Please click here to view video.
Latin American countries continue to be a source of potentially lucrative investment opportunities for U.S. and multinational corporations. At the same time, operating in Latin America may present corruption-related challenges under the U.S. Foreign Corrupt Practices Act.1 Identifying corruption under the FCPA, however, is often not as easy as catching culprits in a red-handed exchange involving envelopes teeming with cash. Rather, symptoms of these issues are often identified through commonly observed violations of the FCPA’s books-and-records and internal-controls provisions.2
This article highlights 10 red flags related to the FCPA’s accounting provisions, as well as enforcement actions undertaken by the U.S. Securities and Exchange Commission and U.S. Department of Justice for conduct occurring in the region. Although these red flags are not exhaustive, they may help serve as a guide to evaluating risk under the FCPA while operating in high-risk Latin American markets.
Books-and-Records Red Flags
First, we have identified five common warning signs related to the FCPA’s books-and-records provision. The books-and-records provision requires companies to “make and keep books, records, and accounts” that “accurately and fairly” reflect its transactions and to “devise and maintain a system of internal accounting controls.”3 There are several ways in which companies may come up short:
1. Inadequate Supporting Documentation
Problematic recordkeeping is a common red flag for potential FCPA accounting violations. One key to maintaining proper books and records is ensuring that transactions are supported by complete documentation.
There is a wide spectrum of issues that may be encountered with supporting documentation for transactions. Sometimes, it is as simple as incomplete forms. In other instances, companies may make large payments that are supposedly “consulting fees” without attaching documents that show work was done. This potential violation may also involve vendor documents, such as invoices or bills of lading, where the address used was fake, a residential home, or simply vacant.
These types of violations appear to be on the government’s radar, as shown by recent enforcement actions involving instances where improper payments were disguised as legitimate transactions using inadequate or falsified supporting documentation. Last August, Vicente E. Garcia, a former software executive, pleaded guilty to conspiracy to violate the FCPA for allegedly using “sham contracts” and “false invoices” to disguise bribes to Panamanian officials.4
2. Misreporting Payments
A second way for noncompliant employees to pass off improper payments as legitimate is by mischaracterizing or misreporting transactions. Transactions recorded in cost accounts which are not product-related (e.g., commissions, employee advances, travel and entertainment, marketing or “other”) may be analyzed to identify such transgressions. Improper payments may be misclassified under such accounts.
This warning signal seems to appear often in Latin America-focused actions by government agencies. For example, former top executives at brokerage firm Direct Access Partners, who were charged by the SEC and DOJ in April 2014, had disguised reimbursements for bribes paid to an executive at a state-owned Venezuelan bank out of their and other employees’ personal funds.5
Executives at aerospace corporation Embraer SA similarly concealed bribes to a Dominican official by booking them as consulting fees in a separate transaction that never happened. These executives now face criminal charges by the Brazilian government, at the same time that Embraer is subject to an ongoing investigation in the United States.6
Another example of this issue can be found in a March 2016 settlement between the SEC and Novartis AG for $25 million.7 Novartis’ subsidiary allegedly made improper payments to induce foreign officials to prescribe or recommend Novartis products, which were then falsely recorded as legitimate selling and marketing costs in its books.
3. Transactions Lacking a Business Purpose
Another method for making potentially improper payments is the provision of benefits to nonemployees without a legitimate business purpose. This may include holiday gifts, extravagant entertainment, travel expenses for family members, or even extended visits or tours added on to “business trips.” In order to win government contracts, Dallas Airmotive Inc., an aircraft engine service provider, allegedly provided Latin American officials with vacations and other benefits and faced a $14 million criminal penalty.8
In fact, one need look no further than Operation Car Wash, the largest corruption scandal in Brazil’s history — and perhaps the largest bribery scandal in modern times.9 Officials at Brazil’s state-owned oil company, Petrobras, allegedly received inappropriate or extravagant gifts and inappropriate benefits of all kinds, from Rolex watches to $3,000 bottles of wine, and from yachts to prostitutes.10
4. Off-the-Books Records or Transactions
Companies should also be on the lookout for activity which is “off the books,” a possible indicator that something improper may be hidden. Common examples of this in Latin America are debt that is not recorded on a balance sheet, reconciliations reflecting inflated sales, and fictitious inventory.11 These “off-the-books” transactions can be used to hide improprieties or obscure the actual financial performance of a company.
An example of this misconduct is the December 2010 charge against French telecommunications company Alcatel-Lucent SA for paying bribes to win business in Honduras, Costa Rica and elsewhere. To hide these payments, Alcatel’s subsidiaries allegedly either improperly recorded them as consultant fees or simply left them “undocumented.”12 Alcatel paid more than $137 million in the settlement.
5. Pricing Discrepancies
Large differences in pricing — especially when prices do not match a written agreement — are another sign of potentially improper transactions. Excess funds resulting from large discounts, premium charges, or commissions might be used for bribes.
For example, as Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit, explained, Garcia, the software executive, “falsified internal approval forms and disguised his bribes as discounts.”13 Similarly, in April 2016, the SEC entered into settlements with seven individuals for their alleged roles in the kickback scheme involving Direct Access Partners described above; the funds for the improper payments were procured in part through large markups and markdowns.14 As the FCPA guide notes, companies should be wary of large commissions provided to sales agents or discounts to distributors.15
Red Flags for Internal-Controls Violations
Beyond simply prohibiting bribes and requiring proper books and records, the FCPA requires that companies devise and maintain a system of internal controls. Below are five potential indications of violations of the FCPA’s internal-controls provision.
