On September 15, 2022, GOL Linhas Aéreas Inteligentes S.A. (GOL), Brazil’s second largest domestic airline, resolved long-running parallel investigations by the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC).

The São Paulo-based company, whose shares are traded on the New York Stock Exchange, consented to a cease-and-desist order with the SEC finding that it violated the anti-bribery, books and records, and internal accounting controls provisions of the Foreign Corrupt Practices Act (FCPA), and entered into a three-year deferred prosecution agreement (DPA) with DOJ to settle criminal charges for conspiracy to violate the anti-bribery and books and records provisions of the FCPA. The company will collectively pay $41.5 million in fines to the federal agencies and pay an additional $3.4 million in penalties and restitution to Brazilian authorities.

According to court records, the bribery scheme took place between 2012 and 2013 and was spearheaded by a member of GOL’s board of directors. As part of the corrupt scheme, GOL paid $3.8 million to high-ranking Brazilian government officials to secure the passage of legislation that allowed GOL and other airlines to pay significantly less tax on revenues—between 1% to 3% tax—rather than a standard 20% tax. To pay these bribes, the director caused the company to enter into sham contracts with entities tied to the Brazilian officials. Each bribe was disguised as a legitimate expense on GOL’s books and, in all, GOL wrongfully obtained a tax savings of $39.7 million. The scheme itself had tangential jurisdictional links to the United States, including that a United States based messaging platform was used to transmit ephemeral messages using United States located servers, that a bribe was paid from a Bahamas incorporated company through the United States to a Swiss bank account, and that GOL made a SEC filing that falsely reported the bribe payments as sales and marketing expenses.

In the SEC press release announcing the resolution, the SEC’s FCPA Unit Chief, Charles Cain, described GOL’s internal accounting controls as being “particularly ineffective” and stated that the case “highlights the need for internal accounting controls that are effective for transactions initiated at all levels of an organization.” The SEC order underscored the company’s lack of proper controls, noting that the company’s procurement process was one that relied primarily on the GOL director for authorization and verification of certain services with little oversight or review. GOL’s internal accounting controls were also not adequately designed to reflect its corporate policy against making improper payments to government officials.

GOL reached resolutions with the agencies based on extensive cooperation with the agencies’ investigations, which included providing the facts obtained through the company’s internal investigation in a timely fashion, translating documents, testing thousands of transactions, and making current management widely available to the agencies, including individuals who needed to travel to the United States from abroad.

The company also promptly engaged in remedial measures by redesigning its company anti-corruption program, conducting a comprehensive risk assessment, creating a risk and compliance department, hiring a new chief compliance officer, and terminating its relationships with third parties that were involved in the misconduct. Notably though, GOL does not appear to have self-reported the misconduct and was still able to negotiate a DPA.

Despite the apparent lack of self-reporting, because of the company’s prompt remediation, DOJ did not impose an independent monitor as part of the DPA. However, to ensure GOL’s continued commitment to enhancing its compliance program, the DPA does require GOL’s Chief Executive Officer and Chief Compliance Officer to certify at the end of the DPA term that its “compliance program is reasonably designed to detect and prevent violations of the [FCPA] and other applicable anti-corruption laws throughout the Company’s operations.”

These parallel enforcement actions serve as a reminder that companies must continue to invest in and implement robust, tailored, and effective compliance programs. Fostering a culture of compliance in which all employees understand the importance of compliance and how to fulfill regulatory obligations is vital for mitigating bribery and corruption risks.