’s investigation was not triggered by Rolls-Royce self-reporting, it may seem at first glance surprising that the SFO offered a DPA and that the Court agreed to permit it. Indeed, the Court’s initial reaction when it first considered the SFO’s request to approve the DPA was that if Rolls-Royce “were not to be prosecuted in the context of such egregious criminality over decades, involving countries around the word, making truly vast corrupt payments and, consequentially, even greater profits, then it was difficult to see when any company would be prosecuted.” However, the SFO advanced the case that the nature and extent of Rolls-Royce’s cooperation had been extraordinary such that, in the particular circumstances of the case, the Court “should not distinguish between its assistance and that of those who have self-reported from the outset.” On reflection, the Court considered the following countervailing factors as supporting the case for approving the DPA: Co-operation: the Court was satisfied that, from the moment the SFO first asked questions of Rolls-Royce in 2012, the company “could not have done more to expose its own misconduct, limited neither by time, jurisdiction or area of business.” Prior Conduct: there was nothing to suggest that Rolls-Royce previously had been implicated in corrupt activities. Corporate Compliance: (i) in 2013, Rolls-Royce had appointed an independent corporate compliance expert to conduct an independent review of its ethics and compliance procedures; (ii) the company had taken various steps to enhance those procedures, including recruiting experienced compliance personnel in key positions (e.g., Head of Risk and Head of Compliance) as well as Local Ethics Advisers; (iii) Rolls-Royce reviewed 250 intermediary relationships and suspended 88 of them; and (iv) as a result of its internal investigation, the company took disciplinary action against 38 employees in its Civil 13 Which can be found at Deferred Prosecution Agreement - SFO v Rolls-Royce. Recent Trends and Patterns in FCPA Enforcement 17 Aerospace, Energy, and Marine divisions, resulting in the dismissal of 6 employees, the resignation of a further 11, with others being sanctioned. Change of Culture and Personnel: none of Rolls-Royce’s board or senior management were implicated in the misconduct or otherwise held positions where they should have been aware of the company’s culture and practices. The Court “highly commended” Rolls-Royce's Board for all that the company had done since 2012. The Impact of Prosecution: the Court considered that a conviction would “undeniably affect [Rolls-Royce’s ability] to trade in the world where…it is a world leader and has a reputation for excellence...[and] it is not difficult to visualize that the direct losses to revenue which would be caused by debarment” from public procurement contracts (which represent around 30% of the company’s business), exclusion from other contracts and reduced R&D. Debarment and exclusion would “clearly have significant, and potentially business critical, effects” on the company's financial position, which could result in a very negative share price impact and more serious impacts on shareholder confidence, future strategy and, by extension, the company’s long-term viability. The Court also considered that these repercussions could impact on third parties, including: (i) adversely affecting the UK’s defence industry, to which Rolls-Royce supplies engines, nuclear propulsion technology and aftermarket services; (ii) consequential financial effects on the supply chain; (iii) impairment of competition in highly concentrated markets; and (iv) possible group-wide redundancies and possible weakening for Rolls-Royce’s financial covenant for pensions. Nevertheless, the Court stated that the “national economic interest is irrelevant” as a factor in deciding whether to allow the DPA as was any suggestion that a company in Rolls-Royce’s position is immune from prosecution—“it is not.” Cost-Saving: the Court agreed that approving the DPA would “avoid the significant expenditure of time and money which would be inherent in any prosecution.” Incentive to Others: the Court also considered that approving the DPA would be likely to incentivise the exposure and selfreporting of misconduct by organisations in a similar position to Rolls-Royce. The English High Court approved the UK’s fourth DPA on April 10, 2017. The DPA is between the SFO and Tesco Stores Limited (“TSL”), a subsidiary of the UK supermarket giant Tesco Plc. This is the first UK DPA which does not relate to bribery offences, but arises out of TSL’s false accounting practices. The SFO initiated its investigation into Tesco following allegations against TSL of false accounting between February and September 2014. Tesco subsequently admitted that, in a trading statement published on August 29, 2014, it had overstated its profits by £326 million. Under the terms of the DPA (which, for reasons explained below, has not been made public) TSL is required to pay a financial penalty of £129 million, together with the SFO’s legal costs. The DPA relates only to TSL’s potential criminal liability and does not address whether liability of any sort attaches to Tesco or any current or former employee or agent of Tesco or TSL. In addition to the financial penalty under the DPA, Tesco has agreed with the UK Financial Conduct Authority (“FCA”) that it will pay a further £85 million in compensation to Tesco’s investors who were adversely affected by the false trading statement, as part of the FCA’s compensation scheme. Tesco will also pay the FCA’s associated legal costs. Because of the SFO’s and FCA’s investigations into Tesco and TSL, Tesco will pay a total of £235 million in penalties, compensation, and legal costs. The SFO has charged three former TSL executives—Carl Rogberg, Christopher Bush, and John Scouler—in relation to this affair. Each has been charged with one count of Fraud by Abuse of Position, contrary to sections 1 and 4 of the UK Fraud Act 2006, and one count of Recent Trends and Patterns in FCPA Enforcement 18 False Accounting, contrary to section 17 of the UK Theft Act 1968. All three have pleaded not guilty and the trial is scheduled to commence on September 4, 2017. In order to prevent prejudicing the trial, the Court has imposed reporting and publication restrictions on: (i) the DPA itself; (ii) the statement of facts in support of the DPA; (iii) any report of the hearing at which the DPA was approved; and (iv) the Court’s reasons for approving the DPA. The restrictions will remain in force until after the conclusion of the trial. This is the first time reporting restrictions of this nature and extent have been imposed on an approved UK DPA. In July 2016, the English Court approved and published the UK’s second DPA between the SFO and a UK SME, referred to only as “XYZ Ltd” as reporting restrictions prevented the disclosure of the company’s name due to ongoing and related criminal proceedings. The first three UK DPAs differed markedly from one another, not only in terms of the factual context, offences committed and quantum, but also as regards the Court’s reasons for approving each of those DPAs, and the calculation and rationale for the quantum of the disgorgements and financial penalties. Until the reporting restrictions are lifted, and TSL’s DPA and the Court’s reasons are published, it remains to be seen whether TSL’s DPA breaks any new ground (and, if so, how) and whether there are any lessons to be learned from TSL’s experience. Conclusion The clear takeaway from the first half of 2017 has been the uncertainty about what effect, if any, the Trump administration is going to have on FCPA enforcement. It is not insignificant that the DOJ and the SEC brought over a dozen enforcement actions to a close in the final weeks of 2016 and first three weeks of 2017, which suggests that at least some individuals inside these agencies feared that there would be serious changes to the approach taken by the agencies. We do not want to rush to any conclusions only five months into an administration which has been slower than most to find its footing and fill key agency positions. Nonetheless, with only one enforcement action having been brought since Trump took office, there is building circumstantial evidence that a change in the FCPA enforcement strategy taken by the DOJ and the SEC may be underway. Only time will tell whether this is truly the case. Recent Trends and Patterns in FCPA Enforcement 19 If you wish to receive more information on the topics covered in this publication, you may contact your regular Shearman & Sterling contact person or any of the following: Philip Urofsky Washington, DC +1.202.508.8060 firstname.lastname@example.org Danforth Newcomb New York +1.212.848.4184 email@example.com Stephen Fishbein New York +1.212.848.4424 firstname.lastname@example.org Patrick D. Robbins San Francisco +1.415.616.1210 email@example.com Paula Howell Anderson New York +1.212.848.7727 firstname.lastname@example.org Mark D. Lanpher Washington, DC +1.202.508.8120 email@example.com Jo Rickard London +44.20.7655.5781 firstname.lastname@example.org Masahisa Ikeda Tokyo +03.5251.1601 email@example.com Brian G. Burke Shanghai +86.21.6136.5000 firstname.lastname@example.org Robert Ellison São Paulo +55.11.3702.2220 email@example.com Susanna Charlwood London +44.20.7655.5907 firstname.lastname@example.org 599 LEXINGTON AVENUE | NEW YORK | NY | 10022-6069 | WWW.SHEARMAN.COM Copyright © 2017 Shearman & Sterling LLP. Shearman & Sterling LLP is a limited liability partnership organized under the laws of the State of Delaware, with an affiliated limited liability partnership organized for the practice of law in the United Kingdom and Italy and an affiliated partnership organized for the practice of law in Hong Kong.