6. Override of Internal Controls
Regulators continually emphasize that an effective compliance program is only as strong as the response of and adherence by company management. As Stephen L. Cohen, associate enforcement director of the SEC, urged in October 2013, “A strong compliance and ethics program must start with proper governance, including a tone at the top built on actions rather than words.”16 Internal controls which are ignored by management are meaningless in the eyes of government regulators.
To that end, it is a troubling red flag when management or others override or intentionally circumvent established internal controls. For instance, management might approve manual expense reports without sufficient documentation or change prices for customers outside of a company’s enterprise system. Further, payments may be made outside of the general ledger system or multiple payments may be made to the same third party which are just below established mandatory review amounts.
It appears that regulators are focused on this red flag, as shown by recent actions and investigations. For example, Embraer’s executives allegedly recorded bribes paid to a middleman as consulting fees in an effort to get around its compliance department, which had originally prevented the full transfer of the bribes.17
7. Inadequate Screening of Third Parties
One key to developing an effective compliance program is implementing controls to ensure proper oversight over third parties, including a third-party due diligence program. Without a program to screen third parties for legitimacy, a company may be paying vendors or agents that pay bribes, circumvent import and export laws, or even do not exist.
A due diligence program should identify whether a prospective third-party business partner does business with or is a government official, in order for a company to understand the level of FCPA risk. The FCPA covers payments to a much broader group than what is customarily considered government officials. For instance, employees of public medical facilities — which are common in Latin America — are considered by SEC and DOJ to be foreign officials.18 Reviewing and categorizing payment recipients to identify employees of state-owned medical facilities in Latin America are important ways for a company to oversee its third-party business partners.
An inadequate due diligence program can have substantial FCPA risks. According to Brockmeyer, a company cannot “possess a ‘check the box’ mentality when it [comes] to third-party due diligence” or “simply rely on paper-thin assurances by employees, distributors, or customers.”19
8. Failure to Internally Assess Compliance Programs
A core aspect of developing a comprehensive system of effective anti-corruption internal controls and policies is a risk assessment to determine whether the controls are adequate.20 Many of the FCPA issues identified in this article occurred not because companies lacked good policies on paper but, rather, because the companies’ employees or third-party partners did not have an awareness of, and an emphasis and structure to ensure, FCPA compliance.
An internal-control failure could subject a company to substantial financial consequences. Tyson Foods Inc. entered into a multimillion-dollar settlement in 2011 for, according to the SEC, its “lax system of internal controls that failed to detect or prevent” illegal payments to government-employed inspection veterinarians in Mexico.21 Financial consequences may involve not only direct penalties, but also requirements to implement extensive new compliance initiatives and years of engaging a third party to act as a compliance monitor.
9. An Inadequate Internal Audit Program
A rigorous self-monitoring program, including a robust internal audit function, is a crucial part of a system of effective internal accounting controls. A company’s internal audit team should test transactions and supporting documentation, and follow up on negative findings. In order to be equipped to address anti-corruption risks, a company’s internal audit team should be trained on the FCPA and other applicable anti-corruption laws.
The importance of self-monitoring is underscored by statements from the SEC. Brockmeyer has emphasized the importance of implementing internal controls to stop patterns of illegal payments to win business in Latin America and elsewhere, including detecting improper payments and gifts.22 It is important for companies to maintain an adequate internal audit function to detect and remediate corruption-related risks and issues.
10. Use of Shell Companies
Companies subject to the FCPA should also be wary of the use of shell companies by their Latin American subsidiaries. Shell companies can be another tool to facilitate “off-the-books” transactions, a red flag described above, which can include payments to foreign officials.
The recently released “Panama Papers” have turned a spotlight on this issue by providing examples of individuals, governments, and corporations (including ones in Latin America) using shell companies to hide assets from tax and regulatory authorities. While analysis of these documents is ongoing, to date more than 10 million released records from the Panamanian law firm Mossack Fonseca name over 200,000 anonymous offshore companies around the globe.23 Given the reality of conducting business in Latin America, it may be prudent for a corporation subject to the FCPA to require information on the beneficial owners of third parties to whom payments are made, depending on the type of company and its interactions with other third parties.
It is clear that the U.S. government takes these risks seriously. One of the Direct Access executives who pleaded guilty allegedly paid kickbacks to a shell entity controlled by the Venezuelan official.24 Likewise, Terra Telecommunications Corp. paid almost $1 million to shell companies to be used for improper payments to officials at Haiti’s state-owned telecommunications company, leading to convictions of Terra’s former executives.25
The FCPA mandates that companies maintain accurate books and records and a robust system of internal accounting controls. While not as attention-grabbing as the anti-bribery provision, a company’s failure to deal with these 10 red flags could be a signal of — or result in — FCPA violations in Latin America and beyond. Even in the absence of charges related to the anti-bribery provision, the U.S. government continues to investigate and prosecute companies and individuals for violations of the accounting provisions of the FCPA as a result of their operations in Latin America.26
Given the region’s history and current risk profile, companies seeking to take advantage of business opportunities in Latin America should ensure they develop accounting processes and controls designed to reduce corruption-related risk and to identify and prevent red flags under the FCPA.
Republished with permission from Law360